In association with heise online

26 June 2007, 17:43

UK public dissatisfied with banking security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In an unpublished study for Unisys, the Ponemon Institute surveyed the attitudes of 697 UK citizens to banking security and safety. Apparently over 70 per cent of customers find their bank untrustworthy, and internet banking is the least trusted. Banks with no high street presence fared worst, with the two at the bottom of the trust scale being internet-only banks. Although the sample was small at 679 respondents, this fits well into a developing picture of general discontent with banking security for the ordinary member of the public. For example, although many customers are now prepared to use hardware two factor authentication devices that generate one-time access tokens, most banks still reserve these for business or high transaction volume customers only.

Unfortunately these feelings are not just irrational fears but do to some extent reflect reality. In autumn 2006 heise Security conducted a test of the security of online banking sites and found that major online banking sites including those of NATWest, Link, Cahoot and the Banks of Scotland and Ireland were vulnerable to Frame Spoofing -- a very basic security issue known for almost a decade. The Bank of England and UBS were shown to be vulnerable to Cross Site Scripting attacks. Both vulnerabilities provided easy means for counterfeiters to manipulate online banking sites into almost perfect phishing traps.

However, in addition to insecure IT, poor privacy and non-technical leaks of customer information featured among the issues that reduce trust. There is an apparent groundswell of public concern in the aftermath of several high profile breaches, not all of which were high tech. Not only has phishing reached significant proportions (not infrequently assisted by similar-looking genuine promotional emails from the banks themselves), but there have been several instances of banks committing basic information management errors such as dumping unshredded customer paperwork into publicly accessible waste bins.

Interestingly, another recent data breach study by Ponemon (this time in the USA) showed that there the greatest concern seems not to be banking security but leakage of medical and welfare information. Chacun   son goût.

also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit