Barclays online bank suffers another blow
Barclays bank has suffered another embarrassing incident, calling the security of its online banking service into question yet again.
Customers of the high street giant could have been leaving their accounts open to abuse because of a security flaw in Barclays’ online banking system.
According to the bank, after logging out of the online service, an account can be immediately reaccessed using the ‘back’ button on a web browser. If a customer accessed their Barclays account on a public terminal, the next user could use this method to view the banking details.
Many other online bank services, including LloydsTSB, NatWest and Smile, ask a user to re-enter their passwords if they try to reaccess the service after logging out.
A Barclays spokeswoman told AccountancyAge.com sister site vnunet.com: ‘This is not just a Barclays thing, it happens with Hotmail too. We are aware of this, but when customers join the online banking service they are given a booklet and we tell customers to clear the cache to prevent this from happening.
‘We take our responsibilities very seriously, and if this means we have to make more changes then we will.’
Matt Tomlinson, business development director at IT security consultancy MIS, said: ‘This really is bad practice. Barclays have given the responsibility for security to the end user. They tell customers in their booklet to clear their cache, but not everyone would know what this means. Do they want to have a generation of people with a high IT knowledge, or do they want it to be accessible to all.’
Tomlinson said it would be ‘very simple’ for Barclays to correct the problem. NatWest’s online banking service and LloydsTSB have settings that do not allow customers to get back into their online accounts, he said. ‘It’s their responsibility – 100 per cent,’ he added.
Barclays recently suffered a breach following a system upgrade that allowed customers to view each other’s bank account details online.
To clear your cache: For Internet Explorer go to Tools, internet options, advanced, scroll down to security and tick the box that says ‘do not save encrypted pages to disk’.
For Netscape Navigator go to Edit, Preferences, Advanced, Cache and click ‘clear memory cache’ and ‘clear disk cache’.
This article first appeared on vnunet.com.