ICO in talks with Barclays over weak mobile banking security

Last week a Computer Weekly reader complained about the ease with which the online banking service can be accessed.

People who lose their bank card or have their card details copied could have their banking transactions exposed to prying eyes.

The problem affects the Barclays.mobi web link which connects customers to pages designed to be viewed on mobile phones.

The site allows users to view their financial transactions if they answer four basic security questions. Three of the answers are available on the card itself. These are surname, 16-digit account number and three-digit security code. The other question is the customer's date of birth.

Although no money is at risk, the flaw exposes details of Barclays customers' online banking transactions, including purchases and direct debits.

Computer Weekly contacted the ICO last week and a spokesman said they would look into it.

After this, an ICO spokesman said that although some customers had inquired about security levels, there had been no formal complaints.

However, the ICO is now in talks with Barclays about the issue and said: "The Information Commissioner's Office takes concerns about individuals' privacy very seriously. Any organisation which processes personal information must ensure that adequate safeguards are in place to keep that information secure. This is an important principle of the Data Protection Act. We are currently in discussions with Barclays Bank to establish what steps it will be taking to ensure that its mobile banking application is sufficiently protected."

What’s hot on Infosecurity Magazine?