Latest News

FS firms’ sites still insecure a year after GDPR

By Peter Walker

Almost a year after the General Data Protection Regulation (GDPR) came into effect, RiskIQ has discovered that 1 in 10 personally identifiable information (PII) capturing websites belonging to the large UK financial services firms are running without adequate security measures.

While this is down from the 27 per cent of sites identified a year ago, it is still in breach of the regulations.

Across 48,949 active websites, RiskIQ research found that out of 4,512 sites capturing PII through data entry points accessible by site visitors, with 11.5 per cent of these sites (522 sites) capturing PII insecurely.

A PII capturing website is one which accepts user input that can identify an individual. Examples of input data are name, address, date of birth, email address and login credentials. In addition to web pages with data entry fields, the research also extended to pages with pop-up windows that populate during a browser session and accept data.

The analysis found that out of 3,940 public websites with a login page, 442 of these sites - 11 per cent - capture login information insecurely. Out of 572 sites capturing PII through data entry fields accessible by site visitors, 80 of these sites - 14 per cent - are capturing personal information insecurely.

Insecure sites are defined as those websites that capture data in clear text using the HTTP protocol or sites with certificate issues, such as expired certificates, misconfigured certificates or using old and untrusted certificates.

The findings highlight one of the key challenges businesses face in the protection of PII, as required by GDPR.

“This research shows that organisations are continuing to make progress in ensuring that personal data entered online is collected in a secure manner,” said Fabian Libeau, EMEA vice president at RiskIQ.

“However, that we still see instances serves to highlight that there is more to be done – most organisations are continuing to expand their web presence and it's vitally important that they maintain a complete inventory of those sites and the PII collecting pages they contain.”

    Share Story:

Recent Stories

Barclays issued with $361m penalty

Toqio raises €20m in Series A funding round

Penfold launches Advisor Portal aimed at SMEs


Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?

BANNER

BANNER

Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.

Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.

© 2019 Perspective Publishing     Privacy & Cookies