Consumer champion Which? has carried out an extensive assessment of the security systems deployed on the websites of some of the biggest banks in the UK and singled out two of them because of serious security flaws.
Nationalised Halifax and Santander-owned Abbey came out last in a list of ten online banks. According to Which? Computing, the former had a login procedure that can be easily circumvented because it relies on the user typing in data, something that a hidden keylogger software can store and transmit remotely.
Keylogging software, which can have legitimate uses, accounts for a major growth in online banking fraud which more than doubled in 2008, shooting from £22.6 million in 2007 to more than £52.5 million in 2008.
A Halifax spokesman told Skynews that : "The vast majority of our fraud defence is not visible to customers and we deliberately seek to provide security which does not adversely impact our customers' ability to bank with us online."
Still, Halifax along with a number of other banks did not log out customers from their online bank accounts automatically after a session. This means that if they are using a shared computer, someone else could swoop in and use their accounts.
Which? Computing editor Sarah Kidner said that "There are surprisingly big differences between big banks' visible online security systems. Some simple measures, like the use of drop-down menus, could improve safety considerably. The banks may say it’s the hidden security measures that count, but to have real confidence in an online account, customers need to see security in place."
Barclays got kudos for using a number of features that makes its online banking experience safer. Its customers have a PINSentry device which generate a string of random passcode each time which is used to access the account online.
Users also have to use the device to transfer money to third parties, something that should help cut fraud significantly.
Some banks & financial institutions go a step beyond their call of duty. Barclays for example provides all its online customers with free 3-license Kaspersky Antivirus software worth around £25 to protect them. Citigroup-owned Egg calls customers automatically when there is a suspicious transaction.