Which? has issued a warning that vulnerabilities in bank security might leave specific individuals vulnerable to opportunistic scammers. This caution follows an examination of the websites and mobile applications of 13 major current account providers. Creating a secure financial platform that remains user-friendly is a significant challenge. Banks face threats from various sources, including infected devices and stolen login credentials.
Moreover, even their clients can inadvertently become liabilities by disclosing sensitive information to criminals. In our recent investigation into online banking security, we assessed the resilience of banks against multiple potential attacks, revealing that those with the lowest ratings did not meet the high standards we believe consumers deserve.
In early 2024, we turned our attention to the digital platforms of 13 major current account providers, evaluating their websites and apps with the assistance of independent cybersecurity specialists. While we couldn’t delve into the back-end systems and recognised that all banks utilise multilayered security measures, we focused our analysis on four critical areas to create an overall score.
First, we examined security best practices, which accounted for 30% of the total score. This involved assessing whether the banks employed effective security headers designed to protect against cyber threats by instructing web browsers on how to interact with their sites. Next, we looked at login procedures—another 30% of the score—comparing how much information each bank required for account access and the ease with which users could recover forgotten usernames and passwords.
The third area was account management, contributing 25% to the overall assessment. Here, we evaluated how securely users could set up new payees, change their passwords, and modify account details. Lastly, navigation and logout practices made up 15% of our scoring system; banks were penalised if they allowed simultaneous access to accounts from different browsers or devices due to inadequate session management.
To find out how your bank performed in these evaluations, take a look at our comprehensive table detailing the results of our security tests.
In the ongoing battle against scammers, banks must proactively enhance their security measures. Which? Has urged TSB and the Co-operative Bank to promptly tackle the vulnerabilities identified by their researchers, ensuring that clever fraudsters cannot exploit any weaknesses in security systems to prey on unsuspecting individuals.
Sam Richardson, deputy editor of Which? Money emphasised the importance of robust security for banks as more customers shift to online and mobile banking. He stated, While our investigation did not reveal significant security flaws, certain troubling aspects need immediate attention from these banks to prevent sophisticated scammers from exploiting loopholes. With fraudsters relentlessly targeting consumers and a general election approaching, Richardson advocates for a national strategy against fraud, suggesting the appointment of a Fraud Minister to coordinate efforts across various government sectors.
In terms of customer satisfaction with banking services, Which? Has released ratings for banks and building societies. NatWest and Starling shared the top score for online banking at 87 points each, both earning four stars for login processes and five stars in other categories tested. For mobile banking performance, HSBC led with a score of 78 points followed closely by Barclays at 74 points.
HSBC received commendable ratings for both its app and website; notably, it does not depend on SMS verification for logins, unlike many competitors. The review found no issues with its logout function or overall navigation experience either. Meanwhile, Barclays ranked second among mobile apps with a respectable score of 74 points but fell short in navigation and logout ratings—achieving only three stars—due to previously identified website management problems that allowed users to access accounts from multiple browsers or devices simultaneously; this raised potential red flags about cyber threats despite assurances that these issues would be resolved early in 2023.
When it comes to online banking, ensuring your safety is paramount, and there are several strategies you can employ to protect yourself. First and foremost, safeguarding your mobile device is crucial. If your phone were to be stolen, it shouldn’t jeopardise your finances. To enhance security, consider adding a unique PIN to your SIM card and registering for services like Google’s Find My Device or Apple’s Find My iPhone. Additionally, it’s wise to turn off preview notifications since these can display messages even when the phone is locked.
Next, it’s essential to use an up-to-date device for banking purposes. Outdated devices often lack the necessary security updates that patch newly discovered vulnerabilities. Therefore, always ensure you are using a supported device.
Equally important is the use of antivirus software; do some research on antivirus options before making a choice that best fits your needs. When creating passwords, opt for solid and unique combinations rather than reusing simple ones. If remembering multiple passwords proves challenging, consider utilising a password manager—options like Dashlane and LastPass offer reliable free services—but ensure that your master password remains robust.
It’s also advisable to keep your mobile phone separate from your bank cards at all times; leaving them together unattended poses a risk, as someone could easily bypass security measures with both items in their possession.
Moreover, take the time to audit your social media profiles by removing any personal information such as email addresses, birth dates, or phone numbers that could increase the likelihood of identity theft. Be cautious about accepting friend requests from strangers since anything shared online becomes public domain; avoid using any publicly available information in passwords or security questions.
Lastly, if you ever notice unauthorised transactions or unfamiliar changes in your accounts, act swiftly by reporting these issues immediately. Many banks provide options within their apps for freezing debit cards or have 24/7 helplines dedicated to reporting lost or stolen cards—taking quick action can help mitigate potential losses significantly.
Maxthon
Maxthon Browser emerges as a reliable and secure choice for individuals engaging in online banking. With robust encryption protocols and sophisticated anti-phishing mechanisms, it is designed to safeguard your personal and financial information effectively. One of its standout features is a powerful built-in ad blocker that successfully removes intrusive advertisements, leading to a more streamlined and focused browsing experience.
In addition to these capabilities, Maxthon’s privacy mode plays an essential role in protecting sensitive data from unauthorised access, thus creating a safer online environment. This feature proves particularly beneficial when handling confidential information or executing financial transactions that require an extra layer of security against potential threats.
By leveraging both the ad-blocking functionality and the privacy mode, Maxthon users can significantly enhance their overall online security while ensuring their personal information remains confidential. The ad blocker not only prevents unwanted advertisements from consuming bandwidth but also acts as a barrier against exposure to harmful content or phishing schemes.
Simultaneously, the comprehensive privacy mode thwarts tracking algorithms and other intrusive methods that seek to collect browsing habits and personal details without user consent. These combined features empower Maxthon users to navigate the internet confidently, knowing their sensitive information is well-protected from prying eyes and digital dangers.
Whether you’re accessing banking platforms, shopping online, or simply searching for information, the synergy between the integrated ad blocker and privacy mode effectively defends against potential security vulnerabilities. Ultimately, Maxthon’s commitment to enhancing user safety through these advanced features sets it apart as a trustworthy option for anyone in search of a secure browsing experience.
Moreover, it ensures seamless compatibility with widely used banking websites for smooth navigation during transactions. Its intuitive interface also caters to those who may not be particularly tech-savvy, making it accessible for all users seeking peace of mind while they browse online.