Santander and Halifax poor for online security Banks' online banking security falls short
19 August 2011
A new Which? investigation has found problems with the online banking security offered by Britain's banks.
Online security concerns
Which? found significant security failings, with Santander and Halifax among the worst. Nationwide had the best overall level of security, despite only managing an overall score of 69%. Natwest/RBS and Barcalys performed well, while LLoyds TSB and First Direct were in the bottom half.
Which? executive director Richard Lloyd says: 'With so many of us doing our banking online these days, it’s important that banks’ security is up to scratch. We were alarmed to find significant flaws in the online security of some of the UK's biggest banks.
'If you find you’ve been a victim of fraud, then contact your bank immediately. They can only refuse to refund you if they can prove you were negligent or you acted fraudulently. If your bank refuses a refund, you can take them to the Financial Ombudsman.'
What we were looking for
Which? experts assessed whether banks required you to use full or partial security details - full-typed details allow a keylogger to easily record your information - and whether its possible to browse to another site while staying logged in - which could put you at risk.
Santander was the only bank in our test to ask for a full password, which could leave accounts vulnerable to keyloggers. The bank has since announced changes to its online banking servicey. Halifax scored poorly for logout security.You can read more about the trade-off between security and convenience on the Which? Conversation site, and this video gives some tips for keeping your details safe:
They also checked whether additional security measures were in place for performing high-risk tasks, such as changing address and password details, and whether banks required users to enter their details in a special card reader which generated a one-off code.
Top online security tips
- Regularly log in and check your statement for unusual transactions. If you spot anything unfamiliar immediately contact your bank.
- Avoid public computers for online banking, make sure your wifi-network is secure, and don't open emails from unknown sources as they may contain a virus
- Install the latest anti-virus and anti-spyware software, use an effective firewall, and ask your bank if they offer 'Rapport' software which can be used in addition to your usual software.
- Keep both your operating system (such as Windows) and your browser (such as Internet Explorer or Firefox) up to date and set your computer to install updates automatically. If you receive a suspicious email purporting to be from your bank forward it to email@example.com.
- Learn more about online banking security by reading our online guide to protecting your online ID and to safe online banking on our website.
Which? Money when you need it
You can follow @WhichMoney on Twitter to keep up-to-date with our Best Rates and Recommended Provider product and service reviews.
Sign up for the latest money news, best rates and recommended providers in your newsletter every Friday.
Or for money-saving tips, and news of how what's going on in the world of finance affects you, join Melanie Dowding and James Daley for the Which? Money weekly money podcast
For daily consumer news, subscribe to the Which? news RSS feed here. And to find out how we work for you on money issues, visit our personal finance campaigns pages.