News

ICO in talks with Barclays over weak mobile banking security

The Information Commissioner's Office (ICO) is in talks with Barclays Bank about the security set-up of its mobile banking service.

Last week a Computer Weekly reader complained about the ease with which the online banking service can be accessed.

People who lose their bank card or have their card details copied could have their banking transactions exposed to prying eyes.

The problem affects the Barclays.mobi web link which connects customers to pages designed to be viewed on mobile phones.

The site allows users to view their financial transactions if they answer four basic security questions. Three of the answers are available on the card itself. These are surname, 16-digit account number and three-digit security code. The other question is the customer's date of birth.

Although no money is at risk, the flaw exposes details of Barclays customers' online banking transactions, including purchases and direct debits.

Computer Weekly contacted the ICO last week and a spokesman said they would look into it.

After this, an ICO spokesman said that although some customers had inquired about security levels, there had been no formal complaints.

However, the ICO is now in talks with Barclays about the issue and said: "The Information Commissioner's Office takes concerns about individuals' privacy very seriously. Any organisation which processes personal information must ensure that adequate safeguards are in place to keep that information secure. This is an important principle of the Data Protection Act. We are currently in discussions with Barclays Bank to establish what steps it will be taking to ensure that its mobile banking application is sufficiently protected."

Barclays said: "We take our data privacy obligations very seriously and will be cooperating fully with the Information Commissioner's Office in any discussions on this matter."


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy