Thales Blog

Online Banking Security: An Opportunity To Stand Out

September 28, 2009

Some of Britain’s biggest banks appear to be leaving their customers’ online accounts vulnerable to fraud because of poor security, according to Which? Computing.

Research conducted by the consumer watchdog compares log-in procedures, visible security measures and money transfer procedures of banks including Abbey, First Direct, Halifax, HSBC, Barclays, LloydsTSB, Alliance & Leicester, RBS and Natwest and gives some interesting results.

In terms of log-in procedures, Abbey and Halifax were both criticised for requiring 3 pieces of information to be entered in full at log-in, making the information vulnerable to a simple keylogger. Barclays on the other hand, were highlighted as an example of best practise for asking users to verify themselves using a card reader when logging in.

With flaws having been apparent at each stage of the research, Abbey and Halifax were judged as having "poor" consumer-facing security. Only Barclays was praised for its "excellent" measures, while First Direct, Lloyds TSB, Nationwide, NatWest and RBS all graded as "good" and HSBC and Alliance & Leicester described as "average".

This research really highlights the very real differences that exist between the security levels used by online banking providers and it is clear that some banks still have a lot of work to do in this area.

It is worth noting however, that compared to other forms of online money transaction, the progress made in online banking over recent years has been significant. The introduction of two-factor authentication has been a particularly effective measure and when Barclays rolled out this system last year, customers using it for online banking experienced no fraud whatsoever. This is reflected in the findings given here, with Barclays being praised for "excellent" measures.

In response to the research, a Halifax spokesman told Sky News that the vast majority of its online security is not visible to customers and that this is to make it as easy as possible to use its site. However, two-factor authentication, a procedure whereby customers must pass a second layer of identity verification by, for example, using a card reader, prevents keyloggers from phishing for details online. More than that, as a customer facing measure, users can see the security in place and thus have real confidence in their online account.

With customer loyalty decreasing, banks must work harder to retain customers; at the same time security awareness amongst consumers is growing. By ensuring security measures are as advanced and as visible as possible, banks really have an opportunity to differentiate themselves from the competition.