Major banks ‘not adopting two-factor security’


Many high street banks are failing to protect their customers from online banking fraud because they haven’t yet adopted two-factor authentication, the consumer group Which? says.

It tested 11 banks’ online security procedures and found more than half did not ask their customers to do two-factor ID checks when they logged into their accounts.

Two-factor security is generally agreed to be a safer authentication procedure than a single layer of access security.

Bank fraud is a major problem, with £133.5 million lost to online banking fraud and £323.3 million lost to phone banking fraud in the period 2014-2015 alone.

“And yet many banks are still failing to introduce security steps that could better protect their customers from falling victim to scams,” Which? said.

Two-factor authentication combines two types of ID checks, usually something users ‘know’ – like a password, and something users ‘have’, like a smartphone which they receive a single-use code through.

However, hackers getting through the first level of security at the log-in stage are able to access sensitive financial details before committing fraud.

Alex Neill, managing director of Which? Home & Legal, said: “The best banks in our test manage to use two-factor authentication without it being too onerous for their customers, so there’s no excuse for others to sacrifice security.

“Online banking is increasingly part of our daily lives and at the same time online scams are becoming more sophisticated. People can only do so much to protect themselves from fraud, it's time for banks to shoulder more of the responsibility and introduce extra protections to safeguard their customers.”

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *