Virgin Money, TSB and Nationwide bank account holders warned over online security risk

smartphone, apps, mobile phone-5403602.jpg

The study conducted by Which? and the independent security experts at Red Maple Technologies looked at 13 of the biggest account providers to assess their security when it comes to online and mobile banking.

Banks are falling short when it comes to banking cyber security and protecting customers from scammers online, according to Which? consumer experts.

The study conducted by Which? and independent security experts at Red Maple Technologies looked at 13 of the biggest banking account providers to assess their online security.

The assessment looked at four key categories – login, encryption, account management, and navigation and logout – to see which banks have the best protections in place.

According to the consumer group’s study, out of a possible 100% score, the “bottom-rated” banks included:

  • Virgin Money: online 52% – app 54%
  • TSB: online 66% – app 57%
  • Nationwide: online 63% – app 67%

Sam Richardson, Which? Money deputy editor, said: “Banks should not be leaving these open doors for scammers to exploit and must up their game to protect their customers properly.

“By making improvements, such as blocking weak passwords, banks can take an important step in preventing unscrupulous fraudsters from attempting to steal money and personal data from consumers.”

Red Maple said it found a total of six outdated Virgin Money apps with potential vulnerabilities.

Of particular concern, Red Mapl said Virgin Money does not properly block weak passwords or redact phone numbers on notifications, nor does it impose security checks if an account holder wants to make a payment to somebody new, change an email address, or edit a payee’s details.

However, Virgin Media noted “minor” vulnerabilities on three of the web applications and that these will be corrected, the exposed IP address was “under review” and the outdated TLS would be addressed in early 2023.

A spokesperson for Virgin Money told Which?: “The safety and security of our banking services is our top priority, and we are continually monitoring, assessing and improving our security controls.

“A number of the points raised in this research relate to decisions we’ve taken to enhance the digital user experience while ensuring our robust, multi-layered controls remain in place to protect customers’ accounts.”

TSB was found to have a highly lax and outdated approach to password security, and for exposing a potentially vulnerable subdomain to the public internet. It was also docked points for still using SMS-based security, not alerting users to changes, and including phone numbers in new-payee notifications.

A spokesperson for TSB told Which?: “We continue to invest in our online and mobile services – and work with globally leading tech firms to deliver both security and accessibility to our customers. TSB also tracks well across the industry on fraud prevention and we are the only bank that protects its customers with a guarantee to return their money should they ever fall victim to fraud.”

Nationwide was found to have slipped up when it came to notifying customers of changes to details.

A Nationwide spokesperson said: “Nationwide takes the security of its members and their money very seriously. We are never complacent and conduct regular testing of our systems to ensure that we maintain an appropriate level of protection, whilst ensuring a positive user experience.

“We will take the points raised by Which? on board as we continue to evolve our digital services.”

At the other end of the spectrum, Starling scored well across all categories, and was particularly commended for its joined-up approach to online and app security – it uses its app to authorise online logins and alert customers to suspicious activity.

HSBC also performed consistently well, with few issues found on either its website or app.

Which? called for the retail banking sector to do more to improve cyber defences against increasingly sophisticated scammers, and is urging the industry to make improvements that would see weak passwords blocked and a more mature approach to data sharing.

Full list of results:

Online and app:

Starling: online 82% – app 80%
HSBC: online 80% – app 82%
Natwest: online 77% – app 66%
Lloyds: online 75% – app 62%
First Direct: online 73% – app 71%
Barclays: online 69% – app 80%
Santander: online 69% – app 73%
The Co-operative Bank: online 68% – app 63%
TSB: online 66% – app 57%
Nationwide: online 63% – app 67%
Virgin Money: online 52% – app 54%

App only:

Chase: app 70%
Natwest: app 66%
Monzo: 65%

Image by: Pixabay

 

Shopping Cart

Media Kit

    Data Protection

    Personal Data (“Data”) submitted for Media Kit (“Media Kit”), and/or collected in the form of first name, last name, email address and other contact details may be used for the purposes of inviting you to future events and for reaching out to you with content which may be of interest to you. For these purposes, The Digital Banker will share the Data with our associate companies (including event and content sponsors) to promote their products and services. You will also be automatically subscribed as a user on www.thedigitalbanker.com. If you would like to opt-out, email us at [email protected].

    By clicking Submit, you acknowledge that you consent/ have sufficient informed consent to the collection, use and disclosure of Data as set out above.

    The Digital Banker Summit

    Moving on from FTX: is 2023 the year of CBDCs?

    Indonesia, Jakarta

    Thailand, Bangkok

    Philippines, Manila

    Contact Us

      Data Protection

      The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

      Request Nomination Pack

        Data Protection

        The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

        Registration Form

          Data Protection

          The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

          Registration Form

            Data Protection

            The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

            Registration Form

              Data Protection

              The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

              Registration Form

                Data Protection

                The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

                Registration Form

                  Data Protection

                  The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

                  The world’s preeminent Private Banks and Wealth Managers are demonstrating a committed drive in innovation, advisory, new products and services to meet the sophisticated needs of their clients.

                  COVID-19
                  Amid economic activity revival on the back of the Covid-19 vaccine program, organisations moving from business continuity plans to stable working environments, together with the slightest improvement in unemployment numbers, forced the world to adjust to new realities. Coming to terms with the “new normal”, global investors are now on the look-out for attractive and stable investment opportunities.

                  Needs of Private Wealth customers and families worldwide have drastically changed due to the pandemic and banks have had to accelerate efforts to deploy a multi-channel service strategy and safeguard clients’ businesses and wealth against negative impacts of economic uncertainly.

                  The Global Private Banking Innovation Awards will recognise the world’s best private banks, wealth managers and asset managers that are championing innovation across advisory, service, products, customer experience and more.

                  Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 

                  Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

                  Request Nomination Pack

                  Error: Contact form not found.