Online banking customers are being left exposed to some worrying fraud risks, according to a new report from Which? The consumer group urged providers to "up their game" by using the latest protections for their websites and not allowing customers to set unsecured passwords after it conducted an investigation with security experts 6point6, testing the online and mobile app security of 15 major current account providers on a range of criteria, including encryption and protection, login, and account management and navigation.
The research found that six banks - HSBC, NatWest, Santander, Starling, the Co-operative Bank and Virgin Money - allow people to choose passwords that include their first name and/or surname.Santander told Which?
this is being phased out, while NatWest and Virgin Money said it might now increase password limitations.TSB, Lloyds, Metro, Nationwide, Santander and the Co-operative Bank also used texts to verify people when logging in, leaving messages at risk of being hijacked by cybercriminals, said Which?Santander and the Co-operative Bank told Which?
they were looking to move away from this.Which? also claimed Nationwide, TSB and Virgin Money were not using software that ensures spoof messages sent by potential scammers are blocked or quarantined by someone's email provider.TSB told Which?
Read more on dailyrecord.co.uk