Online banking, pshaw

Much to the annoyance of some of my consultancy clients and my bank — and the amazement of friends (“What? Call yourself a technology columnist and not use Internet banking!!!”) — I don’t use online banking for the simple reason that I don’t think it’s secure. So this report from Good Morning Silicon Valley is grist to my mill.

The high-profile cyberattacks continue: Citigroup has been hacked, too, it told the Financial Times Wednesday. The May attack allowed hackers to access the names, account numbers and contact information of about 200,000 North American customers of the company, according to Reuters. Citigroup says other information such as card security codes, expiration dates and customers’ Social Security numbers are kept elsewhere and were not accessed.

While the FT quoted a Gartner analyst who said that “for the actual breach to happen at a bank is a very big deal,” because banks’ online systems are usually more secure, Federal Deposit Insurance Corp. Chairman Sheila Bair said this morning that banks are frequent targets, according to the Reuters article. Bair said the FDIC may push banks to improve their online-security measures.

On a related note, and in case you missed it: What does happen when your bank gets hacked and your money is stolen? According to a judge’s ruling in one case in Maine, the bank can only do so much. Wired’s Threat Level blog reports that a construction company that fell victim to a password-stealing Trojan on an employee’s computer is out of luck in trying to recover about $300,000 from Ocean Bank. While Magistrate Judge John Rich agreed that the bank could stand to have a more secure authentication system, he said the law does not require it to have such a system, and that its system is comparable to that of other banks.