Report Identifies Weaknesses in Online Banking Security

Report Identifies Weaknesses in Online Banking Security

Some UK banks are letting their customers down with poor authentication and web security issues, according to a consumer rights group.

Which? once again teamed up with independent security consultants 6point6 to appraise the “front-end” security of 15 current account providers. It looked at four criteria: encryption and protection, login, account management and navigation.

The report found that, while all lenders followed strong customer authentication (SCA) rules as laid down in European banking regulations, some exposed their customers to SIM swapping attacks.

That’s because they used two-factor checks using SMS, which hackers can intercept if they have tricked the victim’s network operator into transferring their mobile phone number to a SIM under the attacker’s control.

Lloyds, Metro, Nationwide, TSB, Santander and The Co-operative Bank all dropped points in the tests for this, although the latter two claimed they’re “looking to move away from SMS,” according to Which?.

The report also highlighted issues with insecure passwords.

“We were shocked to find that Triodos lets customers set insecure security words, including ‘password’, ‘1234567’ and ‘admin.’ The risk is mitigated by a two-factor authentication at login (using its physical ‘Digipass’ device) but there is no excuse for a

Read More: