Banks’ security f laws leaving you vulnerable to online fraud
HIGH Street banks are opening the door to fraudsters by failing to adopt effective security around online banking, it was claimed last night.
The criticism comes from Which? amid a 64 per cent increase in online banking fraud last year, taking it up to £133.5 million. At the same time, phone banking fraud rose by 28 per cent to £322.3 million.
The scandal is hitting customers in the pocket as banks try to pass on the cost of fraud – which they could and should prevent – to victims.
Which? has launched a super complaint with the Payment Systems Regulator over claims the banks are failing to protect customers duped into transferring money from their accounts to fraudsters. In the majority of these cases, the banks wash their hands of responsibility, leaving victims penniless.
The consumer group says some banks have failed to implement two-factor security steps that can help keep online accounts safe. Two-factor authentication at log-in combines two different types of ID checks – typically something you know, such as a password or PIN, with something you have, such as a card reader or a mobile phone or device on which you get a singleuse pass code.
A Which? test of 11 high street banks found that only five have adopted two-factor security checks. It named and shamed Halifax, Bank of Scotland and Lloyds Bank, which are all part of the same group, along with Santander and TSB as scoring poorly on security over a number of years. It said none of these banks offers two-factor authentication at log-in, despite having the technology.
The research, which involved the security consultancy SureCloud, also tested online secuAlex rity features at different stages, including logging in via a browser, adding a new payee and transferring money, and password complexity requirements.
Best for online banking security are First Direct, HSBC and Barclays. First Direct and HSBC have introduced customer voice recognition for their telephone banking customers. Which? spokesman Neill said: ‘The best banks in our test manage to use two-factor authentication without it being too onerous for their customers, so there’s no excuse for others to sacrifice security.
‘Online banking is increasingly part of our daily lives and at the same time online scams are becoming more sophisticated.
‘People can only do so much to protect themselves from fraud – it’s time for banks to shoulder more of the responsibility and introduce extra protections to safeguard their customers.’
The Lloyds group challenged the validity of the Which? criticism, saying: ‘The findings do not provide an accurate reflection of the highly sophisticated security our customers benefit from that is undetectable in this research. We don’t consider the results accurately reflect these factors which have a material impact on how we protect our customers’ daily needs.’
TSB said: ‘Customers are at the very forefront of everything we do at TSB, and we take their safety and security very seriously. It is our number one priority to offer safe and secure banking facilities for our customers across all of our products and services.
‘To achieve this we maintain complex and multi-layered fraud prevention controls which will not be visible to the customer – or reflected in this survey. We continually review and improve our services to ensure they remain robust and fit for purpose.’
Santander said: ‘We continually look to improve and enhance our customer experience. In doing so we seek to maintain an appropriate balance between customer usability and security.
‘Our security model is robust and this is reflected by the low ratio of fraud incidents compared to the rest of the market based on our market share.’
‘Safeguard customers’