Q. What do Third Federal, Huntington, Fifth Third and Charter One have that National City, Key Bank, US Bank and Chase don't?
A. An "https" in the address of the webpage where you enter your user name and password to log in to your online account access.
The "s" after the standard "http" means the page is secured using the SSL encryption protocol. All these sites and other online banking sites use SSL to protect your data, starting with the page you're taken to when you log in.
But some banks don't secure the login page itself.
Why is this a problem? Tech Republic explains:
What's actually happening is that Banks are using SSL for encryption, but they're not using it to prove the Bank's authenticity to you the customer. Encryption is useless if you don't know who you're talking to is the entity you're intending to talk to. This means that it's extremely easy to intercept and spoof a Bank that doesn't use SSL login forms. Unsuspecting users will login to a fake online Bank and enter their login credentials which get captured by the bad guys. Once they have it, they can just transfer some money to their own bank accounts.A list of big U.S., Canadian and other banks with their login page security practices is at SecureWebBank.
Here's a quick survey of Cleveland area institutions:
With "https" in the login page address for personal online banking: Third Federal, Huntington, Sky Bank, Charter One, Fifth Third, First Merit, First Federal of Lakewood, Dollar Bank, Park View Federal, Republic.
Without "https" in the login page address: National City, Key, US Bank, and Chase/Bank One.
(Thanks to Geoff Beckman for pointing this out.)