We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.
Two thirds of Which? members access their bank online every week. Are they safe?
A new Which? investigation has found problems with the online banking security offered by Britain’s banks.
Online security concerns
Which? found significant security failings, with Santander and Halifax among the worst. Nationwide had the best overall level of security, despite only managing an overall score of 69%. Natwest/RBS and Barcalys performed well, while LLoyds TSB and First Direct were in the bottom half.
Which? executive director Richard Lloyd says: ‘With so many of us doing our banking online these days, it’s important that banks’ security is up to scratch. We were alarmed to find significant flaws in the online security of some of the UK’s biggest banks.
‘If you find you’ve been a victim of fraud, then contact your bank immediately. They can only refuse to refund you if they can prove you were negligent or you acted fraudulently. If your bank refuses a refund, you can take them to the Financial Ombudsman.’
What we were looking for
Which? experts assessed whether banks required you to use full or partial security details – full-typed details allow a keylogger to easily record your information – and whether its possible to browse to another site while staying logged in – which could put you at risk.
Santander was the only bank in our test to ask for a full password, which could leave accounts vulnerable to keyloggers. The bank has since announced changes to its online banking servicey. Halifax scored poorly for logout security.You can read more about the trade-off between security and convenience on the Which? Conversation site, and this video gives some tips for keeping your details safe:
Please enable JavaScript to access this content.
Video transcript
Hello, I’m Martin Hocking and I’mhere to help you protectyourself and your money against identity fraud.Now, losses from credit and debitcard fraud reached £535 million in 2007.That was up 25%from on previous year.These statistics statistics areworrying, but there are somekey steps you can take todecrease the chances of becoming a victim of the fraudsters.
You can start by examining your bank and credit card statements.carefully to check for any transactions that you don’t recognize.Keep receipts from credit and debit card purchases, to help you do this.Report any fraudulent transactionsyou spot to your bank or card provider immediately.As fraudsters commit identity theftby stealing personal information about you.
To stop them getting theirhands on your details fromold documents, shred or rip up old bank statements, utility bills, receipts and anything showing your name and address before throwing it away.If you move house, you should also redirect yourmail to your new addressusing Royal Mail’s redirection service, for at least a year afterwards.
When you’re picking passwords for financial websites, avoid using information that could easily be obtained by fraudsterssuch as you mother’s maiden name for example.A combination of letters and numbers is the most secure form of password, but obviously choose something that you canremember without having to write it down.
Now we are alldoing a lot more shopping online these days.Very important to check the beginning of theaddress of a website ischanging from the letters http tohttps when you’re paying for somethingonline and the imageof a padlock lock willappear as well, usually at the top of the computer screen.
Check this happens whenyou’re shopping on the internet tomake sure your payment details are protected.You should also protect your computer withanti virus software and a firewallto prevent fraudsters accessing your hard drive.It is important to notify yourbank or creditor provider as soonas possible, if your cardsare stolen or have been lost.
You should also do thisif you notice fraudulent or suspicioustransactions on your statements.It’s worth keeping anote of these relevant telephone numbersin you purse or wallet, itreally takes the stress out of that situation.It means they’re accessible even if you’re away from home.Here’s another one.
It sounds simple, but it’s veryimportant.Do not allow someone else to useyour debit or credit card by giving them your PIN.This could be seenas acting without reasonable careby your bank, should any moneybe taken from you fraudulentlyand it couldn’t makeit that much harder to claim the money back.
For the same reason you should never recordyour pins or passwords in a way thatwould make accessible to fraudsters.And obviously never store them with your cards.The banking code says that you’re not liablefor more than £50 ifyour card is lost or stolen and thenused fraudulently, but this does notapply if your bank can show that youacted without reasonable care.
And they would say writing yourPIN down and sticking it in your wallet is not acting with reasonable care.Finally, if someone contacts you by phone or email orclaiming to be from your bankor credit card company, don’tgive out any personal details without firstmaking sure they arewho they say they are for example, by phoning them back.
In reality, your bankwill never ask you for yourpin or password over the phone, they simply don’t need that information.ones asking for it, they’re almost certainly a fraudster.
They also checked whether additional security measures were in place for performing high-risk tasks, such as changing address and password details, and whether banks required users to enter their details in a special card reader which generated a one-off code.
Top online security tips
Regularly log in and check your statement for unusual transactions. If you spot anything unfamiliar immediately contact your bank.
Avoid public computers for online banking, make sure your wifi-network is secure, and don’t open emails from unknown sources as they may contain a virus
Install the latest anti-virus and anti-spyware software, use an effective firewall, and ask your bank if they offer ‘Rapport’ software which can be used in addition to your usual software.
Keep both your operating system (such as Windows) and your browser (such as Internet Explorer or Firefox) up to date and set your computer to install updates automatically. If you receive a suspicious email purporting to be from your bank forward it to reports@banksafeonline.org.uk.
You can follow @WhichMoney on Twitter to keep up-to-date with our Best Rates and Recommended Provider product and service reviews.
Sign up for the latest money news, best rates and recommended providers in your newsletter every Friday.
Or for money-saving tips, and news of how what’s going on in the world of finance affects you, join Melanie Dowding and James Daley for the Which? Money weekly money podcast
For daily consumer news, subscribe to the Which? news RSS feed here. And to find out how we work for you on money issues, visit our personal finance campaigns pages.