June 27, 2019

25% of European banks could leave customers vulnerable to phishing

By Ellen Daniel

With 90% of consumers worrying about having their online financial accounts hacked, ensuring that online banking is protected from phishing attacks and other vulnerabilities is essential, especially as 76% of data breaches are financially motivated.

However, according to Sectigo, an issuer of online security certificates, many banking websites do not have Extended Validation certificates to prove that they are legitimate and secure.

Online security certificates are what proves that a website is authentic and that any information sent through the website is secure and encrypted. An Extended Validation (EV) certificate is the maximum level of identity verification.

Sectigo assessed websites based on whether they had digital certificates provided by a Certificate Authority.

It rated each bank’s website according to the type of digital certificate used to secure the login pages for the bank’s online banking service. “Green” status was awarded to websites with EV certificates on the home and login pages. Websites without an EV certificate received a lower rating, or a “yellow” status. Fortunately, no banks in the study displayed “Not Secure” warnings, which would warrant a “red” status.

The study found that 25% of European banks did not have the highest, meaning customers may be vulnerable to phishing scams. Furthermore, 40% of North American banks did not follow best practice when it comes to security certificates.

This could impact the level of trust banks have from their customers, with the authenticity of their bank’s website a key part of ensuring trust. Eight out of ten people report that an EV certificate influences their perception of a brand or company and 50% indicate it has a significant influence.

To improve online security while banking, Sectigo advises that customers always look for the full name in the address bar to check that the site is authentic, to never input sensitive payment information on a page not secured with SSL certificate, and to avoid unsolicited emails or clicking links.

Tim Callan, senior fellow at Sectigo said:

“Online criminals routinely use counterfeit websites to trick consumers into unknowingly providing valuable information such as account logins, credit card numbers, and personally identifiable information that can be used for identity theft.

“To give customers peace of mind, financial institutions can deploy Extended Validation SSL certificates to communicate the bank’s verified identity to site visitors right in the browser’s interface. The findings of Sectigo’s study serve as a reminder for banks to pay attention to their online presence, not only to protect customers from phishing, but also to convey that necessary protections are in place.”

Read moreWorried about the safety of internet banking? Here are 5 ways to stay secure online


Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: