Online banking, though convenient to use, are no the safest way to look at your accounts online. In fact, over the years we have seen several banks fall when putting under pressure about their web security. The worst offenders are of course Capital One, Suntrust, Wells Fargo and JPMorgan Chase. However, new research is showing that HSBC and TD Bank are some of the worse banks for web security that is being seen on the market today.
What Makes Banks so Vulnerable?
For the majority of banks that are included in the list, security is often cited for having no private connections for customers to make. Thus, it is simple for a hacker to make a fake homepage, get the login information of the bank customer and then proceed to gain access to the person’s account. From there, they can find account numbers, make withdrawals or even transfer the money to their own accounts.
Despite most banks having a login page, the issue arises with the homepage. Most banks are going to have https:// followed by their web address. However, TD Bank and HSBC are making the big mistake of only have HTTP://. Why is the ‘s’ important? It shows that the connection you have is secured. Without https://, it means that hackers could have implemented a fake homepage to gain access to accounts.
The reason that so many experts are coming down hard on banks for their online practices is that making this more secure is fairly simple. Most online shopping platforms are utilizing secure networks as they are taking payments via credit cards and other methods. If these types of establishments find it necessary to secure their websites, then why would banks think they do not need to do this?
Cyber security expert Robert Graham sums it up best with the bank’s approach to security by stating:
“Hey, there’s a crack in the plan, but we [the bank] won’t fix it because we don’t think it’ll cause the plane to crash today.”
Though the bank may not be brought down today due to their lack of security, it is only a matter of time. Luckily, some banks are taking the warnings seriously and are updating their systems. However, just as many banks are unaccounted for in terms of what they plan to do about cyber security.