Threats / 25% of European banks lack legitimate digital certificates for online services
25% of European banks lack legitimate digital certificates for online services
1 July 2019 |
As many as a quarter of European banks do not have essential digital certificates to prove that their home pages and online banking web pages are encrypted and secure from outside access, a new study has revealed.
Four years ago, a study conducted by the Ponemon Institute and Venafi found that as many as two-thirds of firms lost business because they did not manage to secure the trust of their online customers through security keys and certificates.
The study also found that a majority of global companies also suffered costly outages, failed audits and experienced data breaches due to unprotected or poorly-managed security keys and certificates. This fact indicated how important security certificates are for companies as consumers are not inclined to do business with firms that lack basic security credentials.
Yet, despite the threat environment becoming more complex and unpredictable than ever before, a quarter of European banks still do not have necessary digital certificates to assure customers that their home pages and online banking web pages are encrypted and secure from outside access, online security certificates issuer Sectigo has found.
A study conducted by Sectigo revealed that even though every European bank has some form of SSL certificate on its home and login pages, 25 percent of them lack Extended Validation (EV) SSL certificates that help to increase site transactions and "protects users against phishing, serving as a best-practice security measure for businesses online".
Lack of Extended Validation SSL certificates could hurt European banks
The firm noted that a lack of Extended Validation SSL certificates could impact a financial institution's brand image as according to a 2018 study conducted by Sectigo, the presence of an EV certificate in a bank's website "increases the probability that the user will sign up for a new account by 42.5 percent, share personal information by 57 percent, and fill out a form on the site by 37.5 percent".
"To give customers peace of mind, financial institutions can deploy Extended Validation SSL certificates to communicate the bank’s verified identity to site visitors right in the browser’s interface. The findings of Sectigo’s study serve as a reminder for banks to pay attention to their online presence, not only to protect customers from phishing, but also to convey that necessary protections are in place," said Tim Callan, senior fellow at Sectigo.
European banks and other financial institutions, as well as firms that hold personal and financial information of consumers, should also take note of the fact that the PCI Security Standards Council has recommended organisations to migrate from existing SSL/early TLS protocols to a more secure TLS v1.2 or higher, stating that SSL/early TLS protocols are no longer considered secure forms of encryption for payment card data.
"Because of its widespread use online, SSL/early TLS has been targeted by security researchers and attackers. Many serious vulnerabilities in SSL/early TLS (e.g. POODLE, BEAST, CRIME, Heartbleed) have been uncovered over the past 20 years, making it an unsafe method for protecting sensitive data," the PCI Security Standards Council said.
Latest posts by Jay Jay (see all)
- Phishing attack targeting financial organisations using SHTML file attachments - 17th July 2019
- Hackers accessed Sprint subscriber accounts via Samsung website - 17th July 2019
- Two years after WannaCry, 2,300 NHS computers are still running Windows XP - 17th July 2019
- NCSC’s Active Cyber Defence programme helped block 140,000 phishing attacks in 2018 - 16th July 2019
- Eurofins forced to pay ransom following crippling ransomware attack - 15th July 2019