My Finance officer doesn't feel secure processing any transactions via the web if they contain names, SSN's, payment, or other sensitive data. Our bank, retirement system, and federal/state agencies all offer supposedly secure web-solutions, but none have convinced him that they are as secure as the dial-up connections we have used for many years.

I have heard within IT that "good" web solutions are actually MORE secure than dial-up lines, but no one has been able to define conclusively what a "good" solution looks like. I looked for a standard (FDIC, SEC, etc?) that I could share with my Finance officer, & he could then ask potential web-partners if they met that standard --- but haven't found any such thing. The best thing I've been able to find is "look for the little lock symbol at the bottom of the screen," but that doesn't feel like a professional IT response I'd want to give to Finance.

Any thoughts or recommendations you guys can share? Thanks a bunch!