• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Banking regulations concerning online banking

boomerang

boomerang

Lifer
Are there any regulations concerning logging in for online banking?

I bank with a small local bank with about 8 offices. Their login page in not secure. I have spoken with them on the phone several times regarding this and am getting nowhere.

I can't seem to come up with any information regarding login requirements. Are there none? Is that why they just blow me off?

 
I would just get a new bank, seriously if they care that little about your account security how well can they be at controlling there own internal policy's after all if your bank is not secure what is the point just stuff all your money under your mattress. I also bank with a small bank six branches right now and the log in page for on-line banking is a secure page so it can be done and we are small doesn't cut it.
 
Originally posted by: MadAmos
I would just get a new bank, seriously if they care that little about your account security how well can they be at controlling there own internal policy's after all if your bank is not secure what is the point just stuff all your money under your mattress. I also bank with a small bank six branches right now and the log in page for on-line banking is a secure page so it can be done and we are small doesn't cut it.
Click to expand...

Best answer you'll get.
 
There are many regulations in regards to credit card protection. It falls under what they call PCI Compliance. It is a very rigorous standard that the credit card industry put upon the industry. Although they don't follow their own rules, but I imagine that is because they are willing to assume the liability. On a retail site such as newegg.com if they didn't have a secure login they would be subject to major fines via failure of PCI compliance.

In your case, because its a bank I don't know if they have to follow the rules but your average retail site is strictly regulated.
 
Originally posted by: Blieb
Understanding that the homepage is not HTTPS, does the form submit to a secure URL?
Click to expand...
Yes it does. My concern, and what I have attempted to get them to comment on, is the login on an unsecured page. Login as in both username and password.

Maybe I'm being overly concerned?

Edit: Spelling!!!!!!
 
I thought there was a law a while back requiring banks to use two-factor authentication. But that may only apply to banks over a certain size.
 
If you're so concerned about secured login, drop the local ghetto bank and go w/ HSBC, it's the only bank where I have to write down the login info 'cause the process is so damn complicated.
 
Originally posted by: boomerang
Originally posted by: Blieb
Understanding that the homepage is not HTTPS, does the form submit to a secure URL?
Click to expand...
Yes it does. My concern, and what I have attempted to get them to comment on, is the login on an unsecured page. Login as in both username and password.

Maybe I'm being overly concerned?

Edit: Spelling!!!!!!
Click to expand...

Link to bank's website?

Or if you want, just view source on the login page, search for the <form> tag for the login form, and post the contents of that tag.
 
Originally posted by: boomerang
Originally posted by: Blieb
Understanding that the homepage is not HTTPS, does the form submit to a secure URL?
Click to expand...
Yes it does. My concern, and what I have attempted to get them to comment on, is the login on an unsecured page. Login as in both username and password.

Maybe I'm being overly concerned?

Edit: Spelling!!!!!!
Click to expand...

If the login form submits to a secure URL, the information will be encrypted.

EDIT: The only real risk is that some party intercepts the unsecure HTML login form and re-writes the POST destination of the login form to a malicious site. This is theoretically possible, but it's an issue that exists with many, many bank websites.
 
Originally posted by: mugs
I thought there was a law a while back requiring banks to use two-factor authentication. But that may only apply to banks over a certain size.
Click to expand...
Yes, that's what I recall also. Which is what got me going on this quest.
 
Originally posted by: mugs
Originally posted by: boomerang
Originally posted by: Blieb
Understanding that the homepage is not HTTPS, does the form submit to a secure URL?
Click to expand...
Yes it does. My concern, and what I have attempted to get them to comment on, is the login on an unsecured page. Login as in both username and password.

Maybe I'm being overly concerned?

Edit: Spelling!!!!!!
Click to expand...

Link to bank's website?
Click to expand...
Don't think soooo. 😀
 
Originally posted by: boomerang
Originally posted by: mugs
Originally posted by: boomerang
Originally posted by: Blieb
Understanding that the homepage is not HTTPS, does the form submit to a secure URL?
Click to expand...
Yes it does. My concern, and what I have attempted to get them to comment on, is the login on an unsecured page. Login as in both username and password.

Maybe I'm being overly concerned?

Edit: Spelling!!!!!!
Click to expand...

Link to bank's website?
Click to expand...
Don't think soooo. 😀
Click to expand...

See my edit. I'm trying to help you verify if it's secure or not.
 
Originally posted by: MrChad
Originally posted by: boomerang
Originally posted by: Blieb
Understanding that the homepage is not HTTPS, does the form submit to a secure URL?
Click to expand...
Yes it does. My concern, and what I have attempted to get them to comment on, is the login on an unsecured page. Login as in both username and password.

Maybe I'm being overly concerned?

Edit: Spelling!!!!!!
Click to expand...

If the login form submits to a secure URL, the information will be encrypted.
Click to expand...

Thank you very much! I don't know all the nuances of the process. Saw your edit. Thanks again.

 
Originally posted by: mugs
Originally posted by: boomerang
Originally posted by: mugs
Originally posted by: boomerang
Originally posted by: Blieb
Understanding that the homepage is not HTTPS, does the form submit to a secure URL?
Click to expand...
Yes it does. My concern, and what I have attempted to get them to comment on, is the login on an unsecured page. Login as in both username and password.

Maybe I'm being overly concerned?

Edit: Spelling!!!!!!
Click to expand...

Link to bank's website?
Click to expand...
Don't think soooo. 😀
Click to expand...

See my edit. I'm trying to help you verify if it's secure or not.
Click to expand...

It starts like this:
<form action="https: blah,blah,blah

I think my concerns have been put to rest.
Thanks to you too mugs.

 
Originally posted by: boomerang
Originally posted by: mugs
Originally posted by: boomerang
Originally posted by: mugs
Originally posted by: boomerang
Originally posted by: Blieb
Understanding that the homepage is not HTTPS, does the form submit to a secure URL?
Click to expand...
Yes it does. My concern, and what I have attempted to get them to comment on, is the login on an unsecured page. Login as in both username and password.

Maybe I'm being overly concerned?

Edit: Spelling!!!!!!
Click to expand...

Link to bank's website?
Click to expand...
Don't think soooo. 😀
Click to expand...

See my edit. I'm trying to help you verify if it's secure or not.
Click to expand...

It starts like this:
<form action="https: blah,blah,blah

I think my concerns have been put to rest.
Thanks to you too mugs.
Click to expand...

Sorry to bump. Was looking through my history and saw this. I used to work on a lot of credit union websites and this came up A LOT. Like MrChad said, basically, before an HTTPS connection will communicate, it establishes security keys. I still personally don't like putting my info in on an unsecure page, 'cause you have to verify that it submits to a secure form ... so a lot of banks and such made their homepages HTTPS just for this reason.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top