Computer security screen

Major banks hit back at online security criticism




A number of high street banks have hit back at claims that they have failed to adopt more rigorous security steps to protect customers from scams.

On 20th October, consumer body Which? published research alleging that out of 11 high street banks, only five had adopted two-factor authentication at login.

Which? alleged that Halifax (and Bank of Scotland), NatWest/Royal Bank of Scotland (RBS), Metro Bank, Lloyds Bank, Santander and TSB had all failed to offer the extra security.

Alex Neill, managing director of Which? Home & Legal, said: “The best banks in our test manage to use two-factor authentication without it being too onerous for their customers, so there’s no excuse for others to sacrifice security.

“Online banking is increasingly part of our daily lives and at the same time online scams are becoming more sophisticated.

“People can only do so much to protect themselves from fraud, it’s time for banks to shoulder more of the responsibility and introduce extra protections to safeguard their customers.”

However, some of the banks named by Which? have since questioned the validity of the research.

A spokesperson for Lloyds Banking Group (LBG), which represents Halifax, Bank of Scotland and Lloyds Bank, claimed: “We believe the methodology underpinning this research is very limited and over simplistic.

“The findings do not provide an accurate reflection of the highly sophisticated security our customers benefit from that is undetectable in this research.

“We don’t consider the results accurately reflect these factors which have a material impact on how we protect our customers’ daily needs.”

LBG insisted that despite refusing to believe that the findings identified any significant security risks, the group had already addressed a number of points raised in this report and two previous editions.

Meanwhile, a spokesperson for TSB claimed that the bank utilises two-factor authentication for any high-risk activity, such as resetting and changing credentials or initiating a new payment or balance transfers.

The spokesperson added: “It is our number one priority to offer a secure industry-leading banking experience for our customers across all of our products and services, to that end we deploy multiple fraud and security technologies which will not be reflected by this survey.

“While we welcome any report that aims to help better inform and protect consumers when it comes to online security, we do not think the findings of this report offer an accurate picture given the methodology is based only on a single user test across limited functionality.”

Challenger Metro Bank was also quick to point out that it employed two-factor authentication when customers set up a new payee, due to the higher risk involved.

“Protecting our customers is a key priority and we are always looking at new ways to improve security, while making sure they have a convenient online experience,” a Metro Bank spokesperson explained.

“Our systems are also regularly tested by independent experts to ensure they remain safe and secure.”

In a statement, Santander insisted that it had a robust security model, which it claimed is reflected by the low ratio of fraud incidents for Santander compared to the rest of the market based on their market share.

“We continually look to improve and enhance our customer experience,” the statement continued.

“In doing so, we seek to maintain an appropriate balance between customer usability and security.”

NatWest/RBS has been approached for comment.

Leave a comment