Consumer watchdog Which? has warned that security weaknesses in banking mobile apps are leaving customers vulnerable to scams and fraud.

Figures from UK Finance show that £15.7 million was reported lost due to fraud via mobile apps in the first half of 2022, while total losses due to online banking fraud were around £61.2 million over the same period.

Which? said that criminals can bypass security measures on banking apps by “shoulder-surfing” to see codes used to unlock mobiles. They can then try similar combinations to access these platforms, add accounts as a new payee, and reset passwords.

While banks should have additional controls to block criminals who gain access to accounts, Which? said that the Barclays app only requires fraudsters to enter debit card details which are stored in the app to add new payees, meaning they did not have to bypass any additional security checks.

“The Barclays app has multiple layers of security, continually undergoing rigorous forms of testing, to provide our customers with the highest level of protection,” said a Barclays spokesperson.

Tests by Which? also found that is easy to reset passwords of certain Lloyds Banking Group apps. Halifax and MBNA required only credit card details stored in the app and a one-time password (OTP) sent via SMS to the same phone number.

Lloyds Bank said that keeping customer money and data safe is a priority, adding that the bank has “robust, multi-later security” across its online and mobile banking services.

The consumer watchdog said it wants banks to stop relying on SMS to send sensitive information and fraud warnings, warning that should a phone be stolen, criminals can view messages or transfer the Sim card.

The watchdog added that banks and telecoms providers need to better explain to customers how they should protect themselves. For example, adding a unique pin and disabling notifications.

Commenting on the news Jenny Ross, money editor of Which?, said: “A lack of strong security protections in some banks’ mobile apps is a huge concern, and could leave many more consumers at risk of being defrauded. Banks must up their game to protect customers. “

She added: “Banks also need to ensure they meet their legal obligations to reimburse customers for unauthorised transactions.”

Share Story: