Online banking security: Compare online banking security

Around 21 million people bank online in Britain. But while many of us now take our bank’s online security for granted, our investigation has discovered that there are significant differences between the protection levels that each bank offers against computer fraud.

Banks rated 'excellent' for online security

Barclays

Our expert’s view: This bank’s security measures provide excellent controls to secure your account from fraudsters. The PINSentry device makes any vulnerabilities moot, since you need your bank card with the PINSentry (and your Pin) in order to log in.

Barclays said: ‘At Barclays, we have pushed ahead with pioneering anti-fraud initiatives over the past two years to provide our 3 million online banking customers with increased security/site protection.

In 2007, we were the first bank to invest and roll out PINSentry to our customers, as well as offering free anti-virus software through Kaspersky. We believe Barclays customers have the best security packages of all online banks to protect them and their money.’

Banks rated 'good' for online security

First Direct

Our expert’s view: This bank’s security measures are sufficient to adequately protect users from fraudsters. It would take a sophisticated keylogger and a lot of logins to get all the information to hijack your account, but we’d have preferred to see a drop-down menu for password entry.

Although there are no additional controls to prevent a successful criminal transferring money from your account, other controls compensate for this.

First Direct said: ‘A vast majority of First Direct customers bank online, and it is good to see that our continuous dedication to providing both customer convenience and security have been acknowledged in this report.’

Lloyds TSB

Our expert’s view: This bank’s security measures are sufficient to adequately protect users from fraudsters. It does not log you out if you close a browser tab but other controls are sound and a fraudster would be unable to transfer money out of your account. 

Lloyds TSB now owns the Halifax. For its response to our findings, see ‘Halifax’, above.

Nationwide

Our expert’s view: This bank’s security measures are sufficient to adequately protect users from fraudsters. It permits the browser to remember the first two elements of the login process, but other controls are sound and a fraudster would still be unable to transfer money out of your account.

Nationwide said: ‘The security of our members’ money and identity are of paramount importance, and our online banking system has been developed with this in mind. We are, therefore, pleased with these findings as they underline that Nationwide is a safe and secure financial institution.’

NatWest and RBS

Our expert’s view: These banks are functionally identical. The security measures are sufficient to protect against fraudsters. 

It permits the browser to remember the first two elements of the login, but other controls are sound and a fraudster would be unable to transfer money from your account.

A spokeswoman said: ‘We take our customers’ online security very seriously and are constantly ensuring that online banking is not only user friendly but, more importantly, secure. We are pleased that Which?’s findings recognise how far we go to protect customers.’

Banks rated 'average' for online security

Alliance & Leicester

Our expert’s view: This bank gives basic protection, but there’s room for improvement as authentication could be bypassed if a keylogger infected your computer. The good news is that a criminal would be unlikely to be able to transfer money from your account.

Alliance & Leicester is owned by Santander, which owns Abbey. For its reply, see ‘Abbey’, above.

HSBC

Our expert’s view: This bank gives basic protection, but there’s room for improvement, as there are no additional safeguards for money transfers. It would take a sophisticated keylogger and quite a few logins to get all the information to hijack your account.

HSBC says: ‘Fraud prevention will always be a compromise between the need for security and the customer’s need for functionality. We feel we have the right balance.’

Banks rated 'poor' for online security

Abbey

Our expert’s view: This account gives its users basic protection, but login could be bypassed if your computer were infected by a keylogger. No additional controls prevent criminals transferring money from your account.

A spokesperson for Abbey and Alliance & Leicester (owned by Santander) said: ‘We treat customers’ security and their data with the highest priority. We constantly review and update our customer security processes with this in mind. Customers are reminded that they can follow a few simple steps to protect their accounts online.’

Halifax

Our expert’s view: This bank’s security falls below the standard our expert says users should expect. It gives users basic protection, but authentication could be bypassed if your PC were infected by a keylogger, and there are no additional controls to prevent a criminal transferring money from your account.

Halifax said: ‘Across all of our internet businesses we work with the leading experts worldwide on security to ensure that our customers are fully protected. The vast majority of our fraud defence is not visible to customers and we deliberately seek to provide security which does not adversely impact our customer’s ability to bank with us online.

There is no relationship between the visibility of fraud defences and their effectiveness in protecting customers. Any meaningful assessment of a bank’s fraud prevention tools needs to fully examine all systems whether they can be seen directly by customers or not and we would never release details of these systems to any third party.’

Online banking security rated

The table below shows whether each bank met the main security points investigated. Having to type login details in full was counted as a mark against the banks, as was the ability to transfer money or change your address without additional login checks.