A concerning number of Banks have failed their web security tests

During a new Security/Privacy analysis audit, 65% of the major US banks have scored the poorest rankings. This audit was performed by non-profit Online Trust Alliance (OTA) Alliance which anonymously audited over one thousand different websites. Followed by a ranking on their security and privacy practices. Of course, none of the sites that were investigated knew that such a test would be performed on their websites and it was also performed anonymously.

The results of the audit prove to be extremely concerned for American bank users since 65% of the websites that belong to the major US bank institutions turned out to be scoring low in regards to their security measures and privacy protection. They also have the anti-award of most failing grades and least “Honor Roll” recipients in the Alliance’s Audit and Honor Roll website. “We look at the end-to-end user experience on the site: How secure is the data being held, what are their privacy policies and what do they do to protect users from fraud,” said Craig Spiezle, OTA founder and chairman. “We use the same tools that are available to anyone, including cyber criminals.”

In a more general aspect of the data, 52% of the thousand websites that were analyzed got qualified for the Honor Roll. To receive such a qualification, the website must score 80% or higher across three categories, which are Cosumer Protection, Security and Privacy. The fact that 52% of the sites got qualified is an improvement from last year, but only of 5%. “The internet economy runs on data,” Spiezle said. “If this data is not secure and users have negative experiences, this ultimately threatens the future growth and revenue potential of the internet.”

Banks in the US are compromised

Now, this is the part that will concern any user of online banking services, as 27% of the 100 largest banks in the country made the grade. Which is a decrease of 28% compared to last year. More concerning is the fact that. While the website security is moderately good (17% of failures), the same can’t be said about the E-Mail Security and Privacy, with 45% and 34% of failures each.

The American Bankers Association however, has questioned the results of this audit. So much so that Doug Johnson, VP of Payments and Cybersecuity policy of the ABA told the NBC that the institution takes Privacy and Security very seriously.  “It’s really all about trust. If we don’t have the trust of our customers, then we don’t have anything. We’ve always been looked at as a model for security, held out as a template for other sectors to abide by in terms of security.” Said Johnson, to probably clear out some concerns.

This can oftenly be taken as a sign of alarm to customers who use online banking as a source for their finances, so much so because customers can be hacked and have their funds drained from their accounts, along other concerning facts such as public data leaks and breaches. “Most of the serious intrusions are from dumb mistakes made by companies that are easily remediated by a consistent approach to managing access, security and looking for significant anomalies. Countermeasures are simple and effective such as air gaps, rate limiting, IP reputation, and improving identity management.” Said Phil Lieberman CEO of Lieberman Software in regards of bank security.

Trust and a top notch security system is a must in a digital age, however. Considering many of the issues regarding security and privacy, we’re far from reaching this vision. A lot is needed to be done in these situations.