Re: Web site design issues

On May 15, 8:15 am, Tom Adams <tadams...@xxxxxxxxx> wrote:
I think there may be a need for web site design standards.

I was looking at my account on a particular financial web site.   One
of the disclaimers in the site's fraud reimbursement guarantee says
that clients need to check the account frequently.  I am sure few
clients bother to read these disclaimers.

I posed the question: how should I check for unauthorized activity in
my account?

It appears to be harder than one would like.  There is no reliable
activity log.  The online log allows messages to be deleted by the
client.  Confirmations can be redirected from the online log to U.S.
mail.   Online confirmations can be turned off.  In short, a crook
with my login credentials can cover his tracks by deleting and
redirecting messages.  If a crook changes the email address on my
account to his address, then he gets confirmation of this change by I
don't get a confirmation at my old email address.  A confirmation is
sent to my accounts message box that I can view when logged in, but
the crook can delete that message.

I have discussed this with other clients of the site and I have yet to
find one that was aware of any of this.

There are various places on the site with misinformation about these
matters, leaving the impression that you will get messages and
confirmations of changes to your account profile.

I have come to the conclusion that the only effective countermeasure
is to check your profile directly.  For instance, check the email
address there,  check the electronic bank transfer status directly,
don't rely on the confirmations to alert you of a change.  But few if
any clients know this.

I explore some of this by testing my account.  But then I noticed that
the terms and conditions of the site prohibit probing for security
holes.  So I am reluctant to do more probing.

I have emailed the firm concerning the problems.

I think the solution is a single online activity log that cannot be
tampered with.  That would be secure against all but pharming and an
inside job, I think.  It might be nice to have a separate readonly
login credential for that log.

Change you password once a week. Use a strong password like S4H7JK?.-K8

Relevant Pages

  • Web site design issues
    ... I was looking at my account on a particular financial web site. ... that clients need to check the account frequently. ... Confirmations can be redirected from the online log to U.S. ...
  • Re: Mixed day yesterday
    ... I thought if i told them it was on account of some long ago song triggering me they would think i was being really daft. ... Was very tempted to rush out the door and flee home .We were going to go to Starbucks on account of it being one of the clients 60th birthday ... This afternoon went to my mothers and had my hair cut. ...
  • Re: Take Over Practices
    ... didn't steal an account as much as you lost an account! ... customer is unhappy with services provided. ... takeover clients from ADT and the other mass market "paper flippers"...... ...
  • Re: OT Why ... Ping DerbyDad03
    ... checking account. ... or just pinching the pennies too much. ... our clients and ourselves and then faxed to insurance companies, ... either networked to the PC's of the operations staff that ...
  • Re: Relationships
    ... This is my first experience with building a database, ... >>every account is in the process of receiving or delivering assets. ... > multiple clients and individual clients within an account might have ...