Security company Xiphos Research checked 22 UK-owned retail banks and found 50% still use vulnerable Secure Sockets Layer (SSL) certificates despite problems known about for months and even years. A further 79% of 25 foreign-owned retail banks operating in the UK, and 51% of the UKs top 37 building societies, are also insecure.
In 12 of the 84 cases, their SSL usage is rated as ‘F – the worst possible score they could have. The weak authentication puts banking customers at risk of well-known attacks like the POODLE man-in-the-middle vulnerability, which was revealed by Google researchers in October 2014, and the CRIME attack known about since 2012.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now