Latest News

Bank security flaws putting customers at risk, warns Which?

By Dalvinder Kular

Security flaws the websites of banks are putting customers at increased risk of falling victim to fraud, according to an investigation from Which?.

Tests conducted by Which? found that some banks were failing to log users out of systems after periods of inactivity, not adequately blocking weak passwords or sending sensitive information via SMS.

The consumer body also discovered that some banks allowed access to accounts from multiple web browsers or IP addresses at the same time, without flagging this as a potential cyber attack.

Other banks were sending customer notifications which included a phone number or a weblink. Which? said that these can be a gift to scammers, who often replicate texts and emails to trick people into calling them or entering their details on a fake website.

Virgin Money ranked the lowest in the investigation, with Which? saying the bank did not adequately block insecure passwords and remove phone numbers from notifications.

Virgin Money also lacked the necessary security checks to pay someone new, change an email address or edit the details of a payee, it said.

A spokesperson for Virgin Money said: “The safety and security of our banking services is our top priority, and we are continually monitoring, assessing and improving our security controls. A number of the points raised in this research relate to decisions we’ve taken to enhance the digital user experience while ensuring our robust, multi-layered controls remain in place to protect customers’ accounts.”

Over 29,100 cases of remote banking fraud were reported to UK Finance in the first half of 2022, this included scammers gaining access to customers’ bank accounts and making an unauthorised transfer of money from the account.

Commenting on the news Sam Richardson, Which? Money deputy editor, said: “Banks should not be leaving these open doors for scammers to exploit and must up their game to protect their customers properly.”

He added: “By making improvements, such as blocking weak passwords, banks can take an important step in preventing unscrupulous fraudsters from attempting to steal money and personal data from consumers.”

    Share Story:

Recent Stories

Apollo Global in talks over stake in Credit Suisse investment bank

Bank security flaws putting customers at risk, warns Which?

Zopa incorporates Experian Boost in credit decision-making


Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

BANNER

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.

Legacy isn’t the enemy: what FSIs can do to keep their systems up and running
In this webinar we will examine some of the steps FSIs have already taken to rigorously monitor and test systems – both manually and with AI-powered automation – while satisfying the concerns of regulators and customers.

Optimising digital banking: Unifying communications for seamless CX
In the digital age, financial institutions risk falling behind their rivals if they fail to unite fragmented communications ecosystems to deliver seamless, personalised customer experiences.

This FStech webinar sponsored by Precisely explores vital strategies to optimise cross-channel messaging through omnichannel orchestration and real-time customer data access.

© 2019 Perspective Publishing     Privacy & Cookies