It’s nearly 2011. At this point in the evolution of online services in the banking industry there should be no need for another blog post covering the basic fundamentals of securing online forms on retail banking websites. Or so one would hope, but that’s not the case. A random sampling of small bank and credit union websites will reveal that either bankers don’t have the knowledge or they choose to ignore it. In all likelihood, it’s a mixture of both. As you plan for 2011, save yourself some inevitable future grief and add a thorough website security review to your checklist for the new year, paying special attention to the tools on your website that collect personal information from customers. [More]
Dec 21, 2010 • by Jason Sherrill
While many geeks like us don’t always mind the challenge involved in conquering a new platform or software application, we also understand that time is money, especially for independent developers and consultants. Prior to our latest update, it would not be unusual for a developer using MemberProtect® for the first time to spend three or four hours setting up a new ASP.NET website project to use MemberProtect to perform user authentication, manage users, roles and privileges. We’ve now shaved that time from a few hours down to less than five minutes. Let me show you how. [More]
Jul 15, 2010 • by Jason Sherrill
The state of Massachusetts' new data security law, 201 CMR 17.00, will impact many web based applications that collect and store personal financial information about users. The new law reaches beyond the state's borders and affects organizations that are collecting and storing personally identifiable information (PII) about Massachusetts residents. Even if you don't have a physical presence in Massachusetts, the long arms of this law still reach out to you if you collect or store personal information on any Massachusetts resident. [More]
Apr 28, 2010 • by Jason Sherrill
A common security practice in online banking authentication systems is to ask users to choose a security image and save it as part of their online profile. The purpose of these security images is to mitigate the risk of phishing attacks. In theory, if a user does not see his security image when logging in, he should not enter his password into the site. But banking sites that use these standard security images are prone to image harvesting attacks. MemberProtect gives developers a feature that makes this anti-phishing feature more stout and able to better defend against image harvest attacks. [More]
Apr 26, 2010 • by Jason Sherrill
The crimeware application Zeus is loose on the web with a new version, 1.4, and is attacking computers across the globe. As of April 21, Zeus 1.4 has infected every 1 in 3000 computers monitored in North America and the United Kingdom, and Symantec's latest Internet Security Threat Report showed that nearly 90,000 unique variants of the Zeus toolkit were observed in 2009. Zeus is specifically designed to steal login credentials to online banking sites and similar secure web sites. [More]
Apr 25, 2010 • by Jason Sherrill
