Web banks still not protecting customers

Four of the UK's biggest banks have failed to fix a security flaw in their online banking systems that was highlighted by Heise Security a month ago.

  0 Be the first to comment

Web banks still not protecting customers

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The online security expert said last month that several bank Web sites contain security flaws that can be exploited and used by online fraudsters to launch convincing "frame spoofing" attacks.

The Heise study showed how phishing fraudsters could overlay the Web sites of NatWest, Cahoot, Bank of Scotland, Bank of Ireland, First Direct and Link with spoof frames. This allows a fraudster to mimic a legitimate site by inserting a frame within the Web site's window.

But in a statement the firm says Cahoot, Bank of Scotland and First Direct have failed to make their online services more secure despite being alerted to the problem last month. Natwest has taken some steps but Heise says its customers are still vulnerable to attack.

But on a more positive note both Bank of Ireland and Link have since fixed their sites. Bank of Ireland has now included script code that detects spoofed frames and redirects to an error page, says Heise, while the Link site no longer uses frames.

In response to the renewed warning banks have been quick to reassure customers that the problem is being fixed. Rob Skinner at First Direct told reports that the direct bank is updating its security "this week" and is not aware of anyone who has "lost out" as a result of the flaw.

Morag Fleming at Cahoot told reporters that the Web bank has been working on eliminating any potential risk and "will have a permanent fix in place shortly", while Jason Clarke at Bank of Scotland says worked to fix the flaw on the BoS site "should be complete this week".

Sponsored [On-Demand Webinar] Global Workforce Payments: Mastering a world of complexity

Comments: (0)

[New Report] Managing Fraud Risks with Synthetic Data: A Practical Approach for Businesses ServicesFinextra Promoted[New Report] Managing Fraud Risks with Synthetic Data: A Practical Approach for Businesses Services Industry