Internet Guide Logo

Online banking security in the UK

Last Edit: 31/08/18

This page will discuss some of the threats to banking online, that are posed by consumers behaviour.

With banking increasing migrating from the high street to the Internet, what security issues face the consumer? There are multiple threats to banking securely online. Firstly there is the computer used: older operating systems like Windows XP and Vista are no longer updated by Microsoft to fix security issues, and therefore pose a significant risk to banking online. Windows 7 will no longer receive security updates after 2020. Therefore its crucial to use a computer with a modern operating system that is kept up to date; Linux is often lauded as being the most secure of the 'major' operating systems. Next there is the browser used, this should likewise be kept up-to-date and be a browser that is respected for its security. While Windows comes (7,8 and 10) with its own firewall and malware protection, it may be prudent to invest in an anti-virus software package: Avast, Bitdefender, Norton, Bulldog, Kaspersky etc. The next issue related to the computer used is the security of its network; wireless networks pose more issues than a wired connection (ethernet and wireless isolation). Consumers should be extremely careful when accessing a banking site from a computer/network which is not their own: at work or a friends. Key logging software or screen capturing software could be installed on the machine, or colleagues at work could be looking over your shoulder when you are operating the computer. So in conclusion, its essential that the computer/network used is as secure as possible, running malware/virus scans should be a daily-weekly habit. However, no computer/network is 100% secure -- unknown exploits may be discovered -- its just a matter of making the odds of an exploit as slim as possible.

After software/hardware exploits, another security issue comes from attacking human weakness -- targeting people who are unfamiliar with phishing tactics and have a poor grasp of online banking and banking security. Most owners of an email account with be familiar with emails purporting to be from banks asking for sensitive details -- these spam email messages are sent to millions of email accounts and are 'fishing' for an unsuspecting victim. These email messages are often professional, look official, and usually claim there is a security problem with a bank account and the bank requires a username/password etc. Another approach -- which appears to be a growing trend -- is where fraudsters befriend unsuspecting victims via social networking sites and ask for details which may enable them to gain access to a banking account: date of birth, mother's maiden name etc. Finally, some fraudsters will phone people and persuade them to send money to their account. This final strategy is often the most devastating, as banks will rarely compensate people who have authorised a payment themselves. Banks are attempting to educate their customers about these fraud attempts, and as the banks themselves state: they will never ask for a customers online banking details via email. In conclusion, its essential to always keep banking details secret, and never give them to anyone else, no matter how official the person may claim to be. Always verify a payment to a new payee, double check and check again.

Identity theft is another threat to online banking, and one that can be placed outside of a consumers hands -- if hackers have exploited the details of a website shop, then those payment/personal details could lead to identity theft. Some security software suites, such as Avast, in their pro edition, do warn about these exploits. But that knowledge may still not be sufficient to protect an identity. Another threat can come from a source closer to home: sad to say, from friends and family. Paper documents -- bank statements, utility bills, passport, driving license -- are usually within easy access of people who share your home or visit. If there is a trust issue at home, then it may be advisable to place the above documents in a secure location, or dispose of them in a way in which they cannot be retrieved. The Post Office redirection service has also been exploited by fraudsters: who redirect post from a home, steal banking letters, and intercept the Post Office warning letter (that the home's post will be redirected). In conclusion, its important to keep all documents -- that can be used to exploit a bank account -- in a safe place where only you have access.

In conclusion, most banking websites use a very high level of encryption, and most security issues will come from the customers side: insecure computer/networks, lack of knowledge of fraudster phishing attempts, or not keeping documents safe at home. If these three threats can be kept at a minimum, then the risk of banking online should be minimal.