Technology, Top News

Natwest apologises after failing to act on unencrypted banking website

NATWEST BANK HAS confirmed that it will be bringing in new security procedures after a warning from a researcher was greeted with a canned customer service response.

Troy Hunt had warned Natwest that its homepage was not properly secured with HTTPS encryption, making it significantly more prone to hacking, even though the rest of the site is properly secured.

Hunt points out that attackers could, therefore, quite easily redirect people landing on the unencrypted pages to phishing versions of the mobile banking part of the site.

But when he pointed out to Natwest that it wasn’t enough to encrypt online banking, he was told “I’m sorry you feel this way”, a statement so cardboard it actually conjures up less empathy than more.

The bank has since apologised and confirmed that it will switch to full HTTPS encryption within 48 hours.

Security researchers have also spotted other banks with the same issue. First Direct is currently working on adding encryption, though HSBC UK already has it. Lloyds and TSB have it by default but it can be overridden by typing “HTTP” into the address bar.

Although Natwest does not, parent bank RBS does have HTTPS switched on.

Nationwide and Barclays, of the ones we tested, were most definitely armed to the hilt.

The key is to look for a green padlock in the browser bar. A red padlock crossed out is a warning to take care.

Google is already actively discouraging the use of unencrypted addresses, and actually marks them down in search results. µ

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend