Thales Blog

Online Banking Security: What Went Wrong? And, How Can We Fix It?

January 4, 2010

Whilst the outlook for face-to-face security in 2010 looks set to be fairly rosy, the same cannot be said for UK online banking. Despite the initial decline in fraud following the roll out of card readers, 2009 saw an increase in this type of fraud. Financial Fraud Action UK suggested that online banking fraud had actually risen by 55 per cent in the first half of 2009.

As with the migration to EMV by some regions, the adoption of two-factor authentication by some banks may have left those without this technology more vulnerable to fraud as criminals now know who to target. As a result, attacks can be focused on those customers without access to two-factor authentication technology and this may have resulted in an increased number of successful attacks.

Without two-factor authentication technology, consumers are left open to phishing and other malware attacks that target vulnerabilities in customers’ PCs. Which? Computing judged banks without this technology, such as Abbey and Halifax, as having “poor” online security. Both banks require three pieces of information to be entered in full at log-in, making the information vulnerable to a simple keylogger that captures keystrokes or even characters picked from a drop down list to be used later by the fraudster to gain access to the account. One way for all banks to protect their customers and stem the rising tide of fraud would be for them all to roll out two-factor authentication technologies to their customers in 2010.