ABA Banking Journal - December 2008 - (Page 44) Tech topics WEBNOTES continued from page 36 aware of the security hazard created by having protected and unprotected regions on the same page. Inserting a pop-up menu that preempts the insecure page will forestall the problem and raise a user’s mindfulness of the need for constant security vigilance. E-mailing security-sensitive information insecurely (41%). Example: one bank offered to send statements via email but did not tell users whether the email message would simply be a notification about availability of a statement (not to worry), a link to the statement (vulnerable to phishing attack), or the actual statement (subject to eavesdropping). 3. aspects. Several sites studied by the Michigan team started a user’s web navigation off correctly, but for some transactions the program redirected users to a site with different company names on the URL and the signed security certificate. In those cases, it’s up to users to decide whether or not to trust the new website. The study advises: “Browsers should be seamless for the user without [the need for] such decisions. When presented with a difficult or confusing decision, users are likely to avoid the decision and go with the default action or let the site guide them, which leads to a bad security decision.” Inadequate policies for user IDs and passwords (28%). Favorite IDs are user’s e-mail address and user’s Social Security number. Both give far from adequate security. E-mail addresses are easily collected from the internet. Spammers do this all the time. A Social Security number is easy to calculate: each has only nine digits within the range of 0-9. The hazard is diminished if users are encouraged /required to change it after the initial usage. How effective an alternative will be depends on whether or not it is less predictable and more complex than e-mail addresses and Social Security numbers. Design expertise included The full study—“Analyzing websites for uservisible security design flaws”—is available at http://cups.cs.cmu.edu/soups/2008/proceedings/p117Falk.pdf. To help banks analyze the adequacy of their website designs, the study includes the pattern-matching methods and algorithms the researchers used to detect design flaws. The group is also developing an updatable model of the study. Break in the chain of trust (30%). If a website declares that it is SSL-protected, a user will likely trust its security. But the trust issue can have more subtle 4. 5. INTERACTIVE INDEX OF ADVERTISERS Welcome to ABA Banking Journal’s Interactive Service Center. This section has been created to allow you to interact with the advertisers who appear in this issue and to gain information on the products and services offered in the following pages of the magazine. Company ADT Commercial American Bankers Association CDW Cummins-Alison Corp Fidelity Investments Goldleaf Harland Financial Solutions Inc Jefferson Wells Metavante Corporation Nationwide Insurance Panini North America Powell Goldstien LLP Prudential SHAZAM SunGard 800-844-8493 Tmiller@shazam.net www.shazam.net www.sungard.com/ambit 937-291-2195 937-291-2197 jessicia.back@panini.com www.panini.com 800-989-9009 414-319-3400 800-822-6758 414-319-3401 414-362-1782 sales@metavante.com