Sales League Table 2020 | Banking Technology Winners

Results Announced!

Stay up-to-date with the latest industry news and analysis.

Subscribe to BankTech Daily News today. Limited time offer.

The Black Swan Opportunity | Get your bank digital ready.

IBSI Special 5 Digital Report Package with Special Offer. Subscribe now

Core Banking Market Dynamics Report 2020

Global analysis of core banking system sales. Subscribe now

65% of major US banks have failed web security testing


Security concept: Lock on digital screen

American banks are failing to keep secure

Websites run by some of the largest banks in the US have scored the poorest in a new security and privacy analysis audit.

The non-profit Online Trust Alliance (OTA) Alliance anonymously audited more than 1,000 websites, ranking their security and privacy practices. None of the sites investigated knew about the test.

In the firm’s Online Trust Audit & Honor Roll for 2017 many US banks were among the worst for security and privacy. The industry had both the most failing grades and the least “Honor Roll” recipients.

For firms to receive the Honor Roll award, they must achieve an overall score of 80% or higher across three categories: consumer protection, security and privacy. A failure in any of the three squashes its chance entirely.

52% of the 1,000 sites tested qualified for the Honor Roll. It marks an overall 5% improvement from 2016. “The internet economy runs on data,” OTA founder Spiezle told NBC News. “If this data is not secure and users have negative experiences, this ultimately threatens the future growth and revenue potential of the internet.”

US banks: not so safe

Look away now if you’re a US banking customer, as only 27% of the 100 largest banks in the country made the grade. The figure represents a 28% drop from 2016. According to the OTA, the sector had been showing signs of improvement. Yet, due to “increased breaches, low privacy scores and low levels of email authentication,” things have slipped.

The American Bankers Association (ABA) questions the results. Doug Johnson, senior vice president of payments and cybersecurity policy at the ABA, told NBC that banks “absolutely take privacy and security very seriously”.

Honor Roll vs failure rate of top US companies

Honor Roll vs. failure rate of top US companies. Source: OTA

The ABA insists that OTC figures indicating 24% of banks had a data breach in 2016 are false. “We’ve always been looked at as a model for security,” added Johnson, “held out as a template for other sectors to abide by in terms of security.”

Famously hacked mere moments after it revealed it was taking part in 2015’s CyberSecurity Awareness Month, the ABA statement might not be a great comfort. “The ABA takes data security very seriously,” a sheepish statement from the group read at the time. “We also recognise that despite significant security measures, breaches can and do occur.”

Large banks were found to have moderately good website security (17% of failures) but dropped the ball when it came to their email security (45%) and privacy (34%).

A workman and his tools

Phil Lieberman, CEO of Lieberman Software, a US security company, responding to an IBS Intelligence article from last month, said of bank security: “Most of the serious intrusions are from dumb mistakes made by companies that are easily remediated by a consistent approach to managing access, security and looking for significant anomalies.

“Countermeasures are simple and effective such as air gaps, rate limiting, IP reputation, and improving identity management.

“Other simple ideas like compartmentalisation, security classification of assets and access, and the management of privileged identities and access provide large ROI and reduction of losses.”

Related IBS Intelligence Research

Related Posts

BNY Mellon to boost real estate fund administration services for Deka Immobilien

BNY Mellon announced today that Deka Immobilien has selected the former’s services for the provision of global fund administration coordination and oversight for its Special Purpose Vehicles (SPVs). BNY Mellon is expected to coordinate accounting data from the SPVs around the world in which Deka funds invest, review the data, translate it into the required […]

This post is only available to members.

Read More »

PPRO study shows younger generations leading the UK alternative payment method adoption

A new study by PPRO has revealed that younger generations are spearheading the adoption of alternative payment methods (APMs), including bank transfers and e-wallets. The study showed that 42% of the Millennials and 35% of the Generation Z respondents have either used the above-mentioned methods of payments before or are confident using them. UK consumers […]

This post is only available to members.

Read More »