Banks Leave Customers Exposed to Cyber Criminals with Worrying Flaws in Online Security

High street banks in the UK are leaving customers vulnerable to cyber attacks by neglecting their online security, an investigation by Which? has revealed. The consumer watchdog tested the online and mobile security of 15 major current account providers, carried out with independent security experts 6point6. The investigation found that several major banks were allowing customers to set insecure passwords, and many were still using text messages to verify logins, a process that can be compromised by hackers. Online banking fraud has surged during the pandemic, with over £750 million stolen through bank scams in the first half of 2021, a 30% increase from the previous year.

Key Takeaways:

Metro Bank received the lowest security score with 53%, followed by Virgin Money (56%) and TSB (59%), while HSBC scored the highest with 81%.
Six major banks (HSBC, NatWest, Santander, Starling, The Co-operative Bank, and Virgin Money) allowed customers to set passwords using their first name or surname.
Several banks, including TSB, Lloyds, Metro, Nationwide, Santander, and The Co-operative Bank, were found to still be using text messages to verify logins.
Metro Bank, First Direct, and Lloyds' websites were identified as having potential weaknesses that could allow hackers to compromise the server.
Nationwide, TSB, and Virgin Money failed to use software that blocked or quarantined spoof emails sent by potential scammers.
Jenny Ross, of Which?, stressed the need for banks to improve their online security measures to protect customers.

Statistics:

£750 million: The amount stolen through bank scams in the first half of 2021, a 30% increase from the previous year.
53%: The lowest security score received by Metro Bank's online security.
81%: The highest security score received by HSBC's online security.
6: The number of major banks that allowed customers to set passwords using their first name or surname.

Sources:

Which?
UK Finance