A survey conducted by Which? revealed that 4 of the biggest high-street banks were the poorest for online security.
Photo courtesy of Wikimedia Commons
TSB has been named the worst bank for online security, followed closely by Santander, Lloyds and Halifax. The consumer group, Which?, took the top 11 banks in the UK and analysed their security measures.
Those that came out on top were found to use two-factor security systems. This authentication combines two types of ID checks – usually a password or pin that you already know with a single-use pass code that is sent to your mobile or device.
Most banks have the technology to use a two-factor system, but according to Which? only 5 out of the 11 banks surveyed actually have it in place.
Mike Ahmadi, Global Director of Critical Systems Security at Synopsys, said: “There are an infinite number of ways to misuse a system, and that makes cybersecurity a very challenging problem to solve. Organisations need to deploy automated testing tools in order to quickly enumerate vulnerabilities and “shrink” the issues down to a manageable size of the most common or likely issues, so security teams and developers can better prioritise what needs to be addressed.”
Some banks choose not to use the advanced security systems due to fear of it being a pain for customers.
Stages of the online system
The survey analysed the online security over multiple stages of the banking system. They looked at logging in via a browser, adding a new payee and transferring money. It also looked into password complexity requirements, navigation and the logout process.
Graham Cluley, computer security analyst, said: “Fortunately banks have a long history of protecting themselves against thieves, they invest heavily in IT security, and so they are usually some of the most secure online organisations.
But it always pays to be cautious. Be careful not to choose passwords that are easy for an attacker to guess or work out (such as your dob or wedding date). Don’t be afraid to answer security questions dishonestly (for instance, don’t tell the bank your mother’s real maiden name) and choose unique, hard-to-crack passwords (ideally with a password manager).”
‘Safeguard us from Scams’ Campaign
Which? have set up a campaign that aims to push banks into taking further action to protect its customers from being scammed. With more than 5 million scams a year, the consumer group are keen to examine whether banks are taking enough responsibility when their customers are defrauded.
They currently have a petition to try and encourage the government and financial regulators to face the issue of online scamming head-on.
Leeds Hacks conducted a poll on Twitter to find out how many people use the same password for every account they have and the results came back as expected.
Do you use the same password for everything? #journorequest
— Philippa Challis (@PhilippaChallis) October 21, 2016
Most people said they used variations of the same password for their different accounts. Those who choose different passwords for their accounts scored the least votes.
When you sign up for a new account you are usually recommended to choose a completely new password that contains at least one capital letter and a number. This poll shows that the majority of people stick to a password they already have, or a similar one, possibly because they know they will remember it.
But as the Which? survey points out, you can’t ever be too careful, so maybe it’s worth rethinking your security details.
By Philippa Challis