Monday May 19, 2008 Random ramblings
Monday May 19, 2008 How not to improve the security of your online banking website
- Implement a browser white-list
While it may be a good idea to disallow customers with ancient, bug-riddled, phish-magnet browsers from accessing their online banking, doing so via a white-list of approved browsers is certain to annoy some of your more technically savvy users. Either implement a blacklist, so that the browsers you don't know about can still get in, or give the user the option to continue with an unapproved browser after warning them of the risks (it's their money..).
- Redirect HTTPS requests to your login page back to HTTP
There's a good reason why your customers might use a local bookmark to a HTTPS URL to access their online banking. Don't defeat it by redirecting them back to HTTP! The fact that your customers only can usefully bookmark your frontpage, thanks to your use of weird URLs that redirect to stranger URLs for site navigation, is part of the problem - presuming you want to minimise HTTPS load.
This blog entry was inspired by the RBS web site
( May 19 2008, 12:07:14 PM IST ) Permalink Comments [0]
