Banking Sites And The Popup

Here’s one of those moments when you wonder whether banks have yet got on online security.

The Melbourne Age, reporting from the birthplace of phishing, reports today that customers of Australia’s Westpac bank are getting flummoxed by the appearance of a new pop-up window on its Internet banking page.

The pop-up, according to one user, who spoke to ABC Radio 774, “said she had encountered a pop-up that had a 44-page agreement and she could not log in until she clicked on it. … She told 774 she had been unable to send an email to the Westpac support personnel unless she accepted the agreement.”

Westpac, according to The Age, “said the bank had changed some terms and conditions of its service – favouring customers – and as part of the industry code of practice, it had to get customers’ assent.” It has since put the pop-up on hold.

Good intentions, possibly (although who has ever found a user agreement that favours them over a previous agreement?), but banks have got to get up to speed on the fact that pop-ups are a classic phishing tactic. So adding a pop-up to your site is going to make the savvy customer nervous and the uninformed customer think it’s normal to have lots of pop-ups on a banking site.

Bottom line: Simplify banking sign-ons and reduce the tendency to add stuff — such as pop-up agreements, pop-up ads, indeed any kind of ads before or after signing in that may confuse the user about the authenticity of the site, and, importantly, whether they have safely signed off.

15. September 2004 by jeremy
Categories: Phishing | Tags: , , , , , , , , , , , , , | Comments Off on Banking Sites And The Popup