Home : Security : News

UK banks not fully protecting customers online

Halifax and Abbey have been criticised over their security controls.

By Asavin Wattanajantra, 27 Aug 2009 at 11:11

A number of the biggest banks in Britain have been lambasted for leaving customers exposed to online security risks.

In a Which? Computing report, Abbey and Halifax had weaker visible security controls than other British banks, with Halifax reportedly having “one of the least secure” login procedures.

Halifax online banking asks for three pieces of information to confirm an identity, but a customer has to type each in full, making them vulnerable to a keylogger – a program that could hide in a computer and capture keystrokes.

In a statement issued to IT PRO, a Halifax spokesperson said that most of its defences were not visible to customers.

“There is no relationship between the visibility of fraud defences and their effectiveness in protecting customers,” the spokesperson claimed.

“Any meaningful assessment of a bank's fraud prevention tools needs to examine all systems whether they can be seen directly by customers or not, and we would never release details of these systems to a third party."

Abbey was criticised for only offering basic security, but in defence it claimed that it treated the security of customer accounts with the highest priority and was constantly reviewing and updating its security processes.

The report also found that customers of Abbey, First Direct, Halifax and HSBC were not immediately logged out if they browsed elsewhere, which could leave an account vulnerable on a shared computer.

It warned that these banks appeared to have no security controls for money transfers, which meant that if a bank session was hijacked a criminal could enter any amount they wanted.

Barclays was praised, as it uses drop-down menus rather than typing which could prevent criminals from logging passwords.

It was also applauded for its use of PINsentry, a card reader which customers can use whenever they want to bank online for added security.

In March, UK payments association Apacs revealed that online banking losses due to fraud increased by 132 per cent last year.

Email to a friend

Print this page

< Previous Security : News Next >

1 comments

You need to Login or Register to comment.

Security measures have to be visible according to customers

It’s encouraging to see that Barclays, Nationwide, NatWest and RBS have all performed well in the Which? Computing survey. Since 2007, all have adopted strong authentication solutions, in the form of Home Chip and PIN card readers, and it is evident that such solutions do have an impact on customer confidence and in turn satisfaction. While the move to adopt strong authentication solutions is also based on banks moving towards paperless operations, the survey shows that customers are reassured by tangible measures to erase fraud and increase security. For those banks still considering how they will more effectively secure their online banking operations and improve customer satisfaction, this survey illustrates a clear distinction between those who have deployed visible online security systems and those who haven’t.

By Kristel_Teyras_XIRING on Friday Aug 28

Latest Security Analysis & Insight

Do British police get cyber security?

Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.

More Security Analysis & Insight

Latest Security Reviews

Check Point 2210 Appliance review

Rating:

Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.