Save, make, understand money


Banks need to do more to protect customers from soaring online fraud

Written By:

Major high street street banks have failed to adopt two-factor security steps that could safeguard customers from scams new research from Which? reveals.

A test of 11 high street banks found that only five have adopted the more rigours two-factor authentication to protect customers from bank fraud.

Indeed despite having the technology to do so, Halifax (and Bank of Scotland), Lloyds Bank, Santander and TSB still don’t offer two-factor authentication, with each bank consistently scoring poorly over the four years Which? has been analysing their security measures.

Two-factor authentication is a security process involving two types of ID checks at login – typically combing a password or pin, with a card reader or mobile device that gives you a single-use pass code.

In 2014-15  fraud losses to online banking soared by 64% to £133.5m  and 28% to £323.3m for phone banking. Hackers that are able to penetrate the first level of security at login can access sensitive financial details, which they can use to convince customers they are talking to their bank.

“Online banking is increasingly part of our daily lives an at the same time online scams are becoming more sophisticated,” said Alex Neill, managing director of Which? home and legal. “People can only do so much to protect themselves from fraud, it’s time for banks to shoulder more of the responsibility and introduce extra protections to safeguard customers.”

Neill added: ““The best banks in our test manage to use two-factor authentication without it being too onerous for their customers, so there’s no excuse for others to sacrifice security.”

At the top of the Which? security charts were First Direct, HSBC and Barclays.