ABA Banking Journal - December 2008 - (Page 44)

Tech topics WEBNOTES continued from page 36 aware of the security hazard created by having protected and unprotected regions on the same page. Inserting a pop-up menu that preempts the insecure page will forestall the problem and raise a user’s mindfulness of the need for constant security vigilance. E-mailing security-sensitive information insecurely (41%). Example: one bank offered to send statements via email but did not tell users whether the email message would simply be a notification about availability of a statement (not to worry), a link to the statement (vulnerable to phishing attack), or the actual statement (subject to eavesdropping). 3. aspects. Several sites studied by the Michigan team started a user’s web navigation off correctly, but for some transactions the program redirected users to a site with different company names on the URL and the signed security certificate. In those cases, it’s up to users to decide whether or not to trust the new website. The study advises: “Browsers should be seamless for the user without [the need for] such decisions. When presented with a difficult or confusing decision, users are likely to avoid the decision and go with the default action or let the site guide them, which leads to a bad security decision.” Inadequate policies for user IDs and passwords (28%). Favorite IDs are user’s e-mail address and user’s Social Security number. Both give far from adequate security. E-mail addresses are easily collected from the internet. Spammers do this all the time. A Social Security number is easy to calculate: each has only nine digits within the range of 0-9. The hazard is diminished if users are encouraged /required to change it after the initial usage. How effective an alternative will be depends on whether or not it is less predictable and more complex than e-mail addresses and Social Security numbers. Design expertise included The full study—“Analyzing websites for uservisible security design flaws”—is available at http://cups.cs.cmu.edu/soups/2008/proceedings/p117Falk.pdf. To help banks analyze the adequacy of their website designs, the study includes the pattern-matching methods and algorithms the researchers used to detect design flaws. The group is also developing an updatable model of the study. Break in the chain of trust (30%). If a website declares that it is SSL-protected, a user will likely trust its security. But the trust issue can have more subtle 4. 5. INTERACTIVE INDEX OF ADVERTISERS Welcome to ABA Banking Journal’s Interactive Service Center. This section has been created to allow you to interact with the advertisers who appear in this issue and to gain information on the products and services offered in the following pages of the magazine. Company ADT Commercial American Bankers Association CDW Cummins-Alison Corp Fidelity Investments Goldleaf Harland Financial Solutions Inc Jefferson Wells Metavante Corporation Nationwide Insurance Panini North America Powell Goldstien LLP Prudential SHAZAM SunGard 800-844-8493 Tmiller@shazam.net www.shazam.net www.sungard.com/ambit 937-291-2195 937-291-2197 jessicia.back@panini.com www.panini.com 800-989-9009 414-319-3400 800-822-6758 414-319-3401 414-362-1782 sales@metavante.com www.harlandfinancialsolutions.com www.jeffersonwells.com www.metavante.com 800-338-0626 800-399-4CDW 877-236-4897 866-728-5370 847-299-4940 stellmachw@cummins-allison www.aba.com www.cw.com www.cumminsgaming.com www.fiws.fidelity.com/trust Phone # Fax # e-mail address web site address page # 1 16,19,23,C3 2 34 6-7 45 5 25 8 14-15 C2 40 24-25 C4 11 The Advertisers Index is an editorial feature maintained for the convenience of readers. It is not part of the advertiser contract and ABA Banking Journal assumes no responsibility for the correctness. ADVERTISING SALES NORTHEAST/WESTCOAST/INTERNATIONAL Gus Blumberg (212) 620-7224, Fax (212) 633-1165 gblumberg@sbpub.com; 345 Hudson St., New York, NY 10014-4502 MIDWEST/SOUTHWEST Tom Dorsey (312) 683-5021, Fax (312) 683-0131 tdorsey@sbpub-chicago.com; 20 South Clark Street, Suite 2450, Chicago, IL 60603 CLASSIFIED ADVERTISING Diane Okon (312) 683-5022, Fax (312) 683-0131 dokon@sbpub-chicago.com; 20 South Clark Street, Suite 2450, Chicago, IL 60603 44 DECEMBER 2008/ABA BANKING JOURNAL Subscribe at www.ababj.com http://cups.cs.cmu.edu/soups/2008/proceedings/p117Falk.pdf http://www.aba.com http://www.cw.com http://www.cumminsgaming.com http://www.fiws.fidelity.com/trust http://www.harlandfinancialsolutions.com http://www.jeffersonwells.com http://www.metavante.com http://www.panini.com http://www.shazam.net http://www.sungard.com/ambit http://www.ababj.com

