Half of UK Banks Have Insecure SSL

Research from international security firm, Xiphos Research, has revealed that half of UK banks are using out of date security technology.

The insecure instances of SSL could make it easier for cyber criminals to cause damage and the research, which was conducted in November last year, found that 11 out of the 22 UK retail banks tested had insecure SSL instances, as well as 18 out of 25 foreign banks in the UK.

37 UK building societies were also tested with just over half found to have insecure SSL instances.

Co-founder of Xiphos Research, Mike Kemp, said in a blog post: "That's shockingly bad when you consider that what we were concerned with was not the generic customer-facing internet sites associated with financial institutions, but the URL instances associated with their login functions. So what do we mean when we say insecure?

"As things stand, more than 50% of banks and building societies in the UK have weak SSL implementations associated with their secure login functions - and the affected parties don't seem to care.

"We have attempted to reach out to the FCA [Financial Conduct Authority] and, as of the date of this article, have yet to be contacted by anyone other than first line customer services staff. We have attempted to contact a number of the affected banks and building societies and have not been able to surmount customer services."

print this article

Return to internet news headlines
View Internet News Archive

Share with: