A number of new players have emerged in the banking scene who are actually using the Internet as their primary and perhaps only channel for banking. So these players can start from scratch and have the Internet as their most important channel. Are these guys any better than the traditional banks that are offering Internet banking to make sure they don't loose market share previously allocated to their more traditional channels?

If you said "NO", you are correct. Their model is the same, though they put up an even bigger dog and pony show to convice you of their knowledge on the topic of Internet security. The failure to address the home PC as part of the overall system only shows that these people do NOT understand that security is only as good as the weakest link. Let's visit a few banking sites to see what they say about the security of the models they use...

In visiting: www.banking.com, I found a model not only with the flaw I expected (totally ignoring client side security issues), but that leaves the web server open to attack more than one would expect. The model employs TWO firewalls to create a "three tier" model for the purposes of security. It has done a good job of segmentation of functionality to isolate the actual customer data from the Internet. It does this by breaking up user interaction (handled on the web server), business logic (handled on the application server) and data (handled on the database server). The customer talks to the web server (through an SSL tunnel) and the web server is the only one allowed to talk to the application server (enforced by a firewall). The application server is the only one allowed to talk to the database server (enforced by a firewall again). There is no firewall to assure that the only interaction between the Internet and the web server is SSL traffic comming from customers however.

Online Banking System Security

A trip to some other "NetBanks" or "Internet Banks" reveals that this is the model endorsed by Flagship bank, National Bank of Commerce, First National Bank of the Internet, First Flag Bank, Permanent Federal Savings Bank, Peoples Bank & Trust, The National Bank and many others. Wingspan bank uses a similar model and also ignores client side security issues telling the consumer that the way to protect your passwords is not to share them and to logout.

Where does it end? Wingspan has even sited the Better Business Bureau Online (http://www.bbbonline.com), which it says "stated that consumers need to understand 'that the Internet is a safe, reliable place to conduct business'." But is your home PC? At least bankonline.com states "you agree that use of the FSC is entirely at your own risk and that the service is provided "as is" without warranty of any kind".