Which? criticises online banking security

Which? criticises online banking security

UK consumer group Which? has accused Abbey and Halifax of employing poor online security measures, leaving customers vulnerable to fraud.

Which? Computing says Abbey and Halifax have "poor" consumer-facing security. Barclays is praised for its "excellent" measures, with First Direct, Lloyds TSB, Nationwide, NatWest and RBS all graded as "good". HSBC and Alliance & Leicester are described as "average".

Which? criticises Halifax for asking three pieces of information to confirm a customer's identity. As each entry is typed in full, this makes the information vulnerable to a simple keylogger, a virus that sits on a computer and tracks every keystroke with the aim of collecting passwords.

Keylogging software played a major part in the doubling of online banking fraud - from £22.6 million to £52.5 million - in 2008, claims Which?

In contrast, Barclays and Lloyds TSB ask customers to use drop-down menus, preventing keyloggers from quickly capturing passwords.

Barclays is also praised for making customers use handheld chip and PIN devices to authenticate their identity at log in and to sign transactions.

The study also criticises Abbey, Alliance & Leicester, HSBC and Halifax for not immediately logging users out when they browse to other sites, meaning someone else could take over the session, leaving accounts vulnerable if accessed on a shared computer.

Which? also found significant differences in how well money transfers appeared to be protected. Abbey, First Direct, Halifax and HSBC have no visible security controls for money transfers, so if a banking session is hijacked, a criminal can enter the amount they want to.

However, Which? only looked at customer facing security, failing to assess back-office measures. A Halifax spokesman told Sky News that the vast majority of its online security is not visible to customers and that this is to make it as easy as possible to use its site.

Sarah Kidner, editor, Which? Computing says: "There are surprisingly big differences between big banks' visible online security systems. Some simple measures, like the use of drop-down menus, could improve safety considerably. The banks may say it's the hidden security measures that count, but to have real confidence in an online account, customers need to see security in place."

Comments: (2)

A Finextra member
A Finextra member 29 August, 2009, 11:04Be the first to give this comment the thumbs up 0 likes

In a January 2009 article in Guardian.co.uk, Which? said :

"Big is not necessarily beautiful, according to a survey of 15,000 bank customers published today by Which?

Once again our findings show that big banks are being left behind by the smaller players, which seem to offer a better service and keep their customers more satisfied."

Smile and First Direct generated the highest customer scores for their current accounts(88% and 85% respectively), followed by Cahoot and Co-operative Bank (82%).

John Lewis and Waitrose scored the highest mark for customer satisfaction with credit cards (90%), followed by Nationwide (87%) and Smile (86%).

Source : Which ?  "


NOTE THAT Barclays scored 51%, Natwest 60%, RBS 62%, Nationwide 76%


A Finextra member
A Finextra member 29 August, 2009, 11:18Be the first to give this comment the thumbs up 0 likes

Concerning previous comment stating that "It's no surprise...", please note that the article "Which? criticises online banking security" does not mention "high-ranking in customer survey".