Dangerous Liaisons: Online Banking

Banks in developing countries offer to their customers financial services and products through the Internet. However, as opposed to their counterparts in the West, none of them is aggressively pushing its clientele to adopt online banking. This may be the result of multiple reasons: (1) A computer-illiterate public, unaccustomed to working on the Web; (2) Staff lacking in training; (3) Computer systems that do not integrate seamlessly Internet-generated transactions with the banks' ledgers; (4) In poor countries, online banking may be no less costly to process than "bricks and mortar" transactions at the branch.

But there's another problem: computer security. To withstand the coordinated onslaught of hackers and cyber-criminals, who are constantly trying to empty the bank accounts of their victims, online banking Websites must incorporate many defensive safety features. These render the entire experience cumbersome and complicated and deter the vast majority of clients.

Go through the list below to see how secure is your bank's online presence. It is short and by no means exhaustive and is based on a study conducted at the University of Michigan by Atul Prakash, a professor in the department of electrical engineering and computer science, and two doctoral students, Laura Falk and Kevin Borders:

1. All the pages of the bank's Website must use SSL (Secure Sockets Layer) and TLS encryption technologies. In the Internet Explorer Web browser, a small, yellow padlock icon appears at the bottom of the page when such encryption is available. It prevents hackers from tapping into the exchange of information between the user's computer and the bank's servers and routers.

2. Users should not use their computer keyboard to type in passwords. Many computers are infected with keyloggers: small software applications that monitor the user's typing and pass on the information to networks of criminals. Instead, the bank should provide a "virtual keyboard" (a tiny on-screen graphic that looks like a keyboard). Users can then click their mouse and press the various "keys" of the virtual keyboard to form the password.

3. The banking Website should not re-direct the user to other domains or sites (which potentially are not as secure).

4. The bank should insist on strong passwords: minimum five characters, allowing combinations of numerals and letters, including capitalized ones.

5. The bank should never send any information pertaining to the account - especially not passwords - via e-mail.

6. The bank should insist on "two-factor authentication". The user would need a username and password to access the Website. But, to transact in the account, he would make use of one time "tokens" (codes). Each user should be equipped with printed lists of such codes or with a special device that generates them. They can also receive the codes via SMS. The codes are used to transfer money, change the password, change the limit of withdrawal, give instructions regarding securities and deposits, etc.