www.harlandfinancialsolutions.com www.jeffersonwells.com www.metavante.com 800-338-0626 800-399-4CDW 877-236-4897 866-728-5370 847-299-4940 stellmachw@cummins-allison www.aba.com www.cw.com www.cumminsgaming.com www.fiws.fidelity.com/trust Phone # Fax # e-mail address web site address page # 1 16,19,23,C3 2 34 6-7 45 5 25 8 14-15 C2 40 24-25 C4 11 The Advertisers Index is an editorial feature maintained for the convenience of readers. It is not part of the advertiser contract and ABA Banking Journal assumes no responsibility for the correctness. ADVERTISING SALES NORTHEAST/WESTCOAST/INTERNATIONAL Gus Blumberg (212) 620-7224, Fax (212) 633-1165 gblumberg@sbpub.com; 345 Hudson St., New York, NY 10014-4502 MIDWEST/SOUTHWEST Tom Dorsey (312) 683-5021, Fax (312) 683-0131 tdorsey@sbpub-chicago.com; 20 South Clark Street, Suite 2450, Chicago, IL 60603 CLASSIFIED ADVERTISING Diane Okon (312) 683-5022, Fax (312) 683-0131 dokon@sbpub-chicago.com; 20 South Clark Street, Suite 2450, Chicago, IL 60603 44 DECEMBER 2008/ABA BANKING JOURNAL Subscribe at www.ababj.com http://cups.cs.cmu.edu/soups/2008/proceedings/p117Falk.pdf http://www.aba.com http://www.cw.com http://www.cumminsgaming.com http://www.fiws.fidelity.com/trust http://www.harlandfinancialsolutions.com http://www.jeffersonwells.com http://www.metavante.com http://www.panini.com http://www.shazam.net http://www.sungard.com/ambit http://www.ababj.com Table of Contents for the Digital Edition of ABA Banking Journal - December 2008 ABA Banking Journal - December 2008 Contents Editor’s Column Cover Story ABA Resources ABA Chairman’s Position Community Banking Pass the Aspirin The Bank that Hates "Customers" "Ivan the Terrible"Wreaks Havoc, but Adds New Business Line New Twist on Philanthropy:the "Second-Chance" Account Risk Management Tech Topics Webnotes Compliance Clinic MailBox Banker’s Mart To Advertise/Index of Advertisers The Economy ABA Banking Journal - December 2008 http://www.nxtbook.com/naylor/BAKS/BAKS0515 http://www.nxtbook.com/naylor/BAKS/BAKS0415 http://www.nxtbook.com/naylor/BAKS/BAKS0315 http://www.nxtbook.com/naylor/BAKS2/BAKS1014 http://www.nxtbook.com/naylor/BAKS2/BAKS0914 http://www.nxtbook.com/naylor/BAKS2/BAKS0814 http://www.nxtbook.com/naylor/BAKS2/BAKS0714 http://www.nxtbook.com/naylor/BAKS2/BAKS0614 http://www.nxtbook.com/naylor/BAKS2/BAKS0514 http://www.nxtbook.com/naylor/BAKS2/BAKS0414 http://www.nxtbook.com/naylor/BAKS2/BAKS0314 http://www.nxtbook.com/naylor/BAKS2/BAKS0214 http://www.nxtbook.com/naylor/BAKS2/BAKS0114 http://www.nxtbook.com/naylor/BAKS2/BAKS1213 http://www.nxtbook.com/naylor/BAKS2/BAKS1113 http://www.nxtbook.com/naylor/BAKS2/BAKS1013 http://www.nxtbook.com/naylor/BAKS2/BAKS0913 http://www.nxtbook.com/naylor/BAKS2/BAKS0813 http://www.nxtbook.com/naylor/BAKS2/BAKS0713 http://www.nxtbook.com/naylor/BAKS2/BAKS0613 http://www.nxtbook.com/naylor/BAKS2/BAKS0513 http://www.nxtbook.com/naylor/BAKS2/BAKS0413 http://www.nxtbook.com/naylor/BAKS2/BAKS0313 http://www.nxtbook.com/naylor/BAKS2/BAKS0213 http://www.nxtbook.com/naylor/BAKS2/BAKS0113 http://www.nxtbook.com/naylor/BAKS2/BAKS1212 http://www.nxtbook.com/naylor/BAKS2/BAKS1112 http://www.nxtbook.com/naylor/BAKS2/BAKS1012 http://www.nxtbook.com/naylor/BAKS2/BAKS0912 http://www.nxtbook.com/naylor/BAKS2/BAKS0812 