Security Risk

  • Graham's Avatar
    There is an SSL/TLS problem which came to light in October 2014 (and December 2014 for TLS) and had all decent sysadmins patching their servers as soon as humanly possible. The patching is simple and doesn’t require protracted down time… there is no excuse not to apply it and because of the severity of the consequences (particularly the TLS version), SSL Labs cap any site with this problem to a FAIL. If Tesco Bank fixed that, they would still be capped at C as for reasons only known to them, they only support TLS 1.0. Link to report...https://www.ssllabs.com/ssltest/anal...=tescobank.com I have tried to bring this very disturbing report to Tesco Bank's attention via Twitter.Whether they passed on the info or not, I am unsure as I never recieved a reply. This is such an important issue it needs to be remedied as soon as possible. Please do not ignore this, even if you cannot comment please pass to the relevent I.T department. Thanks. Graham
  • 2 Replies

  • Verified Answer

    JamieJ's Avatar
    Former Community Manager
    Verified Answer
    Hi  thanks for your message.

    We take customers’ online security very seriously. We regularly update our systems so that customers are protected from online security threats and - like other banks - are making changes so that our website is protected from the potential risks you’ve highlighted.

    As always, we strongly advise customers keep their banking details and computer safe by avoiding using non-secure or unencrypted Wi-Fi connections, and only using public Wi-Fi hotspots they know to be safe. Thanks again for raising this.
  • Graham's Avatar
    Glad this was passed on the the relevant department. Thank you for the reply. Graham