All the latest UK technology news, reviews and analysis
|
|
|
11 Aug 2000
Barclays bank has suffered another embarrassing incident, calling the security of its online banking service into question yet again.
Customers of the high street giant could have been leaving their accounts open to abuse because of a security flaw in Barclays' online banking system.
Further reading
According to the bank, after logging out of the online service, an account can be immediately reaccessed using the 'back' button on a web browser. If a customer accessed their Barclays account on a public terminal, the next user could use this method to view the banking details.
Many other online bank services, including LloydsTSB, NatWest and Smile, ask a user to re-enter their passwords if they try to reaccess the service after logging out.
A Barclays spokeswoman told vnunet.com: "This is not just a Barclays thing, it happens with Hotmail too. We are aware of this, but when customers join the online banking service they are given a booklet and we tell customers to clear the cache to prevent this from happening.
"We take our responsibilities very seriously, and if this means we have to make more changes then we will."
Matt Tomlinson, business development director at IT security consultancy MIS, said: "This really is bad practice. Barclays have given the responsibility for security to the end user. They tell customers in their booklet to clear their cache, but not everyone would know what this means. Do they want to have a generation of people with a high IT knowledge, or do they want it to be accessible to all."
Tomlinson said it would be "very simple" for Barclays to correct the problem. NatWest's online banking service and LloydsTSB have settings that do not allow customers to get back into their online accounts, he said. "It's their responsibility - 100 per cent," he added.
Barclays recently suffered a breach following a system upgrade that allowed customers to view each other's bank account details online.
To clear your cache: For Internet Explorer go to Tools, internet options, advanced, scroll down to security and tick the box that says 'do not save encrypted pages to disk'.
For Netscape Navigator go to Edit, Preferences, Advanced, Cache and click 'clear memory cache' and 'clear disk cache'.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
C++ GUI Developer - Financial Services - London Tech...
This is an opportunity for a bright and talented Java...
C# Application Developer Location : Nottingham...
Experienced Web Developer Wanted for Financial Sector...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?