Which banks urgently need to address potential gaps in online security regulations that could leave people vulnerable to fraudsters?
The consumer group evaluated the apps and websites of 13 current account providers in January and February 2024 with the help of computer security experts. Researchers at the consumer group tested banking website and app security in terms of login procedures, security “best practices,” account management, navigation, and logout.
They were unable to test the banks’ backend security systems. While all firms in the study used multi-layered security that helps reduce the likelihood of major security breaches, Which? He said he believed some providers at the bottom of the rankings were falling short of the standards customers should expect.
READ MORE: Former Birkenhead MP Frank Field dies aged 81 as family trouble reveals
READ MORE: Amazon’s ‘slimming’ £8 cellulite cream that’s a ‘tummy tuck in a bottle’
TSB Rated 54% by Which? 67% for mobile app security and 67% for online security, the lowest and second lowest scores respectively. Which? He said the bank’s handling of sensitive data meant it could be read by other applications running on the phone. The consumer group expressed concern that the app stores users’ credentials in a way that makes other apps more likely to access them.
Which One Did TSB Tell? He said the issue was under review and a fix “will be considered in the future.” The bank also sent a phone number via text message; Which one? It is said that it can be copied by fraudsters.
“We have removed phone numbers from the majority of SMS alerts; this alert was the last in our update plan to remove the phone number,” TSB told Which?
The consumer group also raised concerns about the TSB’s password requirements, saying users may choose insecure passwords that may be easier for fraudsters to crack.
TSB said: “We continue to strengthen the security of our online and mobile banking while providing customers with a positive and useful user experience. This is reflected in our high app store ratings.”
Which? The Co-operative Bank came last in the online security survey with a score of 61%. In terms of the security of its mobile application, Cooperative Bank ranked second from last with a score of 57%.
He said the bank did not require logging in with two-factor authentication on a test laptop and did not prevent customers from setting weak passwords. Researchers could log in from two different IP addresses at the same time without terminating the old session, and as with TSB, alerts still included phone numbers and security codes sent via SMS.
The Co-operative Bank said: “The security of our customers’ accounts is always our top priority. Our customers can rest assured that we have robust security measures in place to protect them and their money.
“We are constantly reviewing and improving our security controls and will introduce a further set of improvements in 2024 to give our customers peace of mind that they can continue to bank with us safely and securely.”
Which? He said he called on the TSB and the Co-operative Bank to urgently address the issues identified by their investigators. Meanwhile, Lloyds did not log out website users after five minutes of inactivity. Which one did the bank tell? This makes transactions easier for vulnerable customers.
A Lloyds Banking Group spokesman said: “Helping keep our customers’ money and data safe is our priority and we have strong, multi-layered security across our online and mobile banking services to protect against potential cybersecurity threats.
“We employ world-class experts in cybersecurity and continually invest to ensure the right balance between online security measures, customer experience and accessibility.
“Despite being written into the Payment Systems Regulatory Authority’s secure customer authentication regulations, Lloyds Banking Group has advised regulators that we will not be enforcing this for payments and login, given that vulnerable customers and businesses may need longer than this to complete payment transactions.” transaction provided information.
“Logins from new devices are verified through secondary authentication to the customer’s registered phone to ensure the trust of the devices used. With this in mind, there are no devices that the customer does not trust.”
Starling Bank and NatWest/RBS ranked first according to Which? For online security, both scored 87%. The bank that ranks highest in mobile application security is HSBC with a score of 78%.
HSBC posted solid scores for both its app and website, and researchers found no issues with logout or navigation. Which one? aforementioned. It ranked second in Barclays mobile app rankings with a score of 74%, So Which One? It found that it did not address website management issues it identified last year, such as allowing users to access accounts from multiple browsers, IP addresses or devices at the same time.
Which one did the bank tell? It uses other checks to assess the risk profile of devices accessing online banking and plans to add this additional layer of protection towards the end of this year.
Sam Richardson, deputy editor of Which? Money said: “Given that many people are increasingly banking online or over the phone, it is vital that the banks we entrust our money to have the highest level of security protection.
“Whilst our investigation found no significant security issues, there were some areas of concern that we feel the banks in question need to urgently address so that savvy fraudsters cannot exploit loopholes to target innocent victims.
“With fraudsters still relentless in their pursuit of our money and a general election looming, the next government must make tackling fraud a national priority by appointing a fraud minister to work across multiple government departments.”
A spokesperson for industry body UK Finance said: “Fraud has a devastating impact on victims, which is why the banking and finance industry’s primary focus is always on stopping fraud from happening in the first place. To do this, the industry is investing heavily in cybersecurity and data sharing. To detect and prevent malicious actors from infiltrating systems, stealing data and committing fraud.
“As the fraud landscape evolves, banks are updating and strengthening security measures on their platforms to mitigate potential threats while maintaining a positive user experience for customers.
“We encourage our customers to be mindful of potential fraud threats and always use secure passwords and avoid sharing one-time passwords and personal and financial information. If you think you have fallen for a scam, it is important to contact your bank immediately and report Action Fraud.”
Don’t miss the biggest breaking news by signing up to the Echo Daily newsletter here