Depending on if the financial institution is using an off the shelf software or home-grown application, the risks may vary.

However, merely hacking into the web-hosting server is often not enough to compromise the back-end application, as was the case here.

The banking applications typically have their own security access via firewalls and other application authentication mechanisms.

The real problem comes from phishing when users are duped into giving up their user names and passwords via scam emails.