The non-profit Online Trust Alliance (OTA) Alliance anonymously audited more than 1,000 websites, ranking their security and privacy practices. None of the sites investigated knew about the test. It was found that websites run by some of the largest banks in the US had scored the poorest in the new security and privacy analysis audit on pc online banking.
“Look away now if you’re a pc online banking US customer, as only 27% of the 100 largest banks in the country made the grade. The figure represents a 28% drop from 2016. According to the OTA, the sector had been showing signs of improvement. Yet, due to “increased breaches, low privacy scores and low levels of email authentication,” things have slipped.”
This is not good news for those of us who use pc online banking and financial services. Given the uptick in ransom ware and other malware targeting the U.S. economic infrastructure, banking on line is becoming a risky proposition.
According to the OTA, the US digital banking sector had shown improvement, but due to “increased breaches, low privacy scores and low levels of email authentication,” many banks performed poorly. The American Bankers Association (ABA) has taken issues with the OTA’s results; Doug Johnson, the senior vice president of payments and cyber security policy at the ABA, stated in an interview with NBC that banks “absolutely take privacy and security very seriously.”
US banks fail security test. This is not good news for those of us who use pc online banking and financial services.
— The Telegraff News (@omilosimon) July 16, 2017
According to him, the analysis from OTA overestimates the number of banks that suffered data breaches in the past year. But it is worth noting that ABA itself suffered from a hack that resulted in a data breach in 2015.
The analysis from OTA comes just weeks after a study conducted by online privacy company eBlocker found ten of the top financial institutions operating in the U.S. have third-party trackers on their website that can record a surprising amount of information, including personal information typed into forms or even account balances.
Phil Lieberman, CEO of the US security company Lieberman Software, stated, “Most of the serious intrusions are from dumb mistakes made by companies that are easily remediated by a consistent approach to managing access, security and looking for significant anomalies. Countermeasures are simple and effective such as air gaps, rate limiting, IP reputation, and improving identity management.” He continued, “Other simple ideas like compartmentalisation, security classification of assets and access, and the management of privileged identities and access provide large ROI and reduction of losses.”
He continued, “Other simple ideas like compartmentalization, security classification of assets and access, and the management of privileged identities and access provide large ROI and reduction of losses.”
Lieberman added that there are simple, effective countermeasures available, including “air gap, rate limiting, IP reputation, and improving identity management.”
The drop off in security on financial websites comes as most sites are on the rise. Fifty-two percent of the 1,000 sites tested by OTA qualified for Honor Roll status, a five percent improvement from 2016.