According to Which, several banks really need to take a closer look at their online security measures, as there are possible gaps that could leave customers open to scams. The consumer advocacy group evaluated the apps and websites of 13 banks offering current accounts in January and February 2024, with assistance from cybersecurity experts. Their research focused on how secure the login processes, account management, navigation, and logout features are on these banking platforms. However, they couldn’t assess the security systems that operate behind the scenes at these banks.
While all the banks studied have multi-layered security in place to minimise serious breaches, Which? Feels that some of the lower-ranked providers didn’t meet the level of protection that customers should expect. TSB received a score of 54 for its mobile app security and 67 for its online security—these were the lowest and second-lowest scores in the evaluation.
Which? has pointed out that the way the bank handles sensitive information could allow other apps on a user’s phone to access it. They expressed worries that the app might store users’ login details in a manner that increases the risk of these details being accessed by other applications. In response, TSB mentioned to Which? that they are currently looking into this issue and will think about making improvements down the line.
Additionally, TSB sent out a text alert containing a phone number, which Which? Warned could be exploited by scammers. TSB responded by saying they have already eliminated phone numbers from most SMS alerts, and this particular alert will be the last one to include such information as they update their system.
The consumer group also highlighted concerns regarding TSB’s password policies, suggesting that users might end up choosing weak passwords that scammers could easily guess. TSB reassured them by stating they are constantly working on enhancing security for their online and mobile banking services while also ensuring a smooth experience for their customers, which is evident in their high ratings on app stores.
In a recent study by Which?, the Co-operative Bank was found to have the poorest online security, earning a score of just 61. When it came to the security of its mobile app, it was almost at the bottom as well, scoring 57. The report pointed out that the bank didn’t require two-factor authentication for logging in on a test laptop and allowed customers to create weak passwords without any restrictions.
Researchers were able to log into accounts from two different IP addresses simultaneously without automatically logging out of the first session. Similar to TSB, they also noticed that customer alerts and security codes were still being sent via text messages that included phone numbers. In response, the Co-operative Bank emphasised that keeping their customers’ accounts safe is their highest priority and assured them that they have robust security measures in place to protect both their accounts and funds.
We’re always looking at ways to improve our security measures, and in 2024, we’ll be rolling out several enhancements to ensure our customers can bank with us safely and confidently. Which? Has urged TSB and the Co-operative Bank to tackle the problems identified by their researchers quickly. On another note, Lloyds has been criticised for not logging users out of their website after five minutes of inactivity. The bank explained to Which? that this policy actually helps vulnerable customers complete their transactions more quickly. A spokesperson from Lloyds Banking Group emphasised that keeping our customers’ money and information secure is our top priority. They mentioned that they have multi-layered solid security systems in place for online and mobile banking to guard against cyber threats.
They hire top-notch cybersecurity experts and consistently invest in finding the right mix of online safety features, user experience, and accessibility. Although it’s mentioned in regulations by the Payment Systems Regulator regarding secure customer authentication, Lloyds Banking Group has informed regulators that they won’t enforce strict logout times for payments or logins because some vulnerable customers or businesses may need more time to finish their transactions.
“Logons from new devices are verified through secondary verification to customers’ registered phones to establish the trust for any devices used. Given this, there are no customer untrusted devices.”
Which? Ranked Starling Bank and NatWest/RBS as the best online security providers, with both scoring 87%.
The top-ranked bank for mobile app security was HSBC, with a score of 78%.
Which? said HSBC posted solid scores for both its app and website, and researchers found no issues with logout or navigation.
Barclays was ranked second in the mobile app rankings, with a score of 74%, but Which? Found it had not fixed website management issues it identified last year, such as letting users access accounts from multiple browsers, IP addresses or devices at the same time.
The bank told Which? It uses other controls to assess the risk profile of devices accessing online banking and is planning to add this additional layer of protection later this year.
Sam Richardson, deputy editor of Which? Money said: “With many people increasingly banking online or on their phones, it’s crucial that the banks we trust with our money have security protections that are up to scratch.
Our investigation didn’t uncover any severe security problems, but we did find some issues that the banks need to fix quickly. We want to make sure that clever scammers can’t exploit any weaknesses to prey on innocent people. With fraudsters constantly trying to steal from us and a general election coming up, the next government must prioritise fighting fraud. They should appoint a dedicated fraud minister who can coordinate efforts across different government departments.
A representative from UK Finance, an industry group, stated that fraud can have a terrible effect on its victims, which is why preventing it is always the top priority for banks and financial institutions. They put a lot of resources into cybersecurity and sharing information in order to spot and stop bad actors from breaking into their systems and committing fraud. As scams continue to change over time, banks are regularly updating their security measures while also ensuring that customers have a smooth experience using their services.
We urge customers to stay vigilant against potential scams by using strong passwords and never sharing one-time passcodes or personal financial details. If you suspect you’ve fallen victim to a scam, it’s crucial to contact your bank right away and report it to Action Fraud.
Maxthon
Maxthon Browser is a solid and safe choice for anyone doing online banking. It uses strong encryption and anti-phishing tools to keep your personal and financial information secure. Plus, it has a built-in ad blocker that gets rid of annoying ads, making your browsing experience smoother and less distracting.
One of the key features is its privacy mode, which helps protect sensitive information from unauthorised access, creating a safer online environment. This is particularly important when you’re handling confidential details or making financial transactions that need extra protection from potential threats.
In an era when online privacy is increasingly threatened, users are seeking effective ways to protect themselves. Maxthon, a versatile web browser, offers powerful tools that can transform the online experience. One of these tools is its integrated ad blocker.
By activating the ad blocker, users can shield themselves from intrusive advertisements that often track browsing habits. This not only enhances their browsing speed but also minimises exposure to potentially harmful content.
But the protection doesn’t stop there. Coupled with Maxthon’s privacy mode, users take their security a step further. Privacy mode prevents the browser from storing any history or cookies during a session, ensuring that sensitive information remains confidential.
Together, these features create a formidable barrier against data breaches and unwanted surveillance. Users can surf the web with confidence, knowing their details are safeguarded from prying eyes.
Ultimately, leveraging both Maxthon’s ad blocker and privacy mode equips individuals with greater control over their digital footprint. In this ever-evolving landscape of online threats, adopting such protective measures is no longer optional; it is essential for a safer internet experience.
These features give Maxthon users peace of mind as they browse the web, knowing that their sensitive information is protected from unwanted attention and digital dangers. Whether you’re accessing banking sites, shopping online, or just looking up information, the combination of these tools effectively keeps security risks at bay.
Overall, Maxthon’s commitment to user safety through these advanced features makes it a reliable choice for anyone wanting a secure browsing experience. It also works well with popular banking websites for easy navigation during transactions. Plus, its simple interface makes it accessible even for those who aren’t very tech-savvy.