Event Summary
NetBank (Nasdaq: NTBK), an Atlanta based internet bank, suffered a major credibility blow last week when a customer named Mahesh Rao reported that he had been inadvertently given access to another customer's account, transaction history, social security number, and funds. Rao had to call NetBank five times before the problem was resolved. According to Tom Cable, Chief Technology Officer of NetBank, the problem occurred due to human error. NetBank is an FDIC insured institution. According to Cynthia Bonnette, spokeswoman for the FDIC, "Significant implications for security and privacy are raised by this reported incident."
Market Impact
Incidences like the one at NetBank affect not only the institution in question, but the entire online internet banking community. Consumers read about incidences like this and become skeptical about the security of online banking in general. In a letter to its financial institutions, even the FDIC expresses concern over the risks involved in online banking, and states "Institutions using the internet or other computer networks are exposed to various categories of risk that could result in the possibility of financial loss and reputational loss."
Securing systems and networks is complex. Even if a bank uses due diligence and has periodic security vulnerability assessments by independent auditors, the security audit is only a snapshot in time, and does not necessarily guarantee the organization's future information security picture. Systems are continually being upgraded and patched, and most infrastructure networks are in a constant state of growth. You can secure an entire network, and have the security subverted by an unknowing network engineer extending a network connection around the backend security perimeter.
SOURCE:
http://www.technologyevaluation.com/research/articles/security-snafu-at-netbank-15282/
NetBank (Nasdaq: NTBK), an Atlanta based internet bank, suffered a major credibility blow last week when a customer named Mahesh Rao reported that he had been inadvertently given access to another customer's account, transaction history, social security number, and funds. Rao had to call NetBank five times before the problem was resolved. According to Tom Cable, Chief Technology Officer of NetBank, the problem occurred due to human error. NetBank is an FDIC insured institution. According to Cynthia Bonnette, spokeswoman for the FDIC, "Significant implications for security and privacy are raised by this reported incident."
Market Impact
Incidences like the one at NetBank affect not only the institution in question, but the entire online internet banking community. Consumers read about incidences like this and become skeptical about the security of online banking in general. In a letter to its financial institutions, even the FDIC expresses concern over the risks involved in online banking, and states "Institutions using the internet or other computer networks are exposed to various categories of risk that could result in the possibility of financial loss and reputational loss."
Securing systems and networks is complex. Even if a bank uses due diligence and has periodic security vulnerability assessments by independent auditors, the security audit is only a snapshot in time, and does not necessarily guarantee the organization's future information security picture. Systems are continually being upgraded and patched, and most infrastructure networks are in a constant state of growth. You can secure an entire network, and have the security subverted by an unknowing network engineer extending a network connection around the backend security perimeter.
SOURCE:
http://www.technologyevaluation.com/research/articles/security-snafu-at-netbank-15282/
No comments:
Post a Comment