Conor's Web Log of Esoterica: What's wrong with this picture?
This is a ****SERIOUS**** no-no. Financial institutions should always use SSL to take in user identity.
The W3C WSC spec is trying to come out with strong guidelines.
http://www.w3.org/2006/WSC/drafts/rec/
With the financial institutions primary targets of phishing schemes, it is imperative that all sensitive information about the customer is entered on a secure page. Maybe utilize EV Certificates and the browser indicators (green bars).
No comments:
Post a Comment