Join JAAGNet and Group

SIgn up for JAAGNet & the UKI Group its FREE!!

 

Member Benefits:
_____________________

 

Again signing up for JAAGNet & Group Membership is FREE and will only take a few moments!

Here are some of the benefits of Signing Up:

  • Ability to join and comment on all the JAAGNet Domain communities.
  • Ability to Blog on all the Domain communities 
  • Visibility to more pages and content at a group community level, such as Community, Internet, Social and Team Domain Community Feeds.
  • Make this your only content hub and distribute your blogs to LinkedIn, Reddit, Facebook, Twitter, WhatsApp, Messenger, Xing, Skype, WordPress Blogs, Pinterest, Email Apps and many, many more (100+) social network and feed sites. 
  • Opportunity to collaborate (soon to be  released) with various JAAGNet Business communities and other JAAGNet Network members.
  • Connect (become friends), Follow (and be Followed) and Network with JAAGNet members with similar interests.
  • Your Content will automatically be distributed on Domain and JAAGNet Community Feeds. Which are widely distributed by the JAAGNet team.

Join Us!

JAAGNet Newsletter Signup

Gold Level Contributor
UK consumer watchdog Which? investigation finds worrying gaps in bank security systems

Santander, Tesco Bank and TSB have "serious vulnerabilities" in security that could leave their customers exposed to fraud, according to an investigation by consumer watchdog Which?.

Which? conducted a probe with independent security experts 6point6, scrutinising the online banking safety measures in place across the largest current account providers.

In some instances, it uncovered the potential for scammers to access information which could be used as the building blocks of a sophisticated scam, says Which?, arming a fraudster with enough sensitive information to pull off convincing cons, such as posing as a bank employee to persuade a customer to transfer money from their bank account to a fraudulent one.

Tesco Bank received the poorest rating for online security in Which?’s testing, with an overall score of just 46 per cent.

Researchers found multiple security headers missing from its webpages. It also failed to block testers from logging in to the website from two computer networks at the same time.

In addition, it failed to log out testers when switching to a different website or using the forward/back button to leave the session and return to it.

TSB finished second from bottom with a score of 51 per cent. Among the issues identified in Which? testing, the most serious was the firm’s login process, which did not meet new regulations on ‘strong customer authentication’ (SCA), introduced in March.

TSB has completed the roll out of two-factor authentication for mobile banking users, but has yet to complete the upgrade for Internet banking.

Santander rounded off the bottom three, with a score of 62 per cent. Testing found that authentication checks when logging in can be bypassed if a user designates a device as ‘trusted’. While the firm said it does ask for reauthorisation if it detects unusual activity, there’s no option to view or ‘distrust’ these devices.

At the other end of the table, Starling came out on top, with a score of 85 per cent. Experts found nothing concerning with its recently launched online banking website. This is partly due to limited functionality, as users can only change sensitive data via the app.

Barclays, HSBC and First Direct tied for second spot, with a score of 78 per cent, but had areas for improvement, says Which?.

Although each had strong login measures, testers only needed basic details to recover a Barclays membership number, and could log in using two different computer networks without being ejected from one.

In First Direct’s case, the pre-set security questions for forgotten passwords were too basic, claims Which?, while there was no alert for password changes or new payees and special characters can not be used in passwords.

Which? also asked 6point6 to test each provider’s banking app to identify potential flaws. It checked to see if firms detected testers downloading its app in an emulated device or running it on a rooted device, recently identified as a key weakeness that is being exploited by sophisticated hacking gangs.

Monzo, Nationwide and TSB failed to perform both emulator and root detection, although Monzo disagrees that this exposes its app to security weaknesses and told Which? that root and emulator detection can be unreliable.

Another test was for ‘code obfuscation’, which hides data that could be used by hackers to identify weaknesses or steal sensitive information. Virgin Money was the only bank tested where many ‘function calls’ were clearly visible. Function calls are part of the code that makes an app work and should be hidden to make life harder for attackers who might use the information to hack into a system.

Harry Rose, editor of Which? Magazine, says: “Banks must lead the battle against fraud, yet our security tests have revealed a big gap between the best and worst providers when it comes to keeping people safe from the threat of having their account compromised.

“The serious failings we have exposed with some providers reinforce the need for banks to up their game on scam protections, and for greater transparency and stronger standards on fraud reimbursement to be made mandatory for all banks and payment providers.”
 
Originally published by
Finextra | January 7, 2021
E-mail me when people leave their comments –

You need to be a member of JAAGNet to add comments!

Join JAAGNet

JAAGNet UKI Business - Feeds

JAAGNet UKI Personal - Feed

JAAGNet UKI Blog Archive

See Original | Powered by elink

JAAGNet UKI Video Playlist