Major UK banks failing to provide adequate security to customers

On behalf of: Steve Mullan, UK Operations Manager, Ilex International

Research conducted by consumer group Which? has highlighted serious concerns over the security provided to customers by a number of major high street banks in the UK. Almost half of the banks tested, failed to provide two-factor authentication -a major security step that could help protect many customers from scams.

Two-factor authentication combines two different types of protection. The first stage usually consists of a password or PIN. The second step involves a third-party device, such as an app or card reader, used to generate a unique code. By requiring just the first stage, many banks are risking serious data breaches, as this step can be easily breached by cyber criminals.

The scarcity of two-factor authentication in the banking industry is down to weak guidance and a lack of regulatory requirements. It’s also less expensive for banks to reimburse victims of online fraud than it is to implement two-factor authentication. Combined with the volume of existing, un-mandated regulations already in place, the focus of investment is not being used to adopt security best practices.

Even with the current lack of regulation governing security standards in the UK banking industry, there is light at the end of the tunnel. A growing number of organisations are making the bold move to implement two-factor authentication, as part of their ongoing identity and access management strategy. They see this as a means of creating a trusted working environment between themselves and their customers or employees.

However, whilst two-factor authentication will reduce unauthorised access to customer accounts, it will not stop customers falling for scams. This remains a crucial issue, due to a lack of education and awareness of scam types and the temptation of financial reward. Banks and businesses need to start working with their customers, better educating them on the risks. The end user needs to understand the important role they play when it comes to the responsibility they have for their own data. Many end users are still duped into handing over account passwords and log in details when receiving an email or call from their ‘bank’ asking for an update or verification. A more secure platform will help banks to expand their reach and uptake of new services that might not have been utilised by their customers before multi-factor authentication.

Two-factor authentication is a very important element when it comes to protecting customers financial accounts, but equally, more needs to be done to educate the end user directly.  Both sides working together will make a positive change to addressing the overall problem.

To find out more about Ilex International’s range of identity and access management solutions, click here.