Bank of Ireland aware of browser security issue – but say use it anyway

Big Irish companies have often been laggards with their web strategy. But Bank of Ireland’s refusal to acknowledge a problem with the security of its nominated online banking web browser is very disappointing.

To recap: Bank of Ireland is continuing to insist that its thousands of Business On Line banking customers use the newly-insecure, unpatched Internet Explorer for all sensitive transactions.

The bank has reiterated its stance days after countless IT security experts, the US and UK governments and even Microsoft itself warned that there is an unfixed security problem with the internet browser in question.

This security flaw, according to Microsoft, could lead to theft of data or “the complete compromise” of a user’s PC. And the warning is not just theoretical. Microsoft says that “targeted attacks” using the exploit have already occurred. Security firm FireEye has gone further, referring to an “active campaign” by hackers targeting the security flaw.

Until the problem is fixed, virtually all IT security experts now recommend scaling back use of Internet Explorer for sensitive transactions or switching to a rival browser.

But Bank of Ireland is still insisting that its business customers use the threatened web browser in their day-to-day banking.

The Business On Line service remains “only compatible with browser Internet Explorer” according to the bank and “using any web browser other than Internet Explorer . . . will prevent Business On Line from working correctly”.

The result is confusion among Bank of Ireland business banking customers. Should they continue with their daily online banking via Internet Explorer or not?

To be fair to the bank, a lenient interpretation of the bank’s thinking could be that the flaw mostly requires a user to click on a malicious link from an email or instant message or on a dodgy ad. Hence, it should not affect users who only use their browser to visit non-dodgy sites, such as the bank’s Business On Line service.

If this is the bank’s thinking – it will not answer questions on the matter, for some reason – it might buttress its theory that a problem with Internet Explorer is not necessarily a problem for Bank of Ireland. After all, how can it be held responsible for Microsoft and Internet Explorer and international hackers?