A Which? investigation looking at online banking has found some banks perform far better than others. Their research looked at different aspects of online security with 6point6, an independent security company. The investigation took place in September and October 2020 with full results available in the January 2021 issue of Which? magazine.
The worst performing banks
The research highlighted big security problems with Tesco Bank and TSB. Tesco Bank had the lowest score with issues in controlling your trusted login devices and missing security headers. The bank even had an internal staff website accessible to anyone! Since the research, Tesco Bank has blocked access to the area and isn't currently accepting new customers.
TSB didn’t perform much better and ended up having one of the lowest scores for the second year running. The major problem with TSB turned out to be non-compliance with strong customer authentication (SCA) regulation. SCA regulation requires banks to use two-factor authentication to add an extra layer of security to online logins. At the time of the investigation, the bank initially told Which? it was SCA-compliant but later admitted the protection is only being rolled out.
The best performing banks
The investigation also found the top-performing banks when it came to online security. Starling took the top spot with no missing security headers and top-notch encryption. Barclays, HSBC and First Direct closely followed Starling in terms of security.
Two-factor authentication is important
SCA-compliancy played a vital role in the investigation. A significant component of it is the two-factor authentication process. Two-factor authentication requires the customer to use two "layers" of login methods. The first is usually static data such as a username and password, while the second involves non-static data such as a code generated for a short duration.
Many security experts have long said it’s one of the most effective ways to prevent major security breaches. James Stickland, CEO at authentication platform Veridium, commented on the enforcement of the SCA regulation last March, stating, “Implementing the latest identity verification technologies can help companies to protect the abundance of sensitive customer data and, crucially, deliver a seamless user experience.”
While TSB failed to provide two-factor authentication, the top-performing banks received good marks on their authenticator systems. For example, Barclays encourages users to log in using a PINsentry card reader. The reader is available both as a physical and integrated app version.
Strong security is an integral part of online banking. The investigation shows the significant differences that exist between different banks. As a consumer, it’s important to stay vigilant and learn how to improve your online security.
When using online banking, you should:
- Always allow and use two-factor authentication
- Choose a strong password – check these security tips from Google
- Update your online banking app, as well as keep your computer software updated
- Log out when you are done
It’s also worth keeping an eye on your accounts to ensure you can spot any strange activity immediately. Reporting fraud quickly can protect you and help you get your money back.