Online banking security: the best and worst banks for safety
With mobile and online banking fraud becoming more sophisticated every day, research reveals the best and worst banks for cybersecurity in 2024.
The number of people who bank online or through a mobile app has risen dramatically in recent years.
According to figures from Statista released this month, more than 90% of Brits now use internet banking, which is up from approximately 30% in 2007.
However, there remain concerns over just how safe it is to handle your banking matters on the move.
Worryingly, the Annual Fraud Report from trade body UK Finance found that the volume of mobile banking fraud cases was up 62% compared to the previous year, "and for the first time ever, was higher than the volume of web banking cases".
With this in mind, consumer site Which? has delved into the online banking systems and mobile apps offered by the nation’s big names to see just how safe they are.
What makes an online account safe?
Although there are no guarantees that any banking platform is 100% secure, certain tools and features can significantly improve your chances of staying safe online.
Which? looked at a range of features when assessing the effectiveness of a bank’s security measures.
The first is the login ‒ the information you need to enter in order to gain access to the account details.
Sadly, the fact is that setting a complicated password is no longer enough to safeguard against hackers in 2024.
The importance of secure logins
When looking at the features offered by various banks, the researchers paid close attention to the use of two-factor authentication.
With this feature, simply having an account’s username and password isn’t enough to gain access ‒ you’ll also need to enter some other form of one-time passcode (OTP).
Which? awarded top marks to banks that required customers to also log into their online accounts via their mobile banking app or through a card reader.
While many banks have traditionally sent OTPs via text message, the researchers pointed out that these messages can be intercepted by hackers.
The sneakiest AI scams of 2024
Risky cybersecurity practices
Another key consideration was account management and the sort of checks in place before you can start making payments to another account.
While banks were praised if they sent notifications to flag up any potentially suspicious activity, they were marked down if these messages included a phone number or link to a login page, since that is so similar to the sort of model employed by scammers.
And finally Which? looked at the navigation and logouts from the account.
The bank’s score took a hit if they allowed you to log in from multiple browsers or computers at the same time, or if they permitted you to move backwards and forwards within the browser without needing to sign in again.
The most secure online banking services
Here’s how the banks tested by Which? shaped up in these various elements (scored out of five), and their overall score, as a percentage.
Bank |
Overall score |
Login |
Security best practice |
Account management |
Navigation and logout |
NatWest |
87% |
4/5 |
5/5 |
5/5 |
5/5 |
Starling |
87% |
4/5 |
5/5 |
5/5 |
5/5 |
HSBC |
80% |
5/5 |
4/5 |
4/5 |
5/5 |
Barclays |
78% |
4/5 |
5/5 |
4/5 |
5/5 |
First direct |
74% |
4/5 |
5/5 |
4/5 |
5/5 |
Nationwide |
74% |
5/5 |
5/5 |
3/5 |
3/5 |
Lloyds Bank |
69% |
4/5 |
4/5 |
3/5 |
5/5 |
Virgin Money |
68% |
5/5 |
5/5 |
3/5 |
2/5 |
Santander |
67% |
3/5 |
5/5 |
3/5 |
5/5 |
TSB |
67% |
4/5 |
4/5 |
2/5 |
5/5 |
Co-operative Bank |
61% |
4/5 |
5/5 |
3/5 |
3/5 |
The best UK bank accounts for cashback
As the strongest banks for online security, Starling and RBS/NatWest received scores of 87%.
The banks achieved the highest possible ranking across security best practice, account management, and navigation and logout.
In contrast, Co-operative Bank placed bottom in the ratings, with an overall score of just 61%.
One of the most serious issues was the bank’s failure to require two-factor identification when researchers attempted to log in using a test laptop.
On top of this, the Co-operative doesn’t block users from setting weak passwords on their accounts.
The most secure banking apps
Now, let’s take a look at the findings for mobile banking apps, again rated according to five core categories and with an overall percentage score.
Bank |
Overall score |
Login |
Security best practice |
Account management |
Navigation and layout |
HSBC |
78% |
5/5 |
4/5 |
4/5 |
4/5 |
Barclays |
74% |
5/5 |
4/5 |
4/5 |
3/5 |
Chase |
73% |
4/5 |
5/5 |
4/5 |
4/5 |
Santander |
73% |
3/5 |
5/5 |
4/5 |
5/5 |
Starling |
72% |
4/5 |
5/5 |
3/5 |
5/5 |
NatWest |
71% |
4/5 |
4/5 |
5/5 |
4/5 |
first direct |
68% |
4/5 |
4/5 |
4/5 |
3/5 |
Nationwide |
68% |
4/5 |
4/5 |
4/5 |
4/5 |
Virgin Money |
67% |
5/5 |
4/5 |
3/5 |
4/5 |
Lloyds Bank |
63% |
3/5 |
4/5 |
4/5 |
4/5 |
Monzo |
60% |
5/5 |
3/5 |
4/5 |
4/5 |
Co-operative Bank |
57% |
3/5 |
5/5 |
3/5 |
3/5 |
TSB |
54% |
4/5 |
2/5 |
3/5 |
3/5 |
The best packaged bank accounts
Coming in as the best-performing app, HSBC received a score of 78%, with the researchers noting that the bank doesn’t rely on SMS when users log in.
Although Barclays placed second in the mobile app ratings, the investigation did reveal that the bank has yet to address some of the website management problems uncovered last year, which includes allowing users to log in from various browsers at the same time.
At the other end of the scale , TSB came bottom of the rankings, with the investigation uncovering a ‘medium risk’ issue with the app.
According to Which?, the bank’s handling of sensitive financial information could allow other apps installed on a phone to access confidential data.
Likewise, the researchers identified issues with outdated encryption technology and noted that the bank sends phone numbers via SMS alerts in some cases, which could be intercepted by scammers.
What do you want from your bank?
There are a host of different reasons for picking a bank account, from the interest rate on offer for credit balances, to how it handles overdrafts.
But clearly putting at least some time into researching just how secure a bank’s online processes are is vitally important too.
There’s no point in taking advantage of an account paying cashback on your bills if somebody else gets to enjoy the money rather than you!
Comments
Be the first to comment
Do you want to comment on this article? You need to be signed in for this feature