Safety gaps in online banking security systems exposed

Mobile Pnone Shopping Online With A Debit Card
Banks have ‘concerning vulnerabilities’ in security that could leave their customers exposed to fraud, according to an investigation by Which? Photo: Getty

Safety gaps in the online banking security systems of some of the UK’s biggest banks have been exposed by a new investigation by consumer group Which?

Banks have “concerning vulnerabilities” in security that could leave their customers exposed to fraud, according to the investigation by Which? and independent security experts 6point6.

The investigation looked at four main criteria: encryption, login, account management and navigation.

Tesco Bank (TSCO.L) received the lowest rating for online security in Which?’s testing, with an overall score of 46%.

Multiple security headers were missing from its webpages, the investigation found. Security headers protect customers against a range of cyberattacks, by telling users’ browsers how to behave when they communicate with the website.

Tesco Bank also failed to block testers from logging in to its website from two computer networks at the same time and also did not log out when switching to a different website or using the forward or back button to leave the session and return to it.

READ MORE: Brits to spend 19 million hours on tax returns

Tesco Bank told Yahoo Finance UK: “The security of our customers’ accounts is always our top priority. Customers can be assured we have robust security measures in place to protect them and their money. Not all of these controls are obvious or visible to customers, but each of them serves to protect customers and all are in line with industry standards.

“We use the latest technology to protect and manage the security of Online Banking and our Mobile Banking App and all our controls are constantly reviewed to ensure they remain fit for purpose, giving customers peace of mind they can bank safely and securely with us.”

TSB finished second from bottom in the ranking with a score of 51%. The bank’s login process did not meet new regulations on “strong customer authentication” (SCA), introduced in March, the research found.

Which?’s ranking for online banking security. Photo: Which?

When Which? reported TSB’s non-compliance to the Financial…