Certain bank websites and apps lack security safeguards, which could leave the “doors open” to scammers, Which? demands.
The security system consumer group tested 13 current customer account providers from September to November 2022, with the help of security experts at Red Maple Technologies.
Account providers were scored by looking at their processes for login, navigation and logout, account management and encryption – for both their online banking and app security.
Virgin Money received the lowest overall score for online banking and apps in the research.
A spokesman for Virgin Money said: “The safety and security of our banking services is our top priority, and we are constantly monitoring, assessing and improving our security controls.
“Some of the points raised in this research relate to decisions we have made to improve the digital user experience while ensuring that our robust multi-layered controls are still in place to protect customers’ accounts.”
Which one of them? He also said he had some concerns about TSB, which received the second lowest score for its app in the study.
A TSB spokesperson said: “We continue to invest in our online and mobile services – and work with leading technology firms around the world to provide security and accessibility for our customers. TSB also tracks well across the industry in preventing fraud and we are the only bank that protects its customers with a money back guarantee should they ever become a victim of fraud.”
Nationwide Building Society received the second lowest score for online banking security.
A spokesman for Nationwide said: “Nationwide takes the security of its members and their money very seriously.
“We are never complacent and regularly test our systems to ensure we maintain an appropriate level of protection, whilst ensuring a positive user experience.
“We will take the points raised by Which? on board as we continue to develop our digital services.”
Meanwhile, Which? said that Starling Bank was placed on top for online banking security.
Last year’s top scorer for online banking security, HSBC UK, also did well this year. HSBC followed closely behind Starling for online banking, with its app having the highest score.
Which one of them? The banks included in the research also said there are behind-the-scenes systems that the consumer group and Red Maple Technologies were unable to test.
In general, the consumer champion said he wants improvements to block weak passwords and also believes sensitive data should not be sent via text messages because these can be intercepted.
If the worst happens and people fall victim to remote banking fraud, in many cases they will be entitled to a refund from their bank.
Sam Richardson, Which? The deputy money editor said: “Banks should not be leaving these doors open for scammers to take advantage of and need to up their game to properly protect their customers.
“By making improvements, such as blocking weak passwords, banks can take an important step in preventing unscrupulous fraudsters from trying to steal money and personal data from consumers.”
A UK Finance spokesman said: “The banking and finance industry is committed to stopping fraud from happening in the first place, investing billions in advanced technology to protect customers.
“Our figures have shown that the number of recorded cases of unauthorized fraud has fallen year-on-year, falling by 7% to just under 1.4 million in the first half of 2022, with banks stopping £583.9 million of unauthorized fraudulent transactions.
“The industry continues to work closely with Government and law enforcement to target the criminal gangs responsible and continue its efforts to prevent customer fraud.”
Here are five tips from Which? for safe online banking:
1. If you receive unexpected emails, texts, WhatsApp or any other type of messages, do not click on the hyperlinks in them.
Criminals posing as a bank may try to steal sensitive data or trick you into sending money, going so far as to create fake websites to impersonate banks and other businesses.
Don’t download attachments or call phone numbers either. If you need to contact your bank, call it on a reliable number, such as the one on your debit card.
2. Use up-to-date security software. This means downloading anti-virus software on your computer, phone and any other devices you have.
It is also important to download and install the latest updates for the device itself. Updates contain security patches for new vulnerabilities, so don’t use an outdated device.
3. Protect your mobile phone. Go into the settings to automatically lock your phone after a short period of inactivity.
While you’re at it, disable lock screen notifications, to prevent criminals from seeing incoming texts, which could include bank codes to access your account.
You can also add a PIN to your Sim card, to prevent it.
4. Check privacy settings on social media. Remove any personal information such as your email, date of birth and phone number – all of which can be used by criminals to steal your identity or impersonate your bank.
Only accept friend requests from people you know.
5. Replace default passwords on your home router. This will prevent others from accessing it. Also, avoid banking on unsecured wireless networks or public computers.
If you use a public computer, don’t leave it unattended and always log out when you’re done.