ABA Banking Journal - December 2008 - (Page 44)

Tech topics WEBNOTES continued from page 36 aware of the security hazard created by having protected and unprotected regions on the same page. Inserting a pop-up menu that preempts the insecure page will forestall the problem and raise a user’s mindfulness of the need for constant security vigilance. E-mailing security-sensitive information insecurely (41%). Example: one bank offered to send statements via email but did not tell users whether the email message would simply be a notification about availability of a statement (not to worry), a link to the statement (vulnerable to phishing attack), or the actual statement (subject to eavesdropping). 3. aspects. Several sites studied by the Michigan team started a user’s web navigation off correctly, but for some transactions the program redirected users to a site with different company names on the URL and the signed security certificate. In those cases, it’s up to users to decide whether or not to trust the new website. The study advises: “Browsers should be seamless for the user without [the need for] such decisions. When presented with a difficult or confusing decision, users are likely to avoid the decision and go with the default action or let the site guide them, which leads to a bad security decision.” Inadequate policies for user IDs and passwords (28%). Favorite IDs are user’s e-mail address and user’s Social Security number. Both give far from adequate security. E-mail addresses are easily collected from the internet. Spammers do this all the time. A Social Security number is easy to calculate: each has only nine digits within the range of 0-9. The hazard is diminished if users are encouraged /required to change it after the initial usage. How effective an alternative will be depends on whether or not it is less predictable and more complex than e-mail addresses and Social Security numbers. Design expertise included The full study—“Analyzing websites for uservisible security design flaws”—is available at http://cups.cs.cmu.edu/soups/2008/proceedings/p117Falk.pdf. To help banks analyze the adequacy of their website designs, the study includes the pattern-matching methods and algorithms the researchers used to detect design flaws. The group is also developing an updatable model of the study. Break in the chain of trust (30%). If a website declares that it is SSL-protected, a user will likely trust its security. But the trust issue can have more subtle 4. 5. INTERACTIVE INDEX OF ADVERTISERS Welcome to ABA Banking Journal’s Interactive Service Center. This section has been created to allow you to interact with the advertisers who appear in this issue and to gain information on the products and services offered in the following pages of the magazine. Company ADT Commercial American Bankers Association CDW Cummins-Alison Corp Fidelity Investments Goldleaf Harland Financial Solutions Inc Jefferson Wells Metavante Corporation Nationwide Insurance Panini North America Powell Goldstien LLP Prudential SHAZAM SunGard 800-844-8493 Tmiller@shazam.net www.shazam.net www.sungard.com/ambit 937-291-2195 937-291-2197 jessicia.back@panini.com www.panini.com 800-989-9009 414-319-3400 800-822-6758 414-319-3401 414-362-1782 sales@metavante.com www.harlandfinancialsolutions.com www.jeffersonwells.com www.metavante.com 800-338-0626 800-399-4CDW 877-236-4897 866-728-5370 847-299-4940 stellmachw@cummins-allison www.aba.com www.cw.com www.cumminsgaming.com www.fiws.fidelity.com/trust Phone # Fax # e-mail address web site address page # 1 16,19,23,C3 2 34 6-7 45 5 25 8 14-15 C2 40 24-25 C4 11 The Advertisers Index is an editorial feature maintained for the convenience of readers. It is not part of the advertiser contract and ABA Banking Journal assumes no responsibility for the correctness. ADVERTISING SALES NORTHEAST/WESTCOAST/INTERNATIONAL Gus Blumberg (212) 620-7224, Fax (212) 633-1165 gblumberg@sbpub.com; 345 Hudson St., New York, NY 10014-4502 MIDWEST/SOUTHWEST Tom Dorsey (312) 683-5021, Fax (312) 683-0131 tdorsey@sbpub-chicago.com; 20 South Clark Street, Suite 2450, Chicago, IL 60603 CLASSIFIED ADVERTISING Diane Okon (312) 683-5022, Fax (312) 683-0131 dokon@sbpub-chicago.com; 20 South Clark Street, Suite 2450, Chicago, IL 60603 44 DECEMBER 2008/ABA BANKING JOURNAL Subscribe at www.ababj.com http://cups.cs.cmu.edu/soups/2008/proceedings/p117Falk.pdf http://www.aba.com http://www.cw.com http://www.cumminsgaming.com http://www.fiws.fidelity.com/trust http://www.harlandfinancialsolutions.com http://www.jeffersonwells.com http://www.metavante.com http://www.panini.com http://www.shazam.net http://www.sungard.com/ambit http://www.ababj.com

Table of Contents for the Digital Edition of ABA Banking Journal - December 2008

ABA Banking Journal - December 2008
Contents
Editor’s Column
Cover Story
ABA Resources
ABA Chairman’s Position
Community Banking
Pass the Aspirin
The Bank that Hates "Customers"
"Ivan the Terrible"�Wreaks Havoc, but Adds New Business Line
New Twist on Philanthropy:�the "Second-Chance" Account
Risk Management
Tech Topics
Webnotes
Compliance Clinic
MailBox
Banker’s Mart
To Advertise/Index of Advertisers
The Economy

ABA Banking Journal - December 2008