According to Which? Computing, it seems as if some of the largest banks in Britain have allowed customers’ online accounts to be vulnerable to fraud due to inadequate security.
Experts at Which? Computing say that some banks were found to have significantly weaker security measures to protect online accounts than their competitors. The security provided by Barclays is excellent, but Halifax and Abbey have noticeably weaker safeguards in place for online accounts.
For logging in to an online account, the procedure used by Halifax is one of the least secure. Customers are required to enter three separate pieces of information to confirm their identity each time they log in. A simple keylogger virus can easily record this information by tracking each of the keystrokes made for each account. This is one way that fraudsters can collect passwords and other log in information in order to access accounts.
Online banking fraud has more than doubled since 2008, and keylogging software is to blame. Last year, losses resulting from this type of fraud skyrocketed up to £52.5m, a significant increase from the previous year’s losses of £22.6m.
At Barclays and Lloyds TSB, they use a more secure system of drop-down menus that allow customers to select options from a list rather than keying them in. Keyloggers cannot read information that is not entered on the keyboard. At Barclays, customers who have forgotten their PINsentry device have to input a 5-digit code along with 2 characters from a word that they can remember.
With some online accounts it is unsafe to browse to another site without first logging out of the online banking site. Halifax, Abbey, HSBC and Alliance & Leicester do not automatically log customers out of online banking if they leave the site, meaning that the banking session remains open for another user of a shared computer to take over.
In addition, Which? Computing discovered some notable differences in the level of protection that is applied to money transfers at various institutions. At First Direct, Abbey, HSBC and Halifax, there are no visible security measures controlling money transfers, which means that if criminals are able to hijack a banking session, they can enter any amount they wish.
According to Sarah Kidner, editor of Which? Computing, the differences between visible security measures provided by the major banks are surprisingly vast. Although the banks claim that the hidden security measures are the ones that count, the use of simple procedures such as drop-down menus would help to considerably improve safety and increase the level of confidence customers have in their banks.
Join our 
Comments