How Secure Is Your Bank's Web Site?

TheStreet.com

More and more people are opting to do their banking at home from their computer over the Internet, rather than take a trip to their local bank branch. It makes a lot of sense: You save time getting to and from the bank, there is no waiting in lines, you save the cost of getting to the bank and back, and it makes the transactions a lot less stressful when you can do them when you want from home.

If you are doing your banking online, you need to take some extra precautions to protect yourself, according to a newly released study lead by professor Atul Prakash from the University of Michigan. The study found that of the 214 U.S. financial institution Web sites that were analyzed, 76% of them had at least one design flaw which could compromise your financial data.

More from TheStreet.com:

7 Counterintuitive Ways to Improve Finances

Tips for Selling or Buying a Car Online

Cash-Back Cards Aren't Money in the Bank

Unlike many studies that focus on the vulnerabilities of the coding of the Web sites, where hackers may be able to gain access to information, this study focused on design flaws of the banks' sites that made it easier for users to be tricked into giving up private information (phishing). The flaws include placing log-in boxes and contact information on insecure Web pages (47% of banks), putting contact information and security advice on insecure pages (55% of banks), redirecting customers to a site outside the bank's domain for certain transactions without warning (30% of banks), emailing security-sensitive information insecurely (31% of banks) and allowing easy-to-guess user IDs and passwords such as Social Security numbers or email addresses.

Before you place any financial information into a banking Web site, you should look for a number of visual clues, according to Tim Callan of Verisign, to make sure that you are on the actual Web page that you think you are. These visual clues will help you avoid giving sensitive personal finance information when the page is not deemed safe and secure:

Green address bar: If you are on a secure page, the Web address bar and the company's name should be highlighted in green (as opposed to the standard white) at the top of the browser. The green highlights are confirmation that the Web site has undergone extensive identity authentication so that you can be confident you are on the correct Web site and not a fraudulent Web site made to look like the real one.

URL starting with https://: Most Web addresses (or URLs) begin with "http://." If the site's Web address begins with an "s" after the "p" (https://), that means that the information you share on that page is encrypted, making it difficult for anyone to see what has been entered into the page. If the URL doesn't have the extra "s," it means that the page is not encrypted, and it's quite easy for someone with the know-how to gain access to the information.

You want to avoid entering any information that could be used to steal your identity (such as credit card numbers, your Social Security number or your mother's maiden name) into any Web page that doesn't begin with "https."

The padlock icon: Another way to confirm that you are on a secure and encrypted page is to look for a padlock icon somewhere in the browser you are using. All major browsers come with the padlock feature when displaying a secure page. When looking for the padlock, be sure that it is located in the browser interface and not within the content on the page itself. Those who are trying to trick you into giving up financial information sometimes place a padlock into the content on the page in hopes that this will make you believe that you are on a secure page, when you really aren't.

More from Yahoo! Finance:

Crunch Time

The Best (and Worst) Ways to Raise Fast Cash

Investor Plans, Like Election, Still Unsure

Visit the Banking & Budgeting Center

The correct Web address: Pay special attention to the Web site address you're on. Many fraudulent sites will do their best to make the address look similar to the real Web site's address in order to trick unsuspecting victims into thinking they're on the real site. Be suspicious of any site that includes an unknown domain in addition to the bank's name, either before or after it. "www.yourbankname.someurl.com" or "www.someurl.com/yourbankname" are both examples of Web addresses that should make you suspicious.

Trust marks: Bank Web sites will often contain popular "trust marks" which can indicate important information about that online business. Leading trust marks include the VeriSign Secured Seal (online security and verified site identity), eTRUST (customer data privacy), and the Better Business Bureau (business practices). If you look for these marks and understand what they represent, you will have a better indication of the trustworthiness of the Web site.

In addition to looking for the above visual clues, another simple but effective habit to get into is to never follow a link within an email to a financial institution. Even if it is truly from your bank, getting into the habit of always placing the bank's URL into your address bar rather than following an email link will ensure that you are not being tricked into going to a fraudulent Web site.

Understanding the differences between a secure and nonsecure page will ensure that you don't input sensitive personal finance information into Web pages where others may have access to the information.

Identity theft protection is ultimately your responsibility, so it's important to know when you are and are not on a page you can trust.

View Comments (0)