Banks improve online securityWhich? puts 11 banking websites to the test

14 September 2014

Several banks and building societies have improved their online banking security, but many could still tighten in some areas, according to new Which? research. 

We tested the online security of the 10 biggest banks and building societies along with newcomer Metro Bank to see if they had made changes, since our investigation last year found some banks were vulnerable to attacks. 

Nationwide registered a massive improvement, moving up from seventh to first place in our online security table with a score of 79% (compared to 69% last year). Metro Bank was second with 76%.

Santander remained bottom of our table, despite addressing a key concern and improving its score dramatically from 47% to 64%.

Our test focused on security measures around login/logout, payments, changes of account details, navigation (e.g. using forward and back buttons) and encryption, as well as the security advice given by each bank.

Find out more: How to bank safely online - our guide shows how to protect yourself

Login problems

Most providers' online security fell down around login security. Our testers looked at the strength of passwords required to log in, as well as awarding marks for giving the consumer the option of a two-factor login. None of the 11 providers tested managed to score the full five stars on this part of the test.

Find out more: Call the Which? Money Helpline - for personalised advice about online banking fraud

Online threat test toughened

We tested our 11 providers for resistance to online threats such as 'clickjacking' attacks, which trick you into clicking on fake buttons superimposed over the real site. 

We toughened up our test by rewarding those providers that had strengthened their resistance to such threats over and above the minimum standard required. Most providers scored well on this part of the test with four or five stars.

Find out more: Security software program reviews - 23 programs compared by our experts

Watch out for phishing and scam phone calls

Hackers struggle to get into your account without your details, so fraudsters have increasingly focused on convincing people to hand over personal information through phishing emails or scam phone calls.

We only looked at the technical part of consumer-facing online banking, but its important to stay safe around these other threats too.

Know your rights: I think I've given a fraudster my bank details - we explain what to do

More on this...