Security on the Internet

Internet Banking

In July of 2000, Intelligent Finance, a new on-line banking service from Halifax, was forced to delay its launch due to concerns over thousands of account holders accessing the site at the same time and fears that it couldn't take the strain.

In August 2000, Internet customers using Barclays' on-line banking service found they were able to see other users' account information.

Also in August, another Barclays' customer discovered that by pressing the Back key in her browser she could access her account details having logged off the system and without re-entering a password. The loophole meant that people using the service from a public computer, such as those in an office or an Internet café risked other users of that computer accessing their bank account details.

Meanwhile, Egg, one of a new generation of Internet-only banks, after first claiming to have avoided the first ever Internet bank robbery, admitted that hackers had managed to get away with relatively small amounts of money (thought to be thousands of pounds).

So, is Internet banking safe and, if not, is your money safe with an Internet bank?

Most PC users give little thought to the security of their computers, tending to trust in faith that they are safe. The Windows 9x operating system was not designed with security in mind. Windows Dial up Networking uses the TCP/IP protocol to communicate with other computers on the Internet. TCP/IP aims to provide a robust means of sending and receiving packets of information over a network. It was not designed with security in mind. Every computer program your computer runs is liable to have bugs in it and every bug creates a potential security loophole. Similar loopholes on your web server provide opportunities for network eavesdroppers to monitor your sessions on-line, following your every move.

In a recent report entitled "Electronic Commerce: Who Carries The Risk?", the Foundation for Information Policy Research (FIPR) concluded that unlike those with conventional accounts, the UK's 2 million Internet bank customers may not be adequately protected from fraud. The report raised a number of questions, not just about standalone on-line banks, but also about the web services offered by the high street banks. It claimed that some banks, including Egg, Halifax and Bank of Scotland, left the customer bearing the full risk of fraudulent transactions. It said: "As is clear from Egg, the customer's whole balance, up to any applicable withdrawal limits, is at risk".

Egg naturally deny that their Internet customers are at risk, claiming: "We have an explicit Internet fraud guarantee to protect customers from liability which will cover them pound for pound."

So what measures can you take to minimise the risks of Internet banking?

When you sign up with a bank find out what security measures they are taking:
- Is their server hidden behind a firewall?
- Does it use a Virtual Private Network to communicate with its Banking database?
- What types of encryption does it use for transmitting data along its networks, 40-bit or 128-bit?
- What physical measures are used to protect their servers (lock-up facilities, vaults etc.)?
Check the terms of your contract: What is the maximum amount of money you can lose?
Make sure you log out and close your browser after each banking session.
Choose your passwords carefully, change them frequently and never disclose them to third parties.

Appendix

[Home] [Company Profile] [CTC Clients] [Hosting Services]
[Internet Services]
[PC Support Services] [Software] [Search]