All of Europe’s major banks offer to their customers financial services and products through the Internet. But there’s a problem: computer security. To withstand the coordinated onslaught of hackers and cyber-criminals, who are constantly trying to empty the bank accounts of their victims, online banking Websites must incorporate many defensive safety features. These render the entire experience cumbersome and complicated and deter the vast majority of clients.
Generally speaking, European banks are far safer than American ones as far as online banking and their online presence go. The list below is short and by no means exhaustive and is based on a study conducted at the University of Michigan by Atul Prakash, a professor in the department of electrical engineering and computer science, and two doctoral students, Laura Falk and Kevin Borders:
1. All the pages of the bank’s Website must use SSL (Secure Sockets Layer) and TLS encryption technologies. In the Internet Explorer Web browser, a small, yellow padlock icon appears at the bottom or the top of the page when such encryption is available. It prevents hackers from tapping into the exchange of information between the user’s computer and the bank’s servers and routers. Most browsers now offer also a wide variety of anti-phishing protections.
2. Users should not use their computer keyboard to type in passwords. Many computers are infected with keyloggers: small software applications that monitor the user’s typing and pass on the information to networks of criminals. Instead, the bank should provide a “virtual keyboard” (a tiny on-screen graphic that looks like a keyboard). Users can then click their mouse and press the various “keys” of the virtual keyboard to form the password. Some banks use Java “sandboxing” and virtualization technologies in order to isolate the online banking session from the user’s potentially-infected browser or computer.
3. The banking Website should not re-direct the user to other domains or sites (which potentially are not as secure).
4. The bank should insist on strong passwords: minimum five characters, allowing combinations of numerals and letters, including capitalized ones. Few banks adhere to this rule, though. Many of them allow passwords with only 4-5 numerals.
5. The bank should never send any information pertaining to the account – especially not passwords – via e-mail. Many European banks violate this cardinal rule by sending a staggering amount of information about the account via email, including account numbers, balances, movements, and ownership.
6. The bank should insist on “two-factor authentication”. The user would need a username and password to access the Website. But, to transact in the account, he would make use of one time “tokens” (codes). Each user should be equipped with printed lists of such codes or with a special device that generates them. They can also receive the codes via SMS. The codes are used to transfer money, change the password, change the limit of withdrawal, give instructions regarding securities and deposits, etc.
Filed under: World in Conflict and Transition | Tagged: banks, bonds, business, capital, climate change, competition, corruption, credit, currency, deflation, derivatives, development, EBRD, energy, environment, FDI, finance, fossil fuels, global warming, government, growth, healthcare, IFC, IMF, inflation, International Monetary Fund, investment, labor, macroeconomics, markets, microeconomics, money, pensions, private sector, privatization, public sector, savings, shares, stock exchange, taxation, trade unions, transition, unemployment, World Bank |