Washington, July 23 : A large percentage of online banking sites have at least one design flaw, which in turn, can make customers vulnerable to cyber thieves when it comes to their money or even identity, finds a new study led by an Indian-origin researcher.
Atul Prakash, a professor in the Department of Electrical Engineering and Computer Science and doctoral students Laura Falk and Kevin Borders examined the Web sites of 214 financial institutions in 2006 and found that 75 percent of them had security flaws.
According to the study's researchers the design flaws aren't bugs that can be fixed with a patch, in fact, they stem from the flow and the layout of these Web sites.
The flaws include placing log in boxes and contact information on insecure web pages as well as failing to keep users on the site they initially visited.
Prakash said some banks may have taken steps to resolve these problems since this data was gathered, but overall he still sees much need for improvement.
"To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country," Prakash said.
"Our focus was on users who try to be careful, but unfortunately some bank sites make it hard for customers to make the right security decisions when doing online banking," he added.
The flaws leave cracks in security that hackers could exploit to gain access to private information and accounts.
The study will be presented for the first time at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University July 25.