Customers set to clash with banks over new security measures

A love of convenience puts Brits at greater risk from fraudsters

Kate Hughes
Money Editor
Tuesday 05 February 2019 14:13 GMT
The National Cyber Crime Unit has revealed that some hackers are offering ‘cybercrime as a service’, and have created a marketplace where gangs can bid for targets to be attacked
The National Cyber Crime Unit has revealed that some hackers are offering ‘cybercrime as a service’, and have created a marketplace where gangs can bid for targets to be attacked (Reuters)

One in five people – more than 11 million – were defrauded via their credit card alone in the last year.

In nearly half of fraud cases, banking customers never got their money back – losing an average of £800 each, or more than £4bn in total over just 12 months, according to data from

It’s the latest in a steady stream of worrying stats pointing to the growing risk of cybercrime robbing us of our hard earned cash.

The reasons we become the victims of fraud can be complex and unclear, with the blame laid at every possible door including our own.

But last week an investigation by Which? warned that fewer than half the UK’s banks were doing enough to protect their customers from hackers.

In an age of smartphone and online banking ease, the consumer group warned that few of 12 biggest banking brands were getting the balance right between security and convenience.

Only five of the banks with the largest number of current account holders used the well established two-factor authentication at login, for example – the requirement to key in a password and one other piece of key information that makes life significantly harder for hackers.

The problem, it seems, is that we want our money to be safe but we also want to be able to get to it easily without having to give our banks a whole heap of valuable and private personal information.

The issue isn’t going away anytime soon. In fact, the process of logging in could be about to get more laborious.

While we wrestle as a nation with the process of leaving the EU, the union’s legislative train continues on its journey, taking the UK, still a member for at least a couple more months, with it.

Right now, one of the biggest changes affecting the UK’s banking world is a raft of measures introduced at the beginning of 2018 that are designed to increase competition among financial institutions for the ultimate benefit of the consumer.

If all this sounds familiar it’s because Open Banking – the sharing of information between financial product providers to join up and, ideally, give your financial affairs a boost – is a big part of this drive.

But the shift in focus brings with it implications for our financial security. So from September, lenders, card issuers and payment service providers – including those who failed the Which? test this week – will need to up their game when it comes to payment verification to comply with new fraud prevention rules.

Known as strong customer authentication (SCA), carrying out a range of transactions will involve two of three types of authentication: something only the user knows, like a password; something the user is, or biometrics; and something only the user has, such as their mobile.

The only hitch is that while our main bank might (or might not) have that data, we’re just not keen to hand over important and valuable personal information, especially if it also means our online transactions become even more long-winded.

Despite many banks set to rely on authentication mobile phones to comply with the rules, only half of UK customers would be prepared to hand over their mobile number in order to carry out extra security steps according to new research.

A quarter of British consumers would actively complain if they were asked for their mobile number because they believe there are already enough security checks when it comes to online payments.

The research, from data analytics firm Fico, also suggests that there is little consensus among UK consumers about where we go next with enhanced security. We are ambivalent at best about receiving a one-time passcode as part of the process. Just 39 per cent want a text message, 17 per cent prefer it via email and 14 per cent through their banking app.

“Millions of customers have already left brands that failed to provide hassle-free, frictionless digital services,” said Russell Robinson, vice president of solution sales management at Fico in Europe.

“Banks rolling out SCA this year need to make it easy for customers, and not try to force customers onto a particular communications channel to verify a transaction. Banks that get it right will build on customer loyalty; banks that get it wrong will see their customers flock to other brands and payment types.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in