http://www.nxtbook.com/naylor/BAKS2/BAKS0712 http://www.nxtbook.com/naylor/BAKS2/BAKS0612 http://www.nxtbook.com/naylor/BAKS2/BAKS0512 http://www.nxtbook.com/naylor/BAKS2/BAKS0412 http://www.nxtbook.com/naylor/BAKS2/BAKS0312 http://www.nxtbook.com/naylor/BAKS2/BAKS0212 http://www.nxtbook.com/naylor/BAKS2/BAKS0112 http://www.nxtbook.com/naylor/BAKS2/BAKS1211 http://www.nxtbook.com/naylor/BAKS2/BAKS1111 http://www.nxtbook.com/naylor/BAKS2/BAKS1011 http://www.nxtbook.com/naylor/BAKS2/BAKS0911 http://www.nxtbook.com/naylor/BAKS2/BAKS0811 http://www.nxtbook.com/naylor/BAKS2/BAKS0711 http://www.nxtbook.com/naylor/BAKS2/BAKS0611 http://www.nxtbook.com/naylor/BAKS2/BAKS0511 http://www.nxtbook.com/naylor/BAKS2/BAKS0411 http://www.nxtbook.com/naylor/BAKS2/BAKS0311 http://www.nxtbook.com/naylor/BAKS2/BAKS0211 http://www.nxtbook.com/naylor/BAKS2/BAKS0111 http://www.nxtbook.com/naylor/BAKS2/BAKS1210 http://www.nxtbook.com/naylor/BAKS2/BAKS1110 http://www.nxtbook.com/naylor/BAKS2/BAKS1010 http://www.nxtbook.com/naylor/BAKS2/BAKS0910 http://www.nxtbook.com/naylor/BAKS2/BAKS0810 http://www.nxtbook.com/nxtbooks/sb/ababj0710 http://www.nxtbook.com/nxtbooks/sb/ababj0610 http://www.nxtbook.com/nxtbooks/sb/ababj0510 http://www.nxtbook.com/nxtbooks/sb/ababj0410 http://www.nxtbook.com/nxtbooks/sb/ababj0310 http://www.nxtbook.com/nxtbooks/sb/ababj0210 http://www.nxtbook.com/nxtbooks/sb/ababj0110 http://www.nxtbook.com/nxtbooks/sb/ababj1209 http://www.nxtbook.com/nxtbooks/sb/ababj1109 http://www.nxtbook.com/nxtbooks/sb/ababj1009 http://www.nxtbook.com/nxtbooks/sb/ababj0909 http://www.nxtbook.com/nxtbooks/sb/ababj0809 http://www.nxtbook.com/nxtbooks/sb/ababj0709 http://www.nxtbook.com/nxtbooks/sb/ababj0609 http://www.nxtbook.com/nxtbooks/sb/ababj0509 http://www.nxtbook.com/nxtbooks/sb/ababj0409 http://www.nxtbook.com/nxtbooks/sb/ababj0309 http://www.nxtbook.com/nxtbooks/sb/ababj0209 http://www.nxtbook.com/nxtbooks/sb/ababj0109 http://www.nxtbook.com/nxtbooks/sb/ababj1208 http://www.nxtbook.com/nxtbooks/sb/ababj1108 http://www.nxtbook.com/nxtbooks/sb/ababj1008 http://www.nxtbook.com/nxtbooks/sb/ababj0908 http://www.nxtbook.com/nxtbooks/sb/ababj0808 http://www.nxtbook.com/nxtbooks/sb/ababj0708 http://www.nxtbook.com/nxtbooks/sb/ababj0608 http://www.nxtbook.com/nxtbooks/sb/ababj0508 http://www.nxtbook.com/nxtbooks/sb/ababj0408 http://www.nxtbook.com/nxtbooks/sb/ababj0308 http://www.nxtbook.com/nxtbooks/sb/ababj0208 http://www.nxtbook.com/nxtbooks/sb/ababj-compsurv08 http://www.nxtbook.com/nxtbooks/sb/ababj0108 http://www.nxtbook.com/nxtbooks/sb/ababj1207 http://www.nxtbook.com/nxtbooks/sb/ababj1107 http://www.nxtbook.com/nxtbooks/sb/ababj1007 http://www.nxtbook.com/nxtbooks/sb/ababj0907 http://www.nxtbook.com/nxtbooks/sb/ababj0807 http://www.nxtbook.com/nxtbooks/sb/ababj0707 http://www.nxtbook.com/nxtbooks/sb/ababj0607 http://www.nxtbook.com/nxtbooks/sb/ababj-jackhenry http://www.nxtbook.com/nxtbooks/sb/ababj0507 http://www.nxtbook.com/nxtbooks/sb/ababj0407 http://www.nxtbook.com/nxtbooks/sb/ababj0307 http://www.nxtbook.com/nxtbooks/sb/ababj-compsurv07 http://www.nxtbook.com/nxtbooks/sb/ababj0207 http://www.nxtbook.com/nxtbooks/sb/ababj0107 http://www.nxtbook.com/nxtbooks/sb/ababj1206 http://www.nxtbook.com/nxtbooks/sb/ababjcompsurv2006 http://www.nxtbookMEDIA.com