Starling Bank and HSBC lead the rankings for online banking security, according to assessments conducted by Red Maple Technologies for consumer advocate Which?. In contrast, Virgin Money and TSB received the lowest ratings.
Which? evaluated the customer-facing security systems of 13 current account providers between September and November 2022. The banks were assigned scores based on four critical areas: login processes, navigation and logout, account management, and encryption, for both online banking and mobile apps.
Issues that led to lower scores included inadequate measures to block weak passwords, the transmission of one-time passcodes or sensitive information via text messages, and failure to automatically log customers out after five minutes of inactivity. Banks also lost points for allowing simultaneous access to accounts from multiple web browsers or IP addresses without raising alerts, as well as for sending notifications that included phone numbers or web links, which could facilitate scams.
The context of this research is significant, as UK Finance reported 29,102 incidents of remote banking fraud in the first half of 2022, where scammers gain unauthorized access to consumers’ bank accounts through various online platforms.
Virgin Money received the lowest scores, with 52% for online banking and 54% for its app. The bank faced particularly low ratings in navigation and logout, as well as account management, earning only two stars in these areas. Red Maple Technologies identified six outdated web applications at Virgin Money, three of which had minor vulnerabilities that the bank intends to address.
Concerns were also raised regarding TSB, which scored 57% for its app and 66% for its online banking services. TSB still employs basic security questions, such as “name your favourite food,” for recovery of login details, and does not adequately block insecure passwords.
Starling Bank achieved the highest score for online banking security at 82%, with its app scoring 80%, facilitating secure login authorizations and instant activity alerts. HSBC, last year’s highest scorer, closely followed with 80% for online banking and the top app score of 82%.
Nationwide had fewer issues with app security, scoring 67%, but it had the second lowest score for online banking security at 63%. The bank is looking to implement better notification practices for sensitive changes in the future.
Sam Richardson, Which? Money deputy editor, emphasized the necessity for banks to strengthen their security measures to protect customers effectively, underscoring the importance of blocking weak passwords to mitigate the risks of fraud.