Google Site Search

Google
 

Sunday, April 27, 2008

Entering Sensitive Information on HTTP Site

Conor's Web Log of Esoterica: What's wrong with this picture?

This is a ****SERIOUS**** no-no. Financial institutions should always use SSL to take in user identity.

The W3C WSC spec is trying to come out with strong guidelines.
http://www.w3.org/2006/WSC/drafts/rec/

With the financial institutions primary targets of phishing schemes, it is imperative that all sensitive information about the customer is entered on a secure page. Maybe utilize EV Certificates and the browser indicators (green bars).

No comments: