Some of Britain’s biggest banks appear to be leaving their customers’ online accounts vulnerable to fraud because of poor security, according to Which? Computing.
Research conducted by the consumer watchdog compares log-in procedures, visible security measures and money transfer procedures of banks including Abbey, First Direct, Halifax, HSBC, Barlclays, LloydsTSB, Alliance & Leicester, RBS and Natwest and gives some
interesting results.
In terms of log-in procedures, Abbey and Halifax were both criticised for requiring 3 pieces of information to be entered in full at log-in, making the information vulnerable to a simple keylogger. Barclays on the other hand, were highlighted as an example
of best practise for asking users to verify themselves using a card reader when logging in.
With flaws having been apparent at each stage of the research, Abbey and Halifax were judged as having "poor" consumer-facing security. Only Barclays was praised for its "excellent" measures, while First Direct, Lloyds TSB, Nationwide, NatWest and RBS all
graded as "good" and HSBC and Alliance & Leicester described as "average".
This research really highlights the very real differences that exist between the security levels used by online banking providers and it is clear that some banks still have a lot of work to do in this area.
It is worth noting however, that compared to other forms of online money transaction, the progress made in online banking over recent years has been significant. The introduction of two-factor authentication has been a particularly effective measure and
when Barclays rolled out this system last year, customers using it for online banking experienced no fraud whatsoever. This is reflected in the findings given here, with Barclays being praised for "excellent" measures.
In response to the research, a Halifax spokesman told Sky News that the vast majority of its online security is not visible to customers and that this is to make it as easy as possible to use its site. However, two-factor authentication, a procedure whereby
customers must pass a second layer of identity verification by, for example, using a card reader, prevents keyloggers from phishing for details online. More than that, as a customer facing measure, users can see the security in place and thus have real confidence
in their online account.
It is interesting to note that all three of the UK banks (Barclays, Nationwide and RBS/NatWest) who have introduced CAP 2-factor card reader authentication were rated as excellent or good. With consumer awareness of the importance of security growing and
customer loyalty decreasing, introducing CAP card readers for logon and to verify transactions looks like an obvious way to improve visible security as part of a bank’s customer attraction and retention strategy.