Bank security flaws leaving customers open to scammers

Bank security flaws leaving customers open to scammers

Consumer group Which? has uncovered flaws in online banking security systems that could leave customers exposed to fraud, with some banks failing to use the latest protections for their websites and allowing users to set insecure passwords.

With cases of internet banking fraud up 97% in the first half of 2021, the consumer champion is concerned too many banks are still neglecting important security protections.

Which? conducted an investigation with independent security experts 6point6, testing the online and mobile app security of the 15 largest current account providers on a range of criteria including encryption and protection, login, and account management and navigation.

Metro Bank received the lowest score for online security in Which?’s testing, with an overall score of just 53%. It was joined in the bottom three by Virgin Money (56%) and TSB (59%).

Banks must now carry out extra checks to verify customer identity as passwords can be easily guessed or stolen, but Which? found security flaws at several banks during the login process.

Triodos Bank allows customers to set insecure security words, including ‘password’, ‘1234567’ and ‘admin’. The risk is mitigated by a two-factor authentication at login using its physical ‘Digipass’ device, but "there is no excuse for a bank to allow such weak credentials", says Which?.

Six banks - HSBC, NatWest, Santander, Starling, The Co-operative Bank, and Virgin Money - let users choose passwords that include their first name and/or surname. Santander told Which? this is being phased out and NatWest and Virgin Money said they might increase password limitations after the investigation.

TSB, Lloyds, Metro, Nationwide, Santander and The Co-operative Bank also all still use SMS texts to verify individuals at log in, leaving messages at risk of being hijacked by cybercriminals. Santander and The Co-operative Bank told Which? t ..

Support the originator by clicking the read the rest link below.