A recent study by a University of Michigan professor found that more than 75% of bank Web sites had at least one security flaw. Prof. Atul Prakash plans to present the study at the Symposium on Usable Privacy and Security tomorrow. The study examined the Web sites of 214 financial institutions in 2006 and found design flaws, according to the university. Among the flaws, 47% of the banks had secure login boxes on insecure pages, according to the study. Criminals could steal information from the pages or create fake pages to get the information. Almost a third of the banks (28%) use Social Security numbers or e-mails as user identification, which is easy for criminals to guess or find out, the study says. Also, 31% of the banks offered to send passwords or statements via e-mail, which many experts do not consider a secure medium. Prakash tells CardLine he has not done a follow-up study to see whether banks have updated their sites but plans to do one in the future. He says banks should simplify their sites to make information more secure and to make it clear to customers when information comes from the bank rather than from a scam artist. "We don't want people to panic and not use online banking," he says. "We want them to be aware of the risks."