Table of Contents for the Digital Edition of ABA Banking Journal - December 2008

ABA Banking Journal - December 2008
Contents
Editor’s Column
Cover Story
ABA Resources
ABA Chairman’s Position
Community Banking
Pass the Aspirin
The Bank that Hates "Customers"
"Ivan the Terrible"Wreaks Havoc, but Adds New Business Line
New Twist on Philanthropy:the "Second-Chance" Account
Risk Management
Tech Topics
Webnotes
Compliance Clinic
MailBox
Banker’s Mart
To Advertise/Index of Advertisers
The Economy

ABA Banking Journal - December 2008

http://www.nxtbook.com/naylor/BAKS/BAKS0515
http://www.nxtbook.com/naylor/BAKS/BAKS0415
http://www.nxtbook.com/naylor/BAKS/BAKS0315
http://www.nxtbook.com/naylor/BAKS2/BAKS1014
http://www.nxtbook.com/naylor/BAKS2/BAKS0914
http://www.nxtbook.com/naylor/BAKS2/BAKS0814
http://www.nxtbook.com/naylor/BAKS2/BAKS0714
http://www.nxtbook.com/naylor/BAKS2/BAKS0614
http://www.nxtbook.com/naylor/BAKS2/BAKS0514
http://www.nxtbook.com/naylor/BAKS2/BAKS0414
http://www.nxtbook.com/naylor/BAKS2/BAKS0314
http://www.nxtbook.com/naylor/BAKS2/BAKS0214
http://www.nxtbook.com/naylor/BAKS2/BAKS0114
http://www.nxtbook.com/naylor/BAKS2/BAKS1213
http://www.nxtbook.com/naylor/BAKS2/BAKS1113
http://www.nxtbook.com/naylor/BAKS2/BAKS1013
http://www.nxtbook.com/naylor/BAKS2/BAKS0913
http://www.nxtbook.com/naylor/BAKS2/BAKS0813
http://www.nxtbook.com/naylor/BAKS2/BAKS0713
http://www.nxtbook.com/naylor/BAKS2/BAKS0613
http://www.nxtbook.com/naylor/BAKS2/BAKS0513
http://www.nxtbook.com/naylor/BAKS2/BAKS0413
http://www.nxtbook.com/naylor/BAKS2/BAKS0313
http://www.nxtbook.com/naylor/BAKS2/BAKS0213
http://www.nxtbook.com/naylor/BAKS2/BAKS0113
http://www.nxtbook.com/naylor/BAKS2/BAKS1212
http://www.nxtbook.com/naylor/BAKS2/BAKS1112
http://www.nxtbook.com/naylor/BAKS2/BAKS1012
http://www.nxtbook.com/naylor/BAKS2/BAKS0912
http://www.nxtbook.com/naylor/BAKS2/BAKS0812
http://www.nxtbook.com/naylor/BAKS2/BAKS0712
http://www.nxtbook.com/naylor/BAKS2/BAKS0612
http://www.nxtbook.com/naylor/BAKS2/BAKS0512
http://www.nxtbook.com/naylor/BAKS2/BAKS0412
http://www.nxtbook.com/naylor/BAKS2/BAKS0312
http://www.nxtbook.com/naylor/BAKS2/BAKS0212
http://www.nxtbook.com/naylor/BAKS2/BAKS0112
http://www.nxtbook.com/naylor/BAKS2/BAKS1211
http://www.nxtbook.com/naylor/BAKS2/BAKS1111
http://www.nxtbook.com/naylor/BAKS2/BAKS1011
http://www.nxtbook.com/naylor/BAKS2/BAKS0911
http://www.nxtbook.com/naylor/BAKS2/BAKS0811
http://www.nxtbook.com/naylor/BAKS2/BAKS0711
http://www.nxtbook.com/naylor/BAKS2/BAKS0611
http://www.nxtbook.com/naylor/BAKS2/BAKS0511
http://www.nxtbook.com/naylor/BAKS2/BAKS0411
