The Channel logo


By | John Leyden 5th January 2016 09:28

Half of UK financial institutions vulnerable to well-known crypto flaws

We can’t name names, say consultancy, suffice to say they’re at risk

Fifty per cent of UK high street financial institutions utilise weak SSL certificates on their secure authentication portals, according to a new study by Xiphos Research.

An assessment of 84 UK- and foreign-owned banking institutions in November by the international information security firm, and published on Monday, found that more than half were running SSL certificates that may expose their customers data to unwarranted risk.

Problems identified included certificate instances that may be vulnerable to well-documented attacks, such as CRIME and POODLE, as well as other crypto flaws.

Xiphos is not naming the affected organisations but its findings are nonetheless credible because individual instances of banks failing to update sites in the weeks after serious crypto flaws (such as POODLE) are well known.

The security consultancy may not have been able to contact many of the impacted organisations, a factor that led it to avoiding naming names.

In cases where it couldn’t contact organisations directly it passed on its findings via the Financial Conduct Authority and NCA (National Crime Agency). ®

comment icon Read 22 comments on this article or post a comment alert Send corrections


Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral


STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'