The Information Commissioner's Office (ICO) is in talks with Barclays Bank about the security set-up of its mobile banking service.
People who lose their bank card or have their card details copied could have their banking transactions exposed to prying eyes.
The problem affects the Barclays.mobi web link which connects customers to pages designed to be viewed on mobile phones.
The site allows users to view their financial transactions if they answer four basic security questions. Three of the answers are available on the card itself. These are surname, 16-digit account number and three-digit security code. The other question is the customer's date of birth.
Although no money is at risk, the flaw exposes details of Barclays customers' online banking transactions, including purchases and direct debits.
Computer Weekly contacted the ICO last week and a spokesman said they would look into it.
After this, an ICO spokesman said that although some customers had inquired about security levels, there had been no formal complaints.
However, the ICO is now in talks with Barclays about the issue and said: "The Information Commissioner's Office takes concerns about individuals' privacy very seriously. Any organisation which processes personal information must ensure that adequate safeguards are in place to keep that information secure. This is an important principle of the Data Protection Act. We are currently in discussions with Barclays Bank to establish what steps it will be taking to ensure that its mobile banking application is sufficiently protected."
Barclays said: "We take our data privacy obligations very seriously and will be cooperating fully with the Information Commissioner's Office in any discussions on this matter."
Return to security news headlines
View Security News Archive