I do some of my internet banking through BNP Paribas. Today I was greeted with this message:
The flash notice isn’t such a big security risk on its own but from a banking site I’d expect they would be more careful by
– informing users that a (useless) banner requires Flash on your computer (Flash being a popular attack vector is good for gaming sites, from a banking site I’d expect something else)
– informing users upfront what ‘Profacts.be‘ is about and a detailed explanation on what kind of data they are sharing with that partner (“Profacts is a market research agency” does not sound the kind of agency I’d be happy to share my data with, a banner with ‘gegevens blijven volledig vertrouwelijk’ isn’t sufficient)
You get these kinds of notices often when you visit newspaper or general interests sites and that’s fine. However when visiting a banking site ‘everything’ that might raise suspicion or confusion should be avoided.