close

Privacy guaranteed - Your email is not shared with anyone.

Is AmSouth's on-line bank web site secure?

Discussion in 'Tech Talk' started by NRA_guy, Jul 7, 2005.


  1. NRA_guy

    NRA_guy
    Expand Collapse
    Unreconstructed

    Joined:
    Jun 20, 2004
    1,704
    0
    Location:
    Mississippi, CSA
    I think AmSouth's on-line bank web site is not secure.

    It is here AmSouth

    Note that the site where you enter your ID and password at the top right is not secure (not "https").

    You type in your ID and password in the "http" site then hit "login". Then it takes you to a secure web site.

    I think the login site should be secure to protect my ID and password.

    I emailed them and got back a "thank you for your comment, we have addressed your concerns" response. But they did not change it.

    I'm concerned.

    Should I be?
     

    Wanna kill these ads? We can help!
  2. EvilGenius

    EvilGenius
    Expand Collapse

    Joined:
    Aug 1, 2004
    76
    0
    Location:
    Austin, TX, USA
    Well, I bank online at Wells Fargo and they do the same thing. I'd like it to be different, but it's not.
     

  3. Toyman

    Toyman
    Expand Collapse

    Joined:
    May 6, 2003
    2,597
    20
    Location:
    West Michigan
    The HTML references https://ibank.amsouth.com all over the place. It redirects to the secure server. My bank does it this way as well as many other sites.
     
  4. NRA_guy

    NRA_guy
    Expand Collapse
    Unreconstructed

    Joined:
    Jun 20, 2004
    1,704
    0
    Location:
    Mississippi, CSA
    Yeah it takes you to a secure web site but only after you enter the ID and password, but you are entering your access info into a non-secure web site.

    PS: Your initial ID for the AmSouth web site is your Social Security Number until/unless you log in and change it. Some folks will never change theirs.
     
  5. David_G17

    David_G17
    Expand Collapse
    /\/\/\/\/\/\/\/

    Joined:
    Oct 7, 2002
    2,046
    0
    yeah, it's secure.

    even though most browsers will throw a caution message, it is.

    it's inside of an iframe, and when you click "log in" it doesn't just send the password and login name as plain text. since it's creating a connection with a secure site it's ok.

    we had the same problem on a banking site i helped build. same issue came up. we even tried packet sniffing to try and hack it. it's secure.
     
  6. jpa

    jpa
    Expand Collapse
    CLM

    Joined:
    May 28, 2001
    7,988
    90
    Location:
    Las Vegas NV
    https://ibank.amsouth.com/tether/ibanklogon.asp

    This is the url for that individual frame of the index page. I'm assuming the main page being straight http is to take the load off the ssl server while still being convenient enough to log in from the main page.
     
  7. NRA_guy

    NRA_guy
    Expand Collapse
    Unreconstructed

    Joined:
    Jun 20, 2004
    1,704
    0
    Location:
    Mississippi, CSA
    OK, thanks, guys.

    I'll stop worrying about it.
     
  8. David_G17

    David_G17
    Expand Collapse
    /\/\/\/\/\/\/\/

    Joined:
    Oct 7, 2002
    2,046
    0
    Apparently others are worried too. I just found this:
    http://news.netcraft.com/archives/2005/08/23/banks_shifting_logins_to_nonssl_pages.html
     
  9. NRA_guy

    NRA_guy
    Expand Collapse
    Unreconstructed

    Joined:
    Jun 20, 2004
    1,704
    0
    Location:
    Mississippi, CSA
    Hmmm. So the big banks are sacrificing my banking security for their profit margin.

    Hard to believe, huh?

    Thanks.