The Co-operative Bank's odd re-directing behaviour
"Phishing" attacks on internet banking sites have become one of the modern scourges of the web, to the extent that the last two major internet browser releases for PCs both made a song and dance about their anti-phishing filters.
One of the key battlegrounds in fighting this kind of crime is in educating users about the risks posed to them by phishing, teaching them how to recognise it, and how to protect themselves.
For some time now I have been concerned that the Co-operative Bank's internet facility does not give the right messages out to users. I should add that I am a very happy customer of the bank, which I use specifically for their ethical stance, and I don't mean in any way to imply that their internet banking facility is unsafe. However, it does display some very odd behaviour.
The first bit of odd behaviour occurs when you first type in the URL - http://www.co-operativebank.co.uk
What happens is that you get a title bar message indicating that you are being re-directed, even before any on-screen elements have loaded.
Redirecting to Production site
A second strange behaviour happens when you select the personal banking option from their internet banking menu.
As the request is processed, another re-direction is flagged up by the browser:
Redirecting to PBIBS site
I'm sure there are perfectly good technical architecture reasons for building the site this way, but I can't help feeling that getting their customers used to the concept that you frequently get "re-directed" when you are doing online banking will not help in the long term to educate those users about how to spot a phishing attack.
All of which is quite ironic, since having gone from server pillar to post, when you do get to log on to the Co-op's internet banking service, the first thing that greets you at the moment is an anti-phishing warning.
Posted by Martin Belam, November 15, 2006
Read more posts on currybetdotnet about: Web
The views expressed on currybetdotnet are my own, and do not reflect the views of my current or former employers.
Search
About Martin Belam
I'm an Internet consultant and writer, with 8 years experience in product management, information architecture, and user experience design for global brands like Sony, Vodafone, The Guardian and the BBC. I specialise in advising on search, widgets, RSS, online news publishing and bulk email delivery.
Martin Belam CV
email: martin.belam@currybet.net
tel: +44 (0) 7801 828718
About Martin Belam and this site
Recent posts
Recent links
Recent comments
Popular posts
Popular categories
BBC, Doctor Who, Ghost Walks, Media, Music, Newspapers, Search, Web
See all Categories
Contact: martin dot belam at currybet dot net
©2008 Martin Belam where appropriate. Powered by Movable Type. Hosted by Bytemark.
Manufactured in Greece and Great Britain.
3 comments so far
I agree! Just logged on to the co-op site & got the redirected bit. So googled for 'PBIBS' & found your comment. I see you wrote it in 2006. Have you told the co-op about your concerns?
Regards,
Shantiketu
PS I haven't posted my email address here since I don't know what your site is & don't want more spam than I get already.
dont know what url means i cant get my bank details get as far as clicking personal account then nothing
This has intrigued me, as I only came across your blog by the slightest of chances... anyway, I found this too:
http://www.i-tcs.com/case_study/co-op.html