"Online Banks Servicing UK's SMBs Found to Have 'Serious' Security Flaws"

Some of the top online banks in the UK were discovered to have serious security flaws in their products, putting the businesses they serve and their customer at risk of cyberattacks. According to researchers at Red Maple Technologies, working on behalf of Which?, TSB and Virgin Money, which both offer business current accounts to small to medium-sized businesses (SMBs) across the UK, have major security flaws. The researchers expressed a number of concerns regarding TSB's security practices, highlighting that the bank still asks "basic security questions" to recover login credentials. In addition, Red Maple reported discovering two outdated web applications and a possibly insecure subdomain. TSB also lost points for using SMS-based security, failing to provide alerts when significant account changes were made, and providing phone numbers in new-payee notifications. Due to having six outdated web applications, an exposed IP address, and a subdomain using an outdated version of Transport Layer Security (TLS), Virgin Money received the lowest score for online and mobile banking security. This article continues to discuss findings from Red Maple's analysis of 13 current account providers in regard to online and mobile banking security. 

ITPro reports "Online Banks Servicing UK's SMBs Found to Have 'Serious' Security Flaws"