Online banking security: the best and worst banks for safety

Starling Bank ranked the safest and Tesco the least secure. Here's how all the major banks compare when it comes to online security features.

The number of people who bank online has risen dramatically over the last 10 years.

According to figures from the Office for National Statistics in 2019, around seven in every ten people use the internet in order to bank, having doubled from the 35% registered a decade beforehand.

It’s third only to email and finding goods and services in terms of our most common activities online, and has been pointed to as a driver in the decisions by banks across the country to start closing branches.

But there remain concerns over just how safe if it is to handle your banking matters on the move.

Now consumer site Which? has run the rule over the online banking systems served up by the nation’s big names to see just how safe they are to use.

We're working with Compare the Market* where you can find out what credit cards you are eligible for without harming your credit score. Click here to find out more or jump straight in and discover which credit cards you're likely to qualify for.

What makes a secure online banking service?

Which? looked at a handful of important features when assessing the security served up by the online banking on offer.

The first feature is the login ‒ the information you need to enter in order to gain access to the account details.

A big selling point here is two-factor authentication, which is where having the username and password isn’t enough ‒ you’ll also need to enter some other form of single-use code which is generated on your connected device.

The simple fact is that setting a complicated password isn’t enough, and banks are being pushed towards beefing up the level of authentication needed in order to log into an account.

However, there are evidently still quite a few lagging behind on this front.

Another factor assessed by Which was the level of encryption, which is where the data is scrambled so that nobody other than you or your bank can read it.

It checked whether best-practice security headers were being utilised, and also whether there were any areas open to hackers. 

Next up was account management and the sort of checks in place before you can add ‒ and start making payments to ‒ another account.

While banks were praised if they sent notifications to flag up any potentially suspicious activity on your account, they were marked down if these messages included a phone number or link to a login page, since that is so similar to the sort of model employed by scammers.

And finally Which? looked at the navigation and logouts from the account.

The bank’s score took a hit if they allowed you to log in from multiple browsers or computers at the same time, or if they permitted you to move backwards and forwards within the browser without needing to sign in again. 

How the banks performed

Here’s how the banks tested by Which? shaped up in these various elements (scored out of five), the weighting of each of these categories, and their overall score, as a percentage.
 

Bank

Login (30%)

Encryption (40%)

Account management (15%)

Navigation and logout (15%)

Overall test score

Starling Bank

5/5

5/5

5/5

4/5

85%

Barclays

5/5

5/5

4/5

3/5

78%

First Direct

5/5

5/5

4/5

2/5

78%

HSBC

5/5

5/5

4/5

3/5

78%

NatWest/RBS

5/5

4/5

4/5

5/5

76%

Nationwide

4/5

4/5

4/5

4/5

74%

Metro Bank

4/5

4/5

5/5

5/5

71%

Virgin Money

4/5

5/5

2/5

3/5

68%

Lloyds/Halifax/Bank of Scotland

3/5

5/5

4/5

3/5

67%

Co-operative Bank

2/5

5/5

4/5

3/5

65%

Santander

3/5

5/5

2/5

2/5

62%

TSB

2/5

4/5

4/5

4/5

51%

Tesco Bank

2/5

4/5

2/5

2/5

46%

 

As you can see, Starling Bank is clearly setting the bar for online safety incredibly high (head this way to see if its current account is right for you).

The testers reported nothing concerning about its recently launched website, though noted this was partly due to limited functionality ‒ users can only change sensitive data via the app.

While Barclays, HSBC and first direct all shared second spot, Which noted each had room for improvement.

For example, with Barclays, testers only needed basic details in order to recover a membership number, and could log in from two different computer systems at the same time without being ejected from one.

Meanwhile, first direct was criticised for having basic pre-set security questions for forgotten passwords, with no alerts sent when passwords are changed or new payees are added.

Things are far more concerning at the bottom of the table, and not just because of the presence of so many major banking names.

Tesco Bank came bottom, with researchers finding multiple security headers missing from its webpages, while users were able to use the forward/back button to leave a session and then return to it. 

TSB was found to have serious issues, including its login process which Which? argued does not meet new regulations introduced last March.

As a result, the bank has been reported to the FCA.

We're working with Compare the Market* where you can find out what credit cards you are eligible for without harming your credit score. Click here to find out more or jump straight in and discover which credit cards you're likely to qualify for.

What do you want from your bank account?

There are a host of different reasons for picking a bank account, from the interest rate on offer for credit balances, to how it handles overdrafts (helpfully, we've rounded up the best bank accounts for every situation in one place).

But clearly putting at least some time into researching just how secure a bank’s online processes are is vitally important too. 

According to data from the banking trade body UK Finance, there were almost 44,000 cases of remote banking fraud in 2019, which encapsulates online, mobile and telephone banking.

In total, victims lost a whopping £150.7 million.

And while both the number of cases, and the value of the amount stolen, fell from the previous year, that’s still far too many people ending up out of pocket.

There’s no point making the most of an account paying cashback on your bills if somebody else gets to enjoy the money rather than you!

*loveMONEY has teamed up with Compare the Market to provide credit card price comparison services. Compare the Market Limited acts as a credit broker, not a lender. To apply you must be a UK resident and aged 18 or over. Credit is subject to status and eligibility.

 

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.