Barclays bank has suffered another embarrassing incident, calling the security of its online banking service into question yet again.

Customers of the high street giant could have been leaving their accounts open to abuse because of a security flaw in Barclays' online banking system.

According to the bank, after logging out of the online service, an account can be immediately reaccessed using the 'back' button on a web browser. If a customer accessed their Barclays account on a public terminal, the next user could use this method to view the banking details.

Many other online bank services, including LloydsTSB, NatWest and Smile, ask a user to re-enter their passwords if they try to reaccess the service after logging out.

A Barclays spokeswoman told vnunet.com: "This is not just a Barclays thing, it happens with Hotmail too. We are aware of this, but when customers join the online banking service they are given a booklet and we tell customers to clear the cache to prevent this from happening.

"We take our responsibilities very seriously, and if this means we have to make more changes then we will."

Matt Tomlinson, business development director at IT security consultancy MIS, said: "This really is bad practice. Barclays have given the responsibility for security to the end user. They tell customers in their booklet to clear their cache, but not everyone would know what this means. Do they want to have a generation of people with a high IT knowledge, or do they want it to be accessible to all."

Tomlinson said it would be "very simple" for Barclays to correct the problem. NatWest's online banking service and LloydsTSB have settings that do not allow customers to get back into their online accounts, he said. "It's their responsibility - 100 per cent," he added.

Barclays recently suffered a breach following a system upgrade that allowed customers to view each other's bank account details online.

To clear your cache: For Internet Explorer go to Tools, internet options, advanced, scroll down to security and tick the box that says 'do not save encrypted pages to disk'.

For Netscape Navigator go to Edit, Preferences, Advanced, Cache and click 'clear memory cache' and 'clear disk cache'.

See also:

Lloyds TSB online banking hit by glitch

Back-office staff at Lloyds TSB had to work frantically this afternoon to smooth out glitches with its internet banking service after a connectivity problem left customers unable to access their accounts.  09 Oct 2000

Security flaw found in BT's talk21 email

BT's free web-based email service talk21 has come under fire for lax security after an online businessman stumbled across a flaw that gave him access to users' email accounts.  29 Sep 2000

Clearly means business

We take a closer look at business portal Clearlybusiness.com, which aims to provide small businesses with essential information and back-office resources.  20 Sep 2000

Weak security found in many web servers

One in three supposedly secure ebusiness servers are using software with known security weaknesses, and European sites are the worst offenders, according to a survey.  07 Sep 2000

Freeserve and Barclays in SME tie-up

Freeserve, the UK's largest internet service provider, has joined forces with Barclays to launch a website aimed at the UK's three million small businesses.  30 Aug 2000

Barclays to adopt Open Plan strategy

Barclays' takeover bid for Woolwich marks a victory for the latter's Open Plan banking system.  17 Aug 2000

LloydsTSB acts to improve online service

Amid much criticism of high street banks' treatment of online bankers, LloydsTSB today announced measures to ensure that its internet customers get the same level of service as its telephone customers.  15 Aug 2000

Safeway hit by hoax emailer

UK supermarket Safeway is investigating how a computer hacker gained access to its databases and sent a hoax message to thousands of customers.  14 Aug 2000

Woolies forced to shut online store

High street veteran Woolworths has been forced to temporarily close its online store after customer credit card and personal details were exposed on its website.  11 Aug 2000

The ecommerce threat: real or imagined?

Recent high profile security breaches at UK ecommerce websites have fuelled consumer fears that it is not safe to have their personal information flying around in cyberspace. But such problems appear to be the result, not so much of faulty technology, but of companies succumbing to short-term solutions and failing to test their systems adequately before going online.  08 Aug 2000

UK online shoppers still lack confidence

Lack of consumer confidence is stifling ebusiness uptake in the UK, according to the National Consumer Council.  03 Aug 2000

Barclays' web bank suffers security breach

Barclays has reopened its online banking service after an embarrassing security breach forced it offline yesterday afternoon.  01 Aug 2000

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!