An article relating to this blog post on Finextra:
Which? criticises online banking security
UK consumer group Which? has accused Abbey and Halifax of employing poor online security measures, leaving customers vulnerable to fraud.
Today Which? released their survey of online banking security. The results are summarized in their
press release and the full article is in the September edition of
The article found that there was substantial variation in what authentication measures UK banks used. Some used normal password fields, some used drop-down boxes, and some used a CAP smart card reader. All of these are vulnerable to attack by a sophisticated
criminal (see for example our
paper on CAP), but the article argued that it is better to force attackers to work harder to break into a customer’s account. Whether this approach would actually decrease fraud is an interesting question. Intuitively it makes sense, but it might just succeed
in putting the manufacturers of unsophisticated malware out of business, and the criminals actually performing the fraud would just buy a smarter kit.
However, what I found most interesting were the responses from the banks whose sites were surveyed...
Read more at Light Blue Touchpaper...