Customers of the high street giant could have been leaving their accounts open to abuse because of a security flaw in Barclays’ online banking system.
According to the bank, after logging out of the online service, an account can be immediately reaccessed using the ‘back’ button on a web browser. If a customer accessed their Barclays account on a public terminal, the next user could use this method to view the banking details.
Many other online bank services, including LloydsTSB, NatWest and Smile, ask a user to re-enter their passwords if they try to reaccess the service after logging out.
A Barclays spokeswoman told AccountancyAge.com sister site vnunet.com: ‘This is not just a Barclays thing, it happens with Hotmail too. We are aware of this, but when customers join the online banking service they are given a booklet and we tell customers to clear the cache to prevent this from happening.
‘We take our responsibilities very seriously, and if this means we have to make more changes then we will.’
Matt Tomlinson, business development director at IT security consultancy MIS, said: ‘This really is bad practice. Barclays have given the responsibility for security to the end user. They tell customers in their booklet to clear their cache, but not everyone would know what this means. Do they want to have a generation of people with a high IT knowledge, or do they want it to be accessible to all.’
Tomlinson said it would be ‘very simple’ for Barclays to correct the problem. NatWest’s online banking service and LloydsTSB have settings that do not allow customers to get back into their online accounts, he said. ‘It’s their responsibility – 100 per cent,’ he added.
Barclays recently suffered a breach following a system upgrade that allowed customers to view each other’s bank account details online.
To clear your cache: For Internet Explorer go to Tools, internet options, advanced, scroll down to security and tick the box that says ‘do not save encrypted pages to disk’.
For Netscape Navigator go to Edit, Preferences, Advanced, Cache and click ‘clear memory cache’ and ‘clear disk cache’.
This article first appeared on vnunet.com.
New growth opportunities in Aberdeen, North East Scotland, are being invested in by Grant Thornton
If businesses do not take cyber security seriously in their business planning regulators may do it for them, the ICAEW has warned
The Financial Reporting Council has issued guidance regarding the annual reporting of 1,200 large and smaller listed companies. The letter highlighted the key issues and improvements that can be made in the 2016 reporting season
Deloitte's north-west Europe foray; BDO, Smith & Williamson investment paths; Shelley Stock Hutter; and Wilkins Kennedy discussed by editor Kevin Reed on our Friday Afternoon Live broadcast