Some of the biggest banks have abandoned the practice of posting their online account log-in screens on SSL-protected pages in an effort to boost page response time and guide users to more memorable URLs, a U.K. Web performance firm said Tuesday.
The username and password are still encrypted when sent to the bank's server, however; the form's Submit or Login button points to an SSL-enabled "https" URL.
The practice runs counter to the advice banks and others have been hammering into consumers for years: look for the padlock icon representing a secure, SSL page. With the recent flood of phishing and other identity theft attacks, that advice has been reiterated by the likes of the Federal Trade Commission (FTC) in its anti-phishing guidelines to users.
Read this full article at InformationWeek
|
|
Only registered users can write comments.
Please login or register.
Powered by AkoComment!