The Channel logo


By | John Leyden 5th January 2016 09:28

Half of UK financial institutions vulnerable to well-known crypto flaws

We can’t name names, say consultancy, suffice to say they’re at risk

Fifty per cent of UK high street financial institutions utilise weak SSL certificates on their secure authentication portals, according to a new study by Xiphos Research.

An assessment of 84 UK- and foreign-owned banking institutions in November by the international information security firm, and published on Monday, found that more than half were running SSL certificates that may expose their customers data to unwarranted risk.

Problems identified included certificate instances that may be vulnerable to well-documented attacks, such as CRIME and POODLE, as well as other crypto flaws.

Xiphos is not naming the affected organisations but its findings are nonetheless credible because individual instances of banks failing to update sites in the weeks after serious crypto flaws (such as POODLE) are well known.

The security consultancy may not have been able to contact many of the impacted organisations, a factor that led it to avoiding naming names.

In cases where it couldn’t contact organisations directly it passed on its findings via the Financial Conduct Authority and NCA (National Crime Agency). ®

comment icon Read 22 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe