Customers think Santander’s new online banking log in is less secure

Some customers of Santander have accused the bank of making its online banking less secure after it revamped the way customers log on.

At the end of January, the banking giant made changes which would make it ‘easier’ for customers to log into their account, requiring them only to enter their personal ID and a five digit security number.

Previously, the bank required customers to enter three characters from an online password and three digits from the five number PIN, while the log in page also included a personal image and phrase customers picked which were designed to show them they were on a genuine Santander site.

Santander revamped its online banking at the start of February, but some customers have said they feel it is less secure after the bank removed some of the steps need to log in

The bank’s website added that in ‘Spring 2020’ it would introduce two-factor authentication for customers logging in, which will require customers to use the bank’s mobile app or enter a code sent by text message to verify it is them.

However, until this is fully introduced the bank appears to have reduced the number of steps required to log into online banking, ironic at a time when almost all banks are introducing more security to comply with new rules.

Customers were split over whether the changes meant their online banking was less secure, with one writing on an online forum that they weren’t convinced by the bank’s assertion the new way of logging in was secure.

Another wrote: ‘Previously the login page had three elements; a personal image, an alpha-numeric password and a PIN. 

‘Now there is only one numeric only PIN. It may not be less secure but it does feel a bit random and also lacking an explanation or any evidence of rigour.’

And one customer said: ‘Going down from three security elements to one limited PIN does appear to be less secure.’

In response to one commenter who pointed to the fact that customers must use a text message to verify that they want to set up a new payee, making it harder for a fraudster to transfer money out of the account, a customer wrote: ‘It’s still a privacy issue if someone can log in. 

‘Things should be made more difficult not easier to log in when Santander decide to revamp their site.’

Santander said in a statement: ‘We take our customers’ security extremely seriously and have robust security controls and systems in place that sit behind our online banking platform. 

‘The recent enhancements to the platform, which makes it even simpler for customers to manage their money online, take into account advancements in our approach to fraud prevention.’

It insisted it had conducted extensive research and testing before making any changes to its website. 

What are the changes?

Banks have until 14 March to comply with the rules, known as Secure Customer Authentication, after the Financial Conduct Authority granted a six-month extension amid worries some were not ready last September.

The rules require logging in to online banking, as well as online purchases, to be verified using two-factor authentication. That can mean using an online banking passcode and a code sent by text.

Customers who live in areas with phone signal have previously raised concerns that they could effectively be barred from online shopping or logging into online banking, although most banks are offering the option of sending a code via email or to a landline, or through a mobile app.

This is Money has previously received emails from readers worried about being unable to shop or log into online banking once new rules requiring more authentication come into force 

Most other banks are in the process of spelling out upcoming changes to customers or have already rolled them out. 

In a message on its website, Lloyds Bank states: ‘Soon all banks will be adding new security checks. If you log on to online banking you may notice an extra step in security. This is because you’ll need to use two different ways of proving who you are.’

Meanwhile Nationwide Building Society states customers will soon need to enter their date of birth alongside their customer number when logging in, and verify it with a card reader or text message.

Cynergy Bank faces backlash

Challenger bank Cynergy has introduced a new authenticator app for its online banking

Challenger bank Cynergy has introduced a new authenticator app for its online banking

Another bank facing a backlash from customers over new security measures is challenger savings bank Cynergy. 

It told customers that from 14 March customers would need to use either a digipass or a new authenticator app to log into online banking.

However, the app has received a furious response from customers, who have left 28 one star reviews on the Apple app store since it was introduced.

The app is designed to scan an image displayed on a computer or tablet screen when online banking is loaded up, and then display an authentication code which can be used to log in.

But many customers were furious about the fact that this made it almost impossible to log into online banking on your phone, unless you had another phone on hand to scan the image. 

One reviewer wrote: ‘They have basically made it impossible for us to use our mobile phone alone to go online.

However customers of Cynergy left a succession of one star reviews in Apple's app store, complaining the way it worked meant they would be unable to log into online banking on their phone

However customers of Cynergy left a succession of one star reviews in Apple’s app store, complaining the way it worked meant they would be unable to log into online banking on their phone

‘I’m sure most of us are busy and constantly on the move, we can’t be expected to carry our laptops and tablets with us all the time. Cynergy Bank has now become the most inconvenient bank.’

Another reviewer wrote: ‘The app pre-supposes that you are either sitting at a PC or looking at a tablet so when you try to log on their website generates an image which the app on your phone now has to scan. It means you cannot log on to the website anymore direct from your mobile phone.’

And a third reviewer wrote bluntly: ‘This app is so badly conceived that I am writing my first ever app store review. Say no more.’

Cynergy Bank said in a statement: ‘As part of our commitment to high levels of customer protection, Cynergy Bank has recently introduced an authenticator app as an extra level of security on its online banking. 

‘For customers without a mobile phone there is an alternative process available.

‘Customers without a smartphone or tablet can use an upgraded version of the Cynergy Bank digipass. This can be ordered from the bank’s customer service team. 

‘We are working really hard to improve the app and we expect to launch the capability to use the app and online banking on the same device shortly.’ 

Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.

Source link