More than a quarter of European bank websites leave their customers vulnerable to phishing scams, according to new research.
An assessment of the digital certificates used to secure the home and login pages of major banks’ websites was conducted by Sectigo, the world’s largest commercial certificate authority for online security technology.
The study also found that 40% of banks across North America expose their customers to similar phishing vulnerabilities by not having adequate certification on their websites.
Sectigo senior fellow Tim Callan said: “Online criminals routinely use counterfeit websites to trick consumers into unknowingly providing valuable information such as account logins, credit card numbers, and personally identifiable information that can be used for identity theft.
“To give customers peace of mind, financial institutions can deploy Extended Validation (EV) SSL certificates to communicate the bank’s verified identity to site visitors right in the browser’s interface.
“The findings of Sectigo’s study serve as a reminder for banks to pay attention to their online presence, not only to protect customers from phishing, but also to convey that necessary protections are in place.”
Fraudsters can imitate bank websites for phishing scams
Banks across Europe were rated on their provision of these security authentication certificates, which confirm to customers that a website is in fact legitimate and that they have not landed on a fake imitation created by fraudsters to initiate a phishing scam.
The highly personal and potentially lucrative nature of the data stored by financial institutions means they can often be a target for cyber criminals – with research showing that three-quarters of data breaches are financially motivated.
Banks in Switzerland, Italy, Germany, the UK, Spain and the Czech Republic were all found to be lacking in their certification, including the likes of Credit Suisse, Standard Chartered, UBS, Caixabank and Bayerische Landesbank.
Each of these institutions scored a “yellow” rating on Sectigo’s traffic light grading system, meaning they do not provide EV security certification – the maximum level of identity verification – on either the home or login page.
Lack of certification can impact brand perception
Sectigo’s research has also found that EV SSL certificates – or lack thereof – can have a significant impact on the perception of a brand or company, due to the fact they reliably confirm the authenticity of the websites into which customers are inputting their information.
Full certification is indicated by a company-branded address bar – and Sectigo recommends customers always check for this when banking online to avoid falling victim to a phishing scam, as well as looking for “https” as an indication of good security.