HSBC, NatWest, Santander, and Virgin Money customers at risk of fraud claims report

Douglas Ross says restrictions haven't reduced covid numbers

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Millions of customers who use banking apps are being left open to fraud because banks are not doing enough to stop scammers stealing their personal details. Which? has exposed the full list of banks it says need to do better.

It said HSBC, NatWest, Santander, Starling, the Co-operative Bank and Virgin Money are putting their customers at risk because they are letting people choose passwords that include their first name and/or surname.

What’s also worrying is that TSB, Lloyds, Metro, Nationwide, Santander and the Co-operative Bank are still using texts to verify people when logging in.

Which? said this puts people at risk of being hijacked by cybercriminals.

The consumer group also claimed Nationwide, TSB and Virgin Money are not using software to block spoof messages sent by potential scammers.

The report looked at criteria such as encryption and protection, login, account management and navigation.

Pensioners set to lose free bus pass due to state pension changes- who will be eligible? [UPDATE]
‘It’s really archaic’: list of health conditions that qualify for free NHS prescriptions [INSIGHT]
Royal Bank of Scotland scam warning: How to avoid losing thousands in cash [WARNING]

Jenny Ross, Which? Money editor, said: “Banks must lead the battle against fraud, yet our security tests have revealed worrying flaws when it comes to keeping people safe from the threat of having their account compromised.

“Banks need to up their game on tackling fraud by using the latest protections for their websites and not allowing customers to set insecure passwords.

“We also want banks to stop sending sensitive data to customers via SMS texts as this could leave the door open to fraudsters.”

The banks exposed in the report said they were working hard to improve their systems and some points had already been addressed.

Metro Bank said: “Like all financial institutions, we need to remain vigilant to protect our systems and security.”

While a Monzo spokesman said: “We strongly disagree with this assessment.

Given every sensitive action or payment requires a customer to provide extra authentication in the form of a pin or biometrics, the risk associated with remaining logged into the Monzo app is extremely low.

“We take security incredibly seriously and focus on policies and practices that we consider to be safest for Monzo customers.”

What is happening where you live? Find out by adding your postcode or visit InYourArea

Meanwhile, Santander and the Co-operative Bank told Which? they were looking to ensure customers’ passwords were more secure.

Following claims that Nationwide, TSB and Virgin Money were not using software that ensures spoof messages sent by potential scammers are blocked, TSB told Which? it has since introduced this protection.

Virgin Money said it was also in the process of doing this while Nationwide said it has controls in place to protect members.

Source: Read Full Article