Skip to main content

Halifax & Abbey Criticised For Poor Online Security

Consumer champion Which? has carried out an extensive assessment of the security systems deployed on the websites of some of the biggest banks in the UK and singled out two of them because of serious security flaws.

Nationalised Halifax and Santander-owned Abbey came out last in a list of ten online banks. According to Which? Computing, the former had a login procedure that can be easily circumvented because it relies on the user typing in data, something that a hidden keylogger software can store and transmit remotely.

Keylogging software, which can have legitimate uses, accounts for a major growth in online banking fraud which more than doubled in 2008, shooting from £22.6 million in 2007 to more than £52.5 million in 2008.

A Halifax spokesman told Skynews that : "The vast majority of our fraud defence is not visible to customers and we deliberately seek to provide security which does not adversely impact our customers' ability to bank with us online."

Still, Halifax along with a number of other banks did not log out customers from their online bank accounts automatically after a session. This means that if they are using a shared computer, someone else could swoop in and use their accounts.

Which? Computing editor Sarah Kidner said that "There are surprisingly big differences between big banks' visible online security systems. Some simple measures, like the use of drop-down menus, could improve safety considerably. The banks may say it’s the hidden security measures that count, but to have real confidence in an online account, customers need to see security in place."

Barclays got kudos for using a number of features that makes its online banking experience safer. Its customers have a PINSentry device which generate a string of random passcode each time which is used to access the account online.

Users also have to use the device to transfer money to third parties, something that should help cut fraud significantly.

Our Comments

Some banks & financial institutions go a step beyond their call of duty. Barclays for example provides all its online customers with free 3-license Kaspersky Antivirus software worth around £25 to protect them. Citigroup-owned Egg calls customers automatically when there is a suspicious transaction.

Related Links

Internet fraud risk 'for Abbey and Halifax customers' (opens in new tab)


Online Bank Accounts 'Vulnerable To Fraud' (opens in new tab)


Banks' online security rated 'poor' (opens in new tab)


Banks criticised for online security (opens in new tab)


Online banking security risks revealed (opens in new tab)


Désiré Athow
Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.