[Dshield] Banks shifting logins to Non-SSL Pages

jmulkerin jmulkerin at comcast.net
Wed Aug 24 14:03:46 GMT 2005


I run a fairly big Credit Union network and On-Line Banking is safer 
than sending paper-based statements out in unsecured USPS mail.  I think 
if a CIO is not using his On-Line Banking, he either doesn't understand 
his own security environment, isn't fixing it, or does not have the 
interest in "electronic" banking.   I see many more instances of 
dumpster diving than I do electronic diving.    We've been using 
SSL-enabled logins on our main Web site for years.  99% of our members 
have been much happier with the faster speed.  It greatly reduces the 
noise in our on-line banking logs.  Because On-Line Banking needs to be 
tightly bolted down, we can not do rapid changes as the environment 
changes.  Our main web site is not as stringently controlled and we can 
add notices and warnings to our member.  This provides our members with 
much more information.  


John Mulkerin


More information about the list mailing list