In a surprising revelation, a University of Michigan study published in July 2008 unearthed security-threatening design flaws in 76 percent of the 214 U.S. financial institution Websites they studied.

The research didn’t uncover vulnerabilities in the Websites themselves, which have been well monitored by industry auditors, nor did it find problems with the Websites’ coding that could allow criminals to break in. Instead, the main culprit was in design flaws that directed consumers on the banking Websites to third party Websites, sometimes without telling the consumers that they were being directed to Websites outside of the original banking Website, where they would not have the same level of security protection.

Here is how it happens:

Financial institutions silently redirect users to third-party Websites, plopping “secure login” boxes on insecure Web pages, and improperly using Social Security numbers or e-mail addresses - which an outsider can figure out - as default user names.

Even if the login boxes on financial institutions’ Web pages are properly secured - if the full page itself isn’t protected with the same technology, it’s more difficult to tell whether the site is real or fake.

Also, if users aren’t notified that they’re being taken to another Website (e.g., a financial institution uses a partner Website for online bill-paying), then it’s hard to determine if the new Website is trustworthy, because the online registration certificate carries a different company’s name.
The result is that even the most security-conscious consumers could find themselves the victims of identity theft because they’ve been conditioned to ignore potential clues about whether the financial Website they’re visiting is real - or a bogus Website set up by hackers.

“We want financial institutions to make the right decisions so people who are trying to be careful can do online banking securely,” said U of M’s lead researcher, Atul Prakash, a professor of computer science and engineering.

Only three percent of consumers recently surveyed are familiar with contactless technology, which enables them to pay for goods and services by tapping payment cards containing radio-frequency identification chips near a sensor on point-of-sale (POS) terminals. Another 23 percent of those surveyed would not use contactless cards because they were afraid of identity theft. However, in all cases consumers became interested in contactless cards once they learned more about how contactless technology worked and what contactless cards could be used for. The key for credit unions is strong member education on contactless card products.

Alaska Airlines announced that beginning August 5, it will no longer accept cash for in-flight payments.

Instead, the airline will honor Visa, Mastercard and American Express cards.

Alaska joins JetBlue and Virgin America as more airlines make the move to cashless payments. Alaska Airlines reported that going cashless will save flight attendants from having to spend time making change-and that cashless transactions will also be more convenient for customers.