UK banks outed on security
By Guy Matthews,
Several major UK high street banks have been forced to review the security of their customer web sites following the exposure of flaws on the Internet.
Heise Security, a publisher of security information for businesses, alerted its readers to serious security vulnerabilities in the customer-facing web sites of several UK banks.
It warned of methods that criminals could easily use to send phishing emails to users via the banks' sites, without banks ever being aware of any attack.
Heise claims it was able to prove that the web site security of NatWest, USB, Cahoot, Bank of Scotland, Bank of Ireland, First Direct and Link could be bypassed.
As a result of the published warnings, both NatWest and USB have already moved to improve site security, with others expected to follow suit.
Heise says that many banks are running vulnerable sites in spite of several years' worth of warnings about identity theft and phishing. It cited HSBC, Barclays and the Halifax as banks which passed its test.
Banks are now starting to take the issue of web security more seriously, says Alistair Newton, principal banking analyst with Gartner. "Banks are, for example, taking more care to authenticate the customers that come to their sites," he says.
"They realize that to be sure of customer's identity, they need more than just a user ID name and password. They now often add in the need for a one-time password generated by a token given to the customer by the bank."
He says security is important not just for banks to be sure of who is on their sites, but also for customers to be reassured that someone who has captured their name and password will still not be able to pose as them if they fall prey to a phishing scam.
"As always with security, there's no one solution that fits all problems," says Newton. "It's something banks will need to keep on updating. But of course if you have too many layers of security, then you start to put people off."
advertisement
Latest Internet Features
Blogging for business
Enterprise blogging has survived the fad stage. Managed properly, it can be a communication hub as well as being a revenue generator and money saver.
- Social networking in business and branding
- Internet search secrets
- Big IT for CERN's particle smashing experiment
- The saga of Scrabulous
- Q&A: Motorola's enterprise VP John Coon
- IT around the world: Russia
- Q&A: Orange's devices chief Francois Mahieu
- Q&A: Plusnet's Neil Armstrong
- Chinese web control an Olympic challenge for tech firms
Latest Internet Reviews
Fortinet FortiGate-3810A
Rating: 
advertisement
Latest News Videos in Internet
Video: Q&A with Easynet Connect's Chris Stening
PlayIT PRO spoke to Chris Stening, managing director of Easynet’s SME division, about whether ISPs are giving businesses the service they deserve.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?