Online banking security: the best and worst banks for safety

With mobile and online banking fraud becoming more sophisticated every day, new research reveals the best and worst banks for cybersecurity in 2024.

The number of people who bank online or through a mobile app has risen dramatically in recent years.

According to figures from Statista released this month, more than 90% of Brits now use internet banking, which is up from approximately 30% in 2007.

However, there remain concerns over just how safe it is to handle your banking matters on the move.

Worryingly, research from trade body UK Finance found that mobile banking fraud increased by 17% during the first half of 2023, with losses totalling £18.7 million.

With this in mind, consumer site Which? has delved into the online banking systems and mobile apps offered by the nation’s big names to see just how safe they are.

The best and worst banks

What makes an online account safe?

Although there are no guarantees that any banking platform is 100% secure, certain tools and features can significantly improve your chances of staying safe online.

Which? looked at a range of features when assessing the effectiveness of a bank’s security measures.

The first is the login ‒ the information you need to enter in order to gain access to the account details.

Sadly, the fact is that setting a complicated password is no longer enough to safeguard against hackers in 2024.

The importance of secure logins

When looking at the features offered by various banks, the researchers paid close attention to the use of two-factor authentication.

With this feature, simply having an account’s username and password isn’t enough to gain access ‒ you’ll also need to enter some other form of one-time passcode (OTP).

Which? awarded top marks to banks that required customers to also log into their online accounts via their mobile banking app or through a card reader.

While many banks have traditionally sent OTPs via text message, the researchers pointed out that these messages can be intercepted by hackers.

The sneakiest AI scams of 2024

Risky cybersecurity practices

Another key consideration was account management and the sort of checks in place before you can start making payments to another account.

While banks were praised if they sent notifications to flag up any potentially suspicious activity, they were marked down if these messages included a phone number or link to a login page, since that is so similar to the sort of model employed by scammers.

And finally Which? looked at the navigation and logouts from the account.

The bank’s score took a hit if they allowed you to log in from multiple browsers or computers at the same time, or if they permitted you to move backwards and forwards within the browser without needing to sign in again.

The most secure online banking services

Here’s how the banks tested by Which? shaped up in these various elements (scored out of five), and their overall score, as a percentage.

Bank	Overall score	Login	Security best practice	Account management	Navigation and logout
NatWest	87%	4/5	5/5	5/5	5/5
Starling	87%	4/5	5/5	5/5	5/5
HSBC	80%	5/5	4/5	4/5	5/5
Barclays	78%	4/5	5/5	4/5	5/5
First direct	74%	4/5	5/5	4/5	5/5
Nationwide	74%	5/5	5/5	3/5	3/5
Lloyds Bank	69%	4/5	4/5	3/5	5/5
Virgin Money	68%	5/5	5/5	3/5	2/5
Santander	67%	3/5	5/5	3/5	5/5
TSB	67%	4/5	4/5	2/5	5/5
Co-operative Bank	61%	4/5	5/5	3/5	3/5

The best UK bank accounts for cashback

As the strongest banks for online security, Starling and RBS/NatWest received scores of 87%.

The banks achieved the highest possible ranking across security best practice, account management, and navigation and logout.

In contrast, Co-operative Bank placed bottom in the ratings, with an overall score of just 61%.

One of the most serious issues was the bank’s failure to require two-factor identification when researchers attempted to log in using a test laptop.

On top of this, the Co-operative doesn’t block users from setting weak passwords on their accounts.

The most secure banking apps

Now, let’s take a look at the findings for mobile banking apps, again rated according to five core categories and with an overall percentage score.

Bank	Overall score	Login	Security best practice	Account management	Navigation and layout
HSBC	78%	5/5	4/5	4/5	4/5
Barclays	74%	5/5	4/5	4/5	3/5
Chase	73%	4/5	5/5	4/5	4/5
Santander	73%	3/5	5/5	4/5	5/5
Starling	72%	4/5	5/5	3/5	5/5
NatWest	71%	4/5	4/5	5/5	4/5
first direct	68%	4/5	4/5	4/5	3/5
Nationwide	68%	4/5	4/5	4/5	4/5
Virgin Money	67%	5/5	4/5	3/5	4/5
Lloyds Bank	63%	3/5	4/5	4/5	4/5
Monzo	60%	5/5	3/5	4/5	4/5
Co-operative Bank	57%	3/5	5/5	3/5	3/5
TSB	54%	4/5	2/5	3/5	3/5

The best packaged bank accounts

Coming in as the best-performing app, HSBC received a score of 78%, with the researchers noting that the bank doesn’t rely on SMS when users log in.

Although Barclays placed second in the mobile app ratings, the investigation did reveal that the bank has yet to address some of the website management problems uncovered last year, which includes allowing users to log in from various browsers at the same time.

At the other end of the scale , TSB came bottom of the rankings, with the investigation uncovering a ‘medium risk’ issue with the app.

According to Which?, the bank’s handling of sensitive financial information could allow other apps installed on a phone to access confidential data.

Likewise, the researchers identified issues with outdated encryption technology and noted that the bank sends phone numbers via SMS alerts in some cases, which could be intercepted by scammers.

What do you want from your bank?

There are a host of different reasons for picking a bank account, from the interest rate on offer for credit balances, to how it handles overdrafts.

But clearly putting at least some time into researching just how secure a bank’s online processes are is vitally important too.

There’s no point in taking advantage of an account paying cashback on your bills if somebody else gets to enjoy the money rather than you!