Which? Computing magazine has just published a comparison of the leading UK banks' on-line security measures. The results are quite damning. Many top banks have failed to keep up with simple best practices that help to counter security threats from keylogging software.
But there's nothing new here. Banks might have plenty of valuable assets to protect but they've always been painfully slow in updating their security measures. What does come as a surprise, however, is the wide variation in methods used, which is remarkable for a sector with a 'herd mentality' selling identical services.
Subscribe to blog feed
The story is a bit thin on detail as to the selection criteria. It seems heavily focussed on preventing keystroke capture, and some of them use pretty primitive approaches to prevent this. I think most of the "novel" approaches are more focussed on raising customer confidence rather than actually greatly improving security.