Majority of financial Web sites contain security flaws

Nine out of 10 financial and commercial Web sites contain security flaws that make then vulnerable to online hackers and phishing attacks, according to research by UK consultant Next Generation Security Software (NGS).

Be the first to comment

Majority of financial Web sites contain security flaws

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The white paper shows that 90% of the 100+ Web applications audited by NGS in the past year were potentially vulnerable to advanced phishing attacks. Furthermore, about a third of sites also contained flaws that could be used to access confidential customer information stored in back-end databases.

Phishing involves the use spam e-mail to direct computer users to fake Web sites in order to deceive them into giving over their personal financial data.

The study also found that many sites contained configuration errors that could be used to redirect customer data from a legitimate Web site to a fake one without the customer knowing.

Commenting on the study, Gunter Ollmann, professional services director at NGS, says: "There is so little vendor-neutral technical information about modern phishing threats. We were surprised at how naive many businesses are, and how poorly prepared they were for responding against phishing attacks targeting their own customers."

Direct losses from ID fraud against victims of phishing attacks cost US banks about $1.2 billion in 2003, according to recent research from Gartner.

Sponsored [New Impact Study] Microservices Architecture: Future-Proofing Payments Technology

Related Company

Comments: (0)

[On-Demand Webinar] Payment Scams and Fraud: Changing Bank Behaviour and Regulatory FrameworksFinextra Promoted[On-Demand Webinar] Payment Scams and Fraud: Changing Bank Behaviour and Regulatory Frameworks