Online scams net £750m as banks ‘neglect’ security
‘A national security threat’
HIGH street banks are leaving customers exposed to cyber criminals by ‘neglecting’ their online security, an investigation has revealed.
Consumer watchdog Which? said it had uncovered ‘worrying flaws’, including allowing users to set insecure passwords.
It also found weaknesses within the websites and software used by some banks that could be ‘hijacked’ by hackers.
Online banking fraud has rocketed during the pandemic as cyber criminals take advantage of more consumers relying on internet services.
Criminals stole more than £750million through bank scams in the first half of 2021 – up 30 per cent on the first six months of 2020.The industry lobby group UK Finance last year warned the surge had become a ‘national security threat’.
Which? tested the online and mobile security of the 15 largest current account providers.
Carried out with independent security experts 6point6, the four main criteria were encryption and protection, login, account management and navigation.
Metro Bank received the lowest score with 53 per cent, followed by Virgin Money (56 per cent) and TSB (59 per cent). HSBC was found to be the most secure, scoring 81 per cent.
Security flaws were found within the login process of several major banks. Six – HSBC, NatWest, Santander, Starling, The Co-operative Bank and Virgin Money – let customers choose passwords using their first name or surname.
Others were found to still be using text messages to verify when customers were logging in – a process that could be ‘hijacked’ by cyber criminals.
This included TSB, Lloyds, Metro, Nationwide, Santander and The Co-operative Bank.
The watchdog also identified potential weaknesses within the websites of Metro Bank, First Direct and Lloyds, which ‘could allow hackers to compromise the server’.
A further three – Nationwide, TSB and Virgin Money – were found to be failing to use software that ensured spoof emails sent by potential scammers were blocked or quarantined.
Jenny Ross, of Which?, said: ‘Banks must lead the battle against fraud, yet our tests revealed worrying flaws when it comes to keeping people safe from the threat of having their account compromised.
‘Our research reinforces the need for banks to up their game on tackling fraud by using the latest protections for their websites and not allowing customers to set insecure passwords.’
All the banks named said they took their customers’ security very seriously and continued to invest in improving protections.