Online banks still grapple with cyber security flaws, says report computer weekly


Consumer organization which? The websites and mobile applications of some of the UK’s most popular retail banks are riddled with security flaws, putting consumers at risk of becoming victims of digitally enabled fraud, according to a report by Reuters.

Appraised by which of the banks? And security testing experts Red Maple, Virgin Money, Nationwide, TSB and The Co-operative Bank scored lowest for website security, while the most secure services were offered by Starling, HSBC, NatWest and Lloyds. First Direct, Barclays and Santander all scored somewhere in the mid-range.

For mobile app security, for which Red Maple also tested US newcomers Chase and Monzo, the worst scorers were Virgin Money, TSB and Lloyds, and the safest were HSBC, Barclays and Sterling.

Banks found themselves flagged on a number of measures, including failing to block weak passwords, sending one-time passcodes and sensitive data via SMS, and whether or not idle customer browser sessions timed out. Points were also docked to allow account access via multiple browsers or IP addresses simultaneously.


“Banks must not leave these doors open for scammers to exploit and must step up their game to properly protect their customers,” said Sam Richardson, deputy editor at Whyte. Wealth.

“By making improvements such as blocking weak passwords, banks can take an important step in deterring unscrupulous fraudsters from attempting to steal money and personal data from consumers.”

Risky on Virgin

Virgin Money, which whis? It was one of the worst-rated banks in the U.S. 2022 study, scoring only 52% out of a possible 100% on its website and 54% on its app. It was found to have the weakest measures in place. Virgin Money failed on many fronts, but particularly on navigation and logout and account management.

Red Maple said it found a total of six older Virgin Money apps with potential vulnerabilities. Of particular concern is that Virgin Money does not properly block weak passwords or phone numbers on notifications, nor does it put security checks in place if an account holder wants to pay for a new, changing email address. wants, or wants to edit the details of the recipient.

The TSB, which scored 66% for its website and 57% for its app, found an overly lax and outdated approach to password protection and to exposing potentially vulnerable subdomains to the public Internet. It was docked points for still using SMS-based security, not alerting users to changes, and including phone numbers in new payer notifications. Nationwide, which scored 63% for online and 67% for mobile banking, took the turn to notify customers about the change in details.

“The safety and security of our banking services is our top priority, and we are constantly monitoring, assessing and improving our security controls,” said a Virgin Money spokesperson.

“Many of the points raised in this research are related to the decisions we have made to enhance the digital user experience while ensuring our strong, multi-layered controls to protect customer accounts.”

A TSB spokesperson said: “‘We continue to invest in our online and mobile services – and work with leading tech firms globally to provide both security and access to our customers. TSB fraud prevention But we’re well-researched throughout the industry, and we’re the only bank that protects our customers with a money-back guarantee if they ever fall victim to fraud.

A Nationwide spokesperson said: “Nationwide takes the security of its members and their money very seriously. We never settle and regularly test our systems to make sure we are up to date while ensuring a positive user experience. Maintain an appropriate level of security. Who will we take the points raised by? On board as we continue to develop our digital services.

On the other end of the spectrum, Starling scored well in all categories, and was especially praised for its involved approach to online and app security — it allows users to authorize online logins and alert customers to suspicious activity. Uses your app to do this. HSBC also performed consistently well, with few issues found on its website or app.

Which one? The retail banking sector has been called on to do more to improve cyber security against increasingly sophisticated scammers, and is urging the industry to make reforms that block weak passwords, and to share data Would be a more mature approach.

Source


Related News

Samsung Skips Satellite Messaging With Galaxy S23 Series

samsung finally announced the Galaxy S23 series with incremental upgrades over its predecessors, but one of the most anticipated features did not arrive with

Samsung Galaxy S23 vs S22, differences, comparison and which is better

6.1 inches with Dynamic AMOLED 2X technology, 19.5:9 format, FullHD+ resolution of 2,340 x 1,080 pixels, HDR10+, maximum brightness of 1,750 nits, 120Hz

Make WhatsApp calls in less time and with just a couple of taps: this is its new functionality in beta

Almost every week we are discovering whatsapp news. Either as general public features like the proxy connection that was added at the beginning of January or

iPhone 14 Pro Max to have thinner display bezels, new claims leaked

We've already seen a bunch of leaked iPhone 14 schematics that seem to confirm countless design rumours. The iPhone 14 Pro and iPhone 14 Pro Max will have a

Fortify your Samsung S23 with screen protectors and cases from Whitestone Dome Glass

If you're lucky enough to get your hands on the new Samsung Galaxy S23, you'll also need some new protective gear to keep your new device looking flawless.

Samsung Galaxy S23 vs S21, differences, comparison and which is better

The Samsung Galaxy S23 has just been presented as the new Samsung flagship for this 2023. This mobile renews the manufacturer's high-end and presents some