Online banking security: the best and worst banks for safety

With mobile and online banking fraud becoming more sophisticated every day, research reveals the best and worst banks for cybersecurity in 2024.

The number of people who bank online or through a mobile app has risen dramatically in recent years.

According to figures from Statista released this month, more than 90% of Brits now use internet banking, which is up from approximately 30% in 2007.

However, there remain concerns over just how safe it is to handle your banking matters on the move.

Worryingly, the Annual Fraud Report from trade body UK Finance found that the volume of mobile banking fraud cases was up 62% compared to the previous year, "and for the first time ever, was higher than the volume of web banking cases".

With this in mind, consumer site Which? has delved into the online banking systems and mobile apps offered by the nation’s big names to see just how safe they are.

The best and worst banks

What makes an online account safe?

Although there are no guarantees that any banking platform is 100% secure, certain tools and features can significantly improve your chances of staying safe online.

Which? looked at a range of features when assessing the effectiveness of a bank’s security measures.

The first is the login ‒ the information you need to enter in order to gain access to the account details.

Sadly, the fact is that setting a complicated password is no longer enough to safeguard against hackers in 2024.

The importance of secure logins

When looking at the features offered by various banks, the researchers paid close attention to the use of two-factor authentication.

With this feature, simply having an account’s username and password isn’t enough to gain access ‒ you’ll also need to enter some other form of one-time passcode (OTP).

Which? awarded top marks to banks that required customers to also log into their online accounts via their mobile banking app or through a card reader.

While many banks have traditionally sent OTPs via text message, the researchers pointed out that these messages can be intercepted by hackers.

The sneakiest AI scams of 2024

Risky cybersecurity practices

Another key consideration was account management and the sort of checks in place before you can start making payments to another account.

While banks were praised if they sent notifications to flag up any potentially suspicious activity, they were marked down if these messages included a phone number or link to a login page, since that is so similar to the sort of model employed by scammers.

And finally Which? looked at the navigation and logouts from the account.

The bank’s score took a hit if they allowed you to log in from multiple browsers or computers at the same time, or if they permitted you to move backwards and forwards within the browser without needing to sign in again. 

The most secure online banking services

Here’s how the banks tested by Which? shaped up in these various elements (scored out of five), and their overall score, as a percentage.

Bank

Overall score

Login

Security best practice

Account management

Navigation and logout

NatWest

87%

4/5

5/5

5/5

5/5

Starling

87%

4/5

5/5

5/5

5/5

HSBC

80%

5/5

4/5

4/5

5/5

Barclays

78%

4/5

5/5

4/5

5/5

First direct

74%

4/5

5/5

4/5

5/5

Nationwide

74%

5/5

5/5

3/5

3/5

Lloyds Bank

69%

4/5

4/5

3/5

5/5

Virgin Money

68%

5/5

5/5

3/5

2/5

Santander

67%

3/5

5/5

3/5

5/5

TSB

67%

4/5

4/5

2/5

5/5

Co-operative Bank

61%

4/5

5/5

3/5

3/5

The best UK bank accounts for cashback

As the strongest banks for online security, Starling and RBS/NatWest received scores of 87%.

The banks achieved the highest possible ranking across security best practice, account management, and navigation and logout.

In contrast, Co-operative Bank placed bottom in the ratings, with an overall score of just 61%.

One of the most serious issues was the bank’s failure to require two-factor identification when researchers attempted to log in using a test laptop.

On top of this, the Co-operative doesn’t block users from setting weak passwords on their accounts.

The most secure banking apps

Now, let’s take a look at the findings for mobile banking apps, again rated according to five core categories and with an overall percentage score.

Bank

Overall score

Login

Security best practice

Account management

Navigation and layout

HSBC

78%

5/5

4/5

4/5

4/5

Barclays

74%

5/5

4/5

4/5

3/5

Chase

73%

4/5

5/5

4/5

4/5

Santander

73%

3/5

5/5

4/5

5/5

Starling

72%

4/5

5/5

3/5

5/5

NatWest

71%

4/5

4/5

5/5

4/5

first direct

68%

4/5

4/5

4/5

3/5

Nationwide

68%

4/5

4/5

4/5

4/5

Virgin Money

67%

5/5

4/5

3/5

4/5

Lloyds Bank

63%

3/5

4/5

4/5

4/5

Monzo

60%

5/5

3/5

4/5

4/5

Co-operative Bank

57%

3/5

5/5

3/5

3/5

TSB

54%

4/5

2/5

3/5

3/5

The best packaged bank accounts

Coming in as the best-performing app, HSBC received a score of 78%, with the researchers noting that the bank doesn’t rely on SMS when users log in.

Although Barclays placed second in the mobile app ratings, the investigation did reveal that the bank has yet to address some of the website management problems uncovered last year, which includes allowing users to log in from various browsers at the same time.

At the other end of the scale , TSB came bottom of the rankings, with the investigation uncovering a ‘medium risk’ issue with the app.

According to Which?, the bank’s handling of sensitive financial information could allow other apps installed on a phone to access confidential data.

Likewise, the researchers identified issues with outdated encryption technology and noted that the bank sends phone numbers via SMS alerts in some cases, which could be intercepted by scammers.

What do you want from your bank?

There are a host of different reasons for picking a bank account, from the interest rate on offer for credit balances, to how it handles overdrafts.

But clearly putting at least some time into researching just how secure a bank’s online processes are is vitally important too. 

There’s no point in taking advantage of an account paying cashback on your bills if somebody else gets to enjoy the money rather than you!

 

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

FCA Disclosure

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable for your needs, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the product.