SERIOUS weaknesses in online banking security systems have been uncovered, according to a Which? investigation.
The consumer group worked with security experts 6point6 to scrutinise online banking safety measures.
Which? said that while online banking is largely a safe way to manage money, it found some of the biggest banks such as Santander, Tesco Bank and TSB, have concerning security vulnerabilities.
Tesco Bank received the poorest rating in the Which? testing. The consumer group said, among other issues, it failed to block testers from logging in to the website from two computer networks at the same time and did not log out testers when switching to a different website.
Tesco Bank told Which?: “The security of our customers’ accounts is always our top priority. Customers can be assured we have robust security measures in place to protect them and their money. Not all of these controls are obvious or visible to customers, but each of them serves to protect customers and all are in line with industry standards. We use the latest technology to protect and manage the security of online banking and our mobile banking app and all our controls are constantly reviewed to ensure they remain fit for purpose, giving customers peace of mind they can bank safely and securely with us.”
TSB finished second from bottom in the test and Which? said it had found issues with the firm’s login process. Which? said the process did not meet new “strong customer authentication” (SCA) regulations that were introduced in March.
A statement from TSB said: “TSB customers who use their mobile app already have SCA and we’re continuing to roll it out for those who use internet banking.”
TSB has its own fraud refund guarantee, which reimburses innocent victims of fraud.
Santander rounded off the bottom three with Which? saying it had found that authentication checks when logging in can be bypassed in some cases.
Santander told Which?: “Santander takes online security very seriously and we invest a great deal in cyber security and fraud prevention and ensuring we protect our customers’ money and data safely and effectively.
Starling Bank came out top in the testing, and Which? said experts found nothing concerning with its recently launched online banking website.
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here