SureCloud recently partnered with consumer group Which? to provide expert consultancy for the company’s Bank Security Assessment for 2016. SureCloud Cyber Security Consultants Chris Burton and Mark Wardlow were involved in the project, while Security Practice Director, Luke Potter provided expert analysis. The report was included in the November edition of Which? magazine and assessed the security offerings available to online banking customers at the UK’s 11 biggest high-street banks.
Which? selected volunteers that had a current account and used both the online platform and the mobile application at their respective banks, ensuring they had customers of all the major banks. Testing followed a strict set of guidelines and was repeated several times to ensure that testing processes were consistent for each bank. Areas covered in the exercise included login functionality, encryption, account management, navigation and log out.
The SureCloud team provided the expert security and technical delivery consultancy for the review, assessing what capabilities each application had to provide secure communication and functionality to its user base. They also provided analysis of the findings and a steer around the conclusions the article could draw.
One of the main conclusions was that many banks consciously minimalise the security they provide to improve the user experience. As an example, SureCloud found several instances where two-factor authentication had been implemented from a technological standpoint, but was not being utilised during the login process.
The Which? article breaks down the different areas and goes into further detail, and can be found here or in the November edition of the Which? magazine.