http://www.nxtbook.com/naylor/BAKS2/BAKS0311
http://www.nxtbook.com/naylor/BAKS2/BAKS0211
http://www.nxtbook.com/naylor/BAKS2/BAKS0111
http://www.nxtbook.com/naylor/BAKS2/BAKS1210
http://www.nxtbook.com/naylor/BAKS2/BAKS1110
http://www.nxtbook.com/naylor/BAKS2/BAKS1010
http://www.nxtbook.com/naylor/BAKS2/BAKS0910
http://www.nxtbook.com/naylor/BAKS2/BAKS0810
http://www.nxtbook.com/nxtbooks/sb/ababj0710
http://www.nxtbook.com/nxtbooks/sb/ababj0610
http://www.nxtbook.com/nxtbooks/sb/ababj0510
http://www.nxtbook.com/nxtbooks/sb/ababj0410
http://www.nxtbook.com/nxtbooks/sb/ababj0310
http://www.nxtbook.com/nxtbooks/sb/ababj0210
http://www.nxtbook.com/nxtbooks/sb/ababj0110
http://www.nxtbook.com/nxtbooks/sb/ababj1209
http://www.nxtbook.com/nxtbooks/sb/ababj1109
http://www.nxtbook.com/nxtbooks/sb/ababj1009
http://www.nxtbook.com/nxtbooks/sb/ababj0909
http://www.nxtbook.com/nxtbooks/sb/ababj0809
http://www.nxtbook.com/nxtbooks/sb/ababj0709
http://www.nxtbook.com/nxtbooks/sb/ababj0609
http://www.nxtbook.com/nxtbooks/sb/ababj0509
http://www.nxtbook.com/nxtbooks/sb/ababj0409
http://www.nxtbook.com/nxtbooks/sb/ababj0309
http://www.nxtbook.com/nxtbooks/sb/ababj0209
http://www.nxtbook.com/nxtbooks/sb/ababj0109
http://www.nxtbook.com/nxtbooks/sb/ababj1208
http://www.nxtbook.com/nxtbooks/sb/ababj1108
http://www.nxtbook.com/nxtbooks/sb/ababj1008
http://www.nxtbook.com/nxtbooks/sb/ababj0908
http://www.nxtbook.com/nxtbooks/sb/ababj0808
http://www.nxtbook.com/nxtbooks/sb/ababj0708
http://www.nxtbook.com/nxtbooks/sb/ababj0608
http://www.nxtbook.com/nxtbooks/sb/ababj0508
http://www.nxtbook.com/nxtbooks/sb/ababj0408
http://www.nxtbook.com/nxtbooks/sb/ababj0308
http://www.nxtbook.com/nxtbooks/sb/ababj0208
http://www.nxtbook.com/nxtbooks/sb/ababj-compsurv08
http://www.nxtbook.com/nxtbooks/sb/ababj0108
http://www.nxtbook.com/nxtbooks/sb/ababj1207
http://www.nxtbook.com/nxtbooks/sb/ababj1107
http://www.nxtbook.com/nxtbooks/sb/ababj1007
http://www.nxtbook.com/nxtbooks/sb/ababj0907
http://www.nxtbook.com/nxtbooks/sb/ababj0807
http://www.nxtbook.com/nxtbooks/sb/ababj0707
http://www.nxtbook.com/nxtbooks/sb/ababj0607
http://www.nxtbook.com/nxtbooks/sb/ababj-jackhenry
http://www.nxtbook.com/nxtbooks/sb/ababj0507
http://www.nxtbook.com/nxtbooks/sb/ababj0407
http://www.nxtbook.com/nxtbooks/sb/ababj0307
http://www.nxtbook.com/nxtbooks/sb/ababj-compsurv07
http://www.nxtbook.com/nxtbooks/sb/ababj0207
http://www.nxtbook.com/nxtbooks/sb/ababj0107
http://www.nxtbook.com/nxtbooks/sb/ababj1206
http://www.nxtbook.com/nxtbooks/sb/ababjcompsurv2006
http://www.nxtbookMEDIA.com