Advertisement
Promo

Security threats Toolkit

UK banks failing the security challenge

Dan Ilet ZDNet.co.uk

Published: 15 Apr 2005 13:05 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Internet banks are failing to offer their customers secure online transaction facilities, despite the growing threat of cybercrime.

That is the finding of a study published on Friday that tested 18 UK online banks and found that none were providing customers with supplementary authentication tools on top of usernames and passwords. Thirteen of those banks were susceptible to long-term hacking attacks through the use of password-stealing programs and identity theft scams — sometimes known as phishing attacks.

"The time is right for the FSA [Financial Services Authority] to use its regulatory power to mandate standardised authentication mechanisms for online financial services," said Phil Robinson, chief technology officer at Information Risk Management (IRM), the company behind the study.

"The UK is falling behind the rest of the world and it is the users who are suffering financial loss as well as a growing lack of confidence. The government should consider plans to implement extra factors of authentication as part of the UK national identity scheme," Robinson added.

Online identity theft has become a serious problem for banks and their customers. Last month, it was reported that banks lost £12m last year through online identity theft scams.

IRM said the remaining five banks employed the use of "selective passwords", which ask a customer for only a section of their access code.

"It's not that [those banks] aren't vulnerable, it's that they aren't as vulnerable," said Robinson, warning that selective passwords don't offer complete security. "Some attacks are pretty opportunistic. If the same information is used each time the customer goes into an account, the moment that is logged, that information is immediately exposed."

The FSA's Hong Kong counterpart has issued guidelines that all online banks there must supply customers with two-factor authentication, such as fingerprint readers, smart cards, or one-time password tags.

IRM did not disclose which banks were less secure than others, but tested the following organisations: Abbey National, Alliance and Leicester, American Express, Barclays Bank, Barclaycard, Barclays International, Capital One, Direct Line, Egg, Goldfish, HSBC, Legal and General Pensions, Lloyds TSB, MBNA Europe, Nationwide, Natwest, Norwich and Peterborough Building Society and Yorkshire Bank.

UK banks are preparing to agree on a form of two-factor authentication, according to banking industry body the Association for Payment and Clearing Systems.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
87 out of 188 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

3 comments

  1. As I posted before in the last link it's all about... Samuel
  2. It's not the hackers that are causing all of the m... Ken Knight
  3. Hsbc should have done a charge back and rever... Shireen Shilpa

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:



Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

Post a comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters