65% of Major US Banks Fail Web Security Testing

Updated on: March 29, 2020

65% of Major US Banks Fail Web Security Testing

2017 has been the year of cyber attacks. From the infamous Petya ransomware attack, the havoc wreaking WannaCry attack and the Magecart payment stealing scam, the number of data breaches and information theft is escalating more than before. On one hand, while companies and financial institutions are worse at keeping sensitive information safe, hackers are developing unprecedented techniques to conduct cyber attacks. In the wake of this grim reality came to light the susceptible state of US banks and their security countermeasures.

An anonymous security audit of over 1000 websites of some of the largest banks in the United States have revealed staggeringly disturbing results. The non-profit Online Trust Alliance (OTA) Alliance which conducted the clandestine privacy and security test revealed that 65% of US banks have failed this web security testing, with some of the largest banks in the US having scored the poorest in the security audit.

This possibly could be a US banking customer’s worst nightmare. In the audit, only 52% of the 1,000 sites tested qualified for the Honor Roll. To receive the Honor Roll award, the banks must fare an overall score of 80%or higher across three categories: consumer protection, security, and privacy. However, the results of the audit remind us of a different reality altogether.

So now as a US banking customer, you can trust only 27% of the 100 largest banks in the country. While, quintessentially, banks are supposed to take proper web security measures to protect customer funds, trust in banks and other financial institutions is an all time low. Though banks strongly urge customers to adopt digitization and mobile banking, it is disconcerting to see the gravity with which they approach online security.

Simple and effective countermeasures like air gaps, rate limiting, IP reputation, and improvement of identity management can prevent financial larceny to a large extent. Moreover, other measures like compartmentalization, security classification of assets and access, and the management of privileged identities and access reduce losses and provide large ROI.

Tags: , ,

Bhagyeshwari Chauhan

An engineering grad and a technical writer, Bhagyeshwari blogs about web security, futuristic tech and space science.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newest Most Voted
Inline Feedbacks
View all comments
4 years ago

Good post! We will be linking to this great post
on our site. Keep up the good writing.

Naman Rastogi
4 years ago
Reply to  Patrik

Thanks 🙂

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany