« Painless patching | Main | Single point failures »

Online banking security (or lack of it)

Which? Computing magazine has just published a comparison of the leading UK banks' on-line security measures. The results are quite damning. Many top banks have failed to keep up with simple best practices that help to counter security threats from keylogging software.

But there's nothing new here. Banks might have plenty of valuable assets to protect but they've always been painfully slow in updating their security measures. What does come as a surprise, however, is the wide variation in methods used, which is remarkable for a sector with a 'herd mentality' selling identical services.

Bookmark and Share


Tags:

Posted by David Lacey on August 28, 2009 9:39 AM |

TrackBack

TrackBack URL for this entry:
http://www.computerweekly.com/cgi-bin/mt/mt-tb.cgi/63101

Comments (1)

Penetration Testing:

The story is a bit thin on detail as to the selection criteria. It seems heavily focussed on preventing keystroke capture, and some of them use pretty primitive approaches to prevent this. I think most of the "novel" approaches are more focussed on raising customer confidence rather than actually greatly improving security.

Posted by Penetration Testing | September 19, 2009 7:56 AM

Posted on September 19, 2009 07:56

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on August 28, 2009 9:39 AM.

The previous post in this blog was Painless patching.

The next post in this blog is Single point failures.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]