As TSB bosses prepare to publish the results of the inquiry into last year’s disastrous IT meltdown that locked over 2 million customers out of their accounts, the company is facing further questions over its data security after being named as the bank most likely to expose customers to online fraud.
An investigation by Which? into the website security of the UK’s biggest banks has plonked TSB firmly at the bottom of the league, mainly due to the fact that it is the only bank which does not demand two-factor authentication – where customers must enter their password and a one-off code to gain access.
By March 2020, all banks will be forced to introduce this measure for every login, under new “strong customer authentication” regulations.
As if to rub salt into the wounds, however, TSB was also slated for allowing customers to choose relatively simple passwords and for permitting access to accounts from numerous devices at the same time.
The report, carried out by independent security experts at Falanx Cyber, stated: “TSB was the only bank that did not log us out when we logged in from two different computers, which we think should be disabled.”
Overall, the bank got a score of 50%. But Co-op Bank, Metro Bank and Santander did not fare much better, all receiving scores of under 60%.
NatWest was the top-scoring provider on 83%, having tightened security across the board since the last Which? report in February. A card reader or one-time password is required for login – unless customers are using a trusted device – and for changing passwords or setting up new payees.
NatWest was followed by Nationwide, Lloyds, HSBC, Barclays, Tesco Bank and First Direct, which each scored between 75% and 70%.
In response to the report, TSB said: “We take online banking very seriously. Transactions are monitored 24/7 and if suspicious activity is detected, we contact the customer to confirm it is genuine.”
The7stars nets challenging brief from challenger TSB
TSB facing final bill of £230m from data transfer fiasco
‘Woolly mammoth’ TSB is rocked by new online outage
MPs lay into ‘Truly Shambolic Bank’ as TSB chief grovels
Now TSB sends mailing to man who died in November
TSB crisis deepens as bank sends ‘data breach’ mailshot
Shambolic data governance puts TSB back in the dock
Botched data transfer leaves TSB customers fuming