Online Banking Security - a step too far??

Penetration Testing Experts


I was setting up an online banking account with Sainsbury's earlier, and was asked to complete a number of ‘secret questions' to which ‘only I know the answer to'.

One of the questions was ‘what's the name of your favourite singer?'.

Am I missing something, but isn't this a pretty silly question to ask, bearing in mind it would be completely trivial to socially engineer such an answer?

What exactly are these additional layers of perceived security supposed to do?

In short, they're there to pass the liability of any account fraud onto the account owner. If the account gets hacked, then it's the account owner's fault, as obviously leaked away answers to their secret questions.

But favourite singer? Are they having a laugh? If an account gets hacked and it comes down to the bank trying to blame to account owner for telling somebody else whom their favourite singer was, then they need to get real!

Come on banks – up the ante and at least THINK about account fraud from a consumer point of view and don't try and just pass the buck without thinking things through.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top