Consumer body Which? Has rated 11 UK banks based on the security of their online banking.
Which? Asked volunteers with current accounts at 11 high street banks to perform a series of tasks, with security experts then rating the customer-facing safeguards. In what may come as a shock to many a security expert, only five of the UK banks rated had two-factor authentication at login. Those banks were Lloyds Banking Group (Lloyds, Halifax, Bank of Scotland), Santander and TSB.
CBR takes a look at the rankings, with expert commentary on the failings exposed by the scores.
TSB only received the lowest ranking of 56%, ranking the worst for logging in. The log in of banks was rated on whether two-factor authentication was involved, as well as the other information required to log in and password complexity. Which? also looked at the process required for resetting a forgotten username or password.
Gabriel Wilson from Rivington Information Security said:“The scarcity of two factor authentication in the banking industry is down to weak guidance and lack of regulatory requirements. It’s also less expensive for banks to reimburse victims of online fraud, who have had their accounts compromised, than it is to implement two factor authentication. When these factors are combined with the sheer volume of existing regulations already in place, many not mandated, the focus of investment is not being used to adopt security best practices.
“However, two factor authentication is only part of the solution. Whilst it will reduce unauthorised access to customer accounts, it will not stop customers falling for scams. This remains a crucial issue, due to a lack of education and awareness of scam types and the temptation of financial reward.”