Natwest has been named the best UK bank for online security by Which? after conducting an investigation of the best and worst in the industry.
The banks investigated for the study were NatWest, Nationwide, Lloyds Bank, HSBC, Barclays, Tesco Bank, First Direct, Yorkshire Bank, Santander, Metro Bank, The Co-operative Bank and TSB.
Natwest topped the list for having the best security systems in place, citing the requirement of a card reader or one-time password for setting up new payees, changing passwords or logging in from a new device, as reasons for its strong position.
TSB, on the other hand, was ranked as the worst of the 12. The research company stated it was the only one of those investigated which failed to log a user out when signing into their bank account from multiple devices. It also did not have certain defences for cyber threats.
Which? brought in online security firm Falanx Cyber to conduct tests on the banks, rating them on the customer-facing security systems. The company admitted there are systems at work behind their operations which cannot be accessed by Which?.
The researcher has reiterated the importance of two-tier authentication as a way of protecting customers. Two-tier authentication is being implemented as a requirement across EU, under PSD2’s Strong Customer Authentication rule.
Originally, SCA was to be imposed back in September 2019; however, after market participants struggled getting their systems ready, it was postponed. SCA is now expected to go live in the UK in 2021.
Which? stated is wants banks to inform customers of any details that are altered. However, while Barclays, First Direct, Lloyds, Nationwide, Metro Bank and the Co-operative Bank, did this, they included phone numbers in the texts.
The company believes if all banks removed url links or mobile numbers in messages, it would be easier for customers to see a fake message.
Barclays has reportedly implemented a new policy prohibiting the use of phone numbers and URLs in customer alerts.
Copyright © 2019 FinTech Global
Copyright © 2018 RegTech Analyst