Consumer champion Which? has done a study into the security of online banking to see which bank’s website is the safest.
Which? tested 10 of the UK’s biggest banks, and here are the rankings:
- NatWest/RBS – 76%
- The Co-operative Bank – 72%
- HSBC – 72%
- Barclays – 71%
- Norwich and Peterborough BS – 70%
- Lloyds TSB – 69%
- Nationwide BS – 69%
- Smile – 68%
- Halifax – 67%
- Santander – 47%
First Direct scored a dismal one star for the security when setting up a new payee and would have scored 46%. However, since Which? carried out their testing, First Direct have  made changes to improve their security. First Direct told Which? it takes security ‘very seriously’ and is introducing a higher level of security.
As you can see from the list, NatWest/Royal Bank of Scotland (RBS) security rated highest with an overall score of 76%. These banks require a card reader to complete higher risk tasks, such as transferring money to a new payee or changing your password.
These banks also lock customers out of their accounts for 10 minutes if they try to log on from two different IP addresses at once. This would deter a fraudster who may try and access your account while you’re already logged in.
Santander scored the lowest – just 47% – getting lower ratings in a number of areas compared with the top performing banks. It fell down compared with other banks in terms of how it dealt with the security around the log out process.
The tests
In July 2013, Which? asked one customer from each bank to log in to their current account using a test computer, and undertake a range of tasks. They rated each bank using seven different elements of the customer-facing security each used.
They investigated login security, logout security, what security was in place for transferring money to a new payee. Which? also looked at if there was additional security in place when changing personal details online and whether the site allowed users to use the forward and back buttons in their browsers. Encryption against threats and protection against specific attacks were also assessed.