BSI launches new Kitemark for Secure Digital Transactions

27 August 2014

Barclays Mobile Banking and Barclays Pingit first products to achieve this Kitemark

BSI, the business standards company, today launches the BSI Kitemark™ for Secure Digital Transactions. The BSI Kitemark has been developed to help consumers confidently and easily identify websites or apps they can trust with their financial and/or personal details.  

As the digital transmission of confidential financial and personal information increases, so too does the need for the appropriate security to be in place. However, a recent BSI survey showed 30 per cent of people do not trust apps as a secure way to manage their money, and 42 per cent have concerns about the security of their personal data when shopping online1.  The BSI Kitemark™ for Secure Digital Transactions has been developed to help address these concerns.

The first products to be independently assessed against the scheme are Barclays Mobile Banking and Barclays Pingit, the mobile payment service. Barclays will shortly be displaying the BSI Kitemark on their website, marketing materials and included in the apps.  Although initially piloted in the banking industry, the BSI Kitemark for Secure Digital Transactions is available to all organizations who want to demonstrate they take customer data protection seriously.

The BSI Kitemark requires a website or app to undergo rigorous and independent testing to make sure it has the security controls in place for the financial and/or personal information it is handling. Producers of websites or apps from banking to entertainment will be able to reassure target customers by displaying the Kitemark on their product and in their marketing materials.

The assessment involves organizations achieving and maintaining certification to the international Information Security Management System Standard (ISO 27001) for the parts of the business that handle confidential data, as well as undergoing rigorous internal and external penetration tests which scan for vulnerabilities and security flaws.

In addition to an organization’s typical regime of tests and audits, to earn the BSI Kitemark the website or app will be subject to further independent and regular monitoring and assessment, including penetration tests and Kitemark audits. Importantly, if security levels are not maintained the BSI Kitemark will be revoked until any flaws are rectified.

Maureen Sumner Smith, UK Managing Director at BSI said: “More and more of us are now sharing confidential information through online shopping, mobile banking, booking flights, gaming, university applications or interacting with local government. These behavioural changes from the physical to the digital demand the need for even more rigorous security measures.

“Many organizations have good information security processes already established, but by having their systems independently tested on a regular basis as part of the BSI Kitemark process, they can clearly demonstrate to customers their commitment to safeguarding information.

“The BSI name and BSI Kitemark is recognized as a symbol of trust and we have a strong track record in promoting excellence when it comes to cyber and information security.”

Alex Grant, Managing Director of Fraud Prevention at Barclays said: “Millions of our customers are using mobile and online banking on a daily basis and the Kitemark adds reassurance that the platform they are using meet the stringent security requirements. Barclays recognise the need to grow consumer trust in using digital platforms and the BSI Kitemark is a widely trusted mark to help this. We’re proud to be the first business to gain the certification for its mobile banking apps to start with.”

- ENDS -

Notes to Editors:

1 GfK NoP survey of 1004 consumers aged 18-64 carried out on behalf of BSI in October 2013

Please note no certification can ever guarantee 100% security, however, the BSI Kitemark for Secure Digital Transactions ensures a website or app has the appropriate security controls in place for the information it is handling. 

BSI Kitemark™ scheme requirements:

  • Achieve and maintain certification to ISO 27001 (Information security management system) for the parts of the business that handle confidential data
  • Passed initial penetration tests which scans for vulnerabilities and security flaws
  • Quarterly monitoring and assessment comprising
    • penetration tests
    • Kitemark audit to review the penetration results in context of the product, and review what actions have been taken

BSI Kitemark™

The BSI Kitemark™ provides comfort and confidence to users of products or services across a whole range of sectors. Recognition of the BSI Kitemark™ is high.  Two thirds of all UK consumers associate it with quality, assurance, reliability and trust. 93% of adults believe BSI Kitemark™ products are safer and 75% say the BSI Kitemark™ will help make choosing between products easier.

Learn more about the BSI Kitemark