Consumer group slams online banking security

By on
Consumer group slams online banking security

Consumer rights organisation Which? has criticised the online banking systems of some of Britain's biggest lenders, labelling them insecure in a new report released today.

Abbey and Halifax were singled out as particularly poor. The latter requests users to type in their log-in credentials in full, thus exposing customers to tracking by key-logging software.

The same two banks, along with HSBC and First Direct, were also found to have no visible security controls for money transfers.

Which? also found that users of Abbey, Alliance & Leicester, HSBC and Halifax are not immediately logged out after a session, leaving them vulnerable if they use online banking on a shared computer.

Alliance & Leicester and HSBC were rated as 'average', while First Direct, Lloyds TSB, Nationwide, NatWest and RBS were given a 'good' rating.

Barclays was the only one of the 10 banks surveyed to get a rating of 'excellent'. The company requires all its online customers to use a two-factor authentication system involving a PINsentry device which generates a one-time password for each session.

Users who forget their device must enter a five-digit passcode and two characters from a memorable word.

Tony Dyhouse, director of the government-backed Cyber Security Knowledge Transfer Network, said that banks face a difficult challenge in trying to balance security with convenience.

"Any security measures they incorporate need to be valid on a mobile phone too, as mobile account management is going to be a big part of the very near future," he added.

"Mobiles provide an excellent second-factor identification, but bring the added risk of being lost or stolen."

Dyhouse argued that banks should strengthen password log-in systems by requiring a password consisting of a range of alpha and numeric characters, using drop down menus asking for a random combination of password letters, and ensuring that all information is transmitted in an encrypted format.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
  |  Forgot your password?