CNET también está disponible en español.

Ir a español

Don't show this again


NetBank security breach could affect other banks

NetBank links accounts of two customers, a mistake that could damage the reputations of other online financial institutions.

When Mahesh Rao looked in on his NetBank checking account Tuesday night, he received something of a surprise.

In addition to his account information, he had access to another NetBank customer's account, revealing not only her various transactions but also the amount of money in the account and her social security number. Despite five calls Rao made to NetBank beginning Wednesday, the problem wasn't fixed until last night.

"It still bothers me that this happened," Rao, an attorney who lives in Chambersburg, Penn., said. "I don't get the sense that they fathom the depth of this problem."

NetBank chief technology officer Tom Cable blamed the problem on human error, saying that a NetBank employee had improperly linked Rao's account to another customer's account. Cable said the problem was fixed after Rao's first call, but the fix didn't show up online immediately because of a change in the company's back-end systems.

"There was a set-up error," Cable said. "Evidently the procedure was not followed. We'll make sure that is something that no one deviates from again."

Rao's experience raises questions about the security of online financial institutions as a growing number of consumers shift their finances to Internet banking and trading accounts.

Although what Rao experienced appeared to be isolated, it's still important, Jupiter Communications digital commerce analyst Robert Sterling said. Because Rao was able to access another users' account, he presumably could have moved money out of the other account, and that's "not acceptable," Sterling said. He added that Net users today expect online banks to be secure and have little sympathy for human or technical errors that affect their accounts.

"It's a big deal," Sterling said. "[NetBank] can't let this happen. The thing is, it doesn't just damage that institution; it damages the whole idea of online financial institutions in general."

Of particular worry are potential security problems on home computers, which industry experts have targeted as the weakest link in creating secure Internet banking.

This summer, a group of major U.S. banks took steps to address this concern, creating a lab to test the security of Web browsers and PC hardware and software.

The Banking Industry Technology Secretariat, a division of Bankers Roundtable, is currently drafting testing criteria in several areas. According to information on the group's Web site, it plans to target security features and capabilities of products for select PC operating systems, browsers, servers and applications software for PC banking; antivirus software; firewalls; and end-to-end security systems.

While such efforts may help make online banking more secure, human errors may be harder to control.

Rao said his experience was not isolated. He said that when he called NetBank about the problem, the company indicated to him that it had received calls from other people who had experienced similar problems.

But NetBank's Cable said he was unaware of any similar incidents at the company.