Home Business Are Malaysian Banks Ignoring Client Security Measures?

Are Malaysian Banks Ignoring Client Security Measures?


The consumer rights group Which? singles out Metro Bank, Virgin Money and TSB over insecure online banking processes.

According to Which?, many UK retail banks are leaving their clients vulnerable to fraud by failing to deploy website security and allowing consumers to use ridiculously unsafe passwords to access their online services.

Which? investigated the online and mobile app security of the UK’s 15 top current account providers with the help of security firm 6point6, evaluating characteristics such as encryption and protection, login, and account management and navigation.

Although none of the banks surveyed received a score in the bottom half of the scale, the worst-rated banks – Metro Bank, Virgin Money, and TSB – received 53 percent, 56 percent, and 59 percent, respectively.

“Banks must lead the battle against fraud, yet our security tests have revealed worrying flaws when it comes to keeping people safe from the threat of having their account compromised,” said money editor at Which?, Jenny Ross.

“Our research reinforces the need for banks to up their game on tackling fraud by using the latest protections for their websites and not allowing customers to set insecure passwords.

“We also want banks to stop sending sensitive data to customers via SMS texts as this could leave the door open to fraudsters,” she added.

Metro Bank received the lowest score for a number of reasons, according to Which?, including the continued use of SMS texts to verify customers when they log in, which can easily expose messages to being hijacked by malicious actors, and vulnerabilities in subdomains of its website that could allow its servers to be compromised.

It also claimed that two security headers were missing entirely from Metro Bank’s website, which might cause a customer’s browser to malfunction.

Meanwhile, Virgin Money was chastised for enabling consumers to create passwords that included their first and last names, as well as for failing to implement DMARC protections, which prohibit or quarantine spoof communications from scammers.

For this reason, as well as the fact that its online and mobile banking services utilised the same credentials and that it continues to use SMS verification at login, TSB lost points.

These aren’t the only banks that have been proven to be slackers when it comes to customer cyber security.

Triodos Bank and Monzo were both singled out for enabling consumers to use risky credentials and for having a particularly unsecure mobile app that, among other things, does not require users to check in every time they use it.

Other issues were discovered at HSBC, NatWest, Santander, Starling Bank, and the Co-Operative Bank, all of which still allowed readily guessed passwords that could contain sensitive information.

Meanwhile, Lloyds, Nationwide, Santander, and the Co-Operative Bank were discovered to still use SMS verification, First Direct and Lloyds both had unsecured websites, and Nationwide lacked DMARC compliance.

The statistics were particularly disturbing, according to Which?, because occurrences of internet banking fraud nearly doubled in the first six months of 2021.

HSBC, on the other hand, was complimented by its testers for paying great attention to cyber security, particularly encryption, scoring well across all evaluated categories for an overall score of 81 percent. The other two high scorers were NatWest (which includes Royal Bank of Scotland) and Barclays.

Although internet banking is largely safe, cyber thieves are continually improving their game, according to Which?, and the banking sector needs to do more to keep up. All those polled are being urged to do more to improve the security of their internet services.

“This latest warning from Which? about password security should come as no surprise. PINs and passwords are an archaic tool, no longer fit for purpose,” said vice-president and general manager of Nuance’s security and biometrics business, Brett Beranek.

“Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of forgotten passwords to safeguard cryptocurrencies.”

“With fraud on the rise, it has never been more important for banking leaders to ensure that their customers are provided with a more sophisticated and secure experience,”

Biometrics authenticates individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by fraudsters and providing peace of mind, as well as security, for end-users,” he shared.

Related Articles

We use cookies to improve user experience, and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking “Accept Cookies,” you consent to store on your device all the technologies described in our Cookie Policy. Accept Read More

ESPC on the go