All the latest UK technology news, reviews and analysis
|
|
|
27 Aug 2009
Consumer rights organisation Which? has criticised the online banking systems of some of Britain's biggest lenders, labelling them insecure in a new report released today.
Abbey and Halifax were singled out as particularly poor. The latter requests users to type in their log-in credentials in full, thus exposing customers to tracking by key-logging software.
The same two banks, along with HSBC and First Direct, were also found to have no visible security controls for money transfers.
Which? also found that users of Abbey, Alliance & Leicester, HSBC and Halifax are not immediately logged out after a session, leaving them vulnerable if they use online banking on a shared computer.
Alliance & Leicester and HSBC were rated as 'average', while First Direct, Lloyds TSB, Nationwide, NatWest and RBS were given a 'good' rating.
Barclays was the only one of the 10 banks surveyed to get a rating of 'excellent'. The company requires all its online customers to use a two-factor authentication system involving a PINsentry device which generates a one-time password for each session.
Users who forget their device must enter a five-digit passcode and two characters from a memorable word.
Tony Dyhouse, director of the government-backed Cyber Security Knowledge Transfer Network, said that banks face a difficult challenge in trying to balance security with convenience.
"Any security measures they incorporate need to be valid on a mobile phone too, as mobile account management is going to be a big part of the very near future," he added.
"Mobiles provide an excellent second-factor identification, but bring the added risk of being lost or stolen."
Dyhouse argued that banks should strengthen password log-in systems by requiring a password consisting of a range of alpha and numeric characters, using drop down menus asking for a random combination of password letters, and ensuring that all information is transmitted in an encrypted format.
Latest stories from Web
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
IT Support Analyst (initial 6 month fixed term) Cirencester...
Java Developer - Graduate / Budding Superstar opportunity...
Solution Consultant - JEE, Support, Project Lead, SQL...
C++ Developer - C++, STL, Boost, Delphi, Concurrency...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Really?
And I quote "Dyhouse argued that banks should strengthen password log-in systems by requiring a password consisting of a range of alpha and numeric characters" As someone who spent many years working on the helpdesk for a large internet bank, I can assure you that this would be self-defeating. People struggle to remember even the most basic passwords and so forcing them to use numbers and letters would result in more people writing down their passwords which is obviously not very secure. By all means advise people to use this format for their passwords but don?t force them to do so.
Posted by: David 04 Sep 2009
Visible security measures bring customer's confidence
It's encouraging to see that Barclays, Nationwide, NatWest and RBS have all performed well in the Which? Computing survey. Since 2007, all have adopted strong authentication solutions, in the form of Home Chip and PIN card readers, and it is evident that such solutions do have an impact on customer confidence and it turn satisfaction. While the move to adopt strong authentication solutions is also based on banks moving towards dematerialisation of their operations, the survey shows that customers are reassured by tangible measures to erase fraud and increase security. Strong authentication solutions are continuing to gain momentum in not only the UK but also wider Europe, for those banks still considering how they will move forward to more effectively secure their online banking operations and improve customer satisfaction this survey illustrates a clear distinction between those who have deployed visible online security systems and those who haven't.
Posted by: K. Teyras - XIRING 31 Aug 2009