Recent findings by the consumer advocacy group Which? have highlighted critical gaps in the online banking security protocols of a number of UK banks. This comes after a detailed assessment involving security experts scrutinising the apps and websites of thirteen banks in 2024. The study focused on login procedures, adherence to security best practices, account management, navigation, and logout processes.
Vulnerabilities in Mobile and Online Banking
Which? discovered significant vulnerabilities that could potentially leave customers exposed to online fraud. For example, TSB scored the lowest in mobile app security at 54% and second lowest in online security at 67%. Researchers pointed out the app’s tendency to store user credentials insecurely, making it easier for fraudsters to access data. In response, TSB acknowledged these concerns and indicated plans for future security enhancements.
Additionally, the report highlighted that the insufficient encryption measures and lack of identity verification processes contribute to the security gaps. TSB’s plan to overhaul its security includes enhancing encryption levels and introducing rigorous authentication procedures to better protect user data.
The Co-operative Bank’s Security Shortfalls
The Co-operative Bank also displayed concerning weaknesses. It received the lowest rankings for online security with a score of 61% and 57% for its mobile app.. Crucially, the bank failed to implement two-factor authentication consistently and allowed users to set weak passwords. This could facilitate unauthorised access to user accounts, posing a significant risk of phishing and other forms of fraud.
Their approach to security lacks the necessary layers of protection that modern cybersecurity protocols recommend. Such as biometric verification and real-time monitoring for unusual activities. Strengthening these areas could drastically reduce the bank’s vulnerability to fraud and protect its customers from increasingly sophisticated online threats.
Lloyds Approach to Customer Security
Lloyds Banking Group gained recognition for its accommodating approach towards vulnerable customers by choosing not to enforce automatic logout. While this decision enhances accessibility, it also raises concerns about the potential for unauthorised access if a user’s device is left unattended.
This policy could incorporate additional security checks that do not compromise customer convenience. Such as contextual behavioural analysis, to detect and respond to irregularities in user activity without disrupting the user experience. Implementing such measures could ensure that usability does not compromise customer protection, maintaining security while still catering to the needs of all users, including those considered vulnerable.
Best Practices in the Industry
Contrastingly, Starling Bank and NatWest/RBS were highlighted for their robust online security measures, each scoring an impressive 87%. HSBC topped the mobile app security rankings with a score of 78%, demonstrating effective logout and navigation security protocols. Barclays, despite being ranked second in the mobile app category with a score of 74%, was advised to address issues related to managing account access across multiple browsers and devices.
In response to these findings, UK Finance emphasised the banking industry’s commitment to eliminating fraud. The organisation highlighted the sector’s significant investment in cybersecurity and data-sharing initiatives aimed at detecting and preventing fraud. Customers are urged to report any suspicious activities to their banks and to Action Fraud to help improve the overall security landscape.
A Call to Action
The recent insights from Which? not only shed light on the pressing issues of online banking security but also call for a concerted effort from banks and the upcoming government to prioritise fraud prevention. With the increasing reliance on digital banking solutions, enhancing online security protocols is not just a necessity but a responsibility for financial institutions to ensure the safety and trust of their customers.
The Which? report underscores the necessity for continuous improvement in digital banking security. As fraudsters employ increasingly sophisticated methods to exploit any available vulnerabilities, maintaining high-security standards becomes crucial. Banks must urgently address the identified security gaps to protect their customers from potential scams and financial losses.
Making Changes
It should come as no surprise that newer banks like Starling scored higher on this report compared to their more established counterparts. New entrants in the banking sector benefit from the hindsight of observing the missteps of traditional banks. Additionally, these modern banks often cater to a younger demographic, necessitating a strong emphasis on digital interfaces such as websites and apps. This focus aligns well with the tech-savvy preferences of their target audience, driving the need for robust, user-friendly, and secure online services.
These findings likely won’t surprise the banks themselves, which regularly grapple with the consequences of security vulnerabilities. Many industry insiders are already aware of which banks maintain secure platforms and which do not. With the publication of these security assessments, the expectation is that banks will heed the call to address and rectify the highlighted issues. Although past trends might suggest a slow response to implementing necessary changes, there is a hopeful sentiment that this time, banks will act promptly to enhance their security measures, thereby safeguarding customer data and trust more effectively.
