Nationwide most secure for online banking - Which?

Nationwide most secure for online banking - Which?

Nationwide offers the UK's most secure online banking experience and Norwich & Peterborough Building Society the least, according to Which?

The consumer group used volunteers to carry out a series of tests on the Web sites of 12 banks and building societies to gauge their security.

Banks have been awarded a score out of 100 based on factors such as the ability to protect against keyloggers; whether users can stay logged in and browse to others sites; whether they need card readers; and if they are offered free security software.

Nationwide has come out on top, despite only managing a score of 69%. Natwest/RBS scored 63%, Barclays 62%, the Co-op 59%, HSBC 58%, Clydsdale 56% and First Direct and Lloyds TSB both 54%.

Norwich & Peterborough Building Society faired worst, with a score of just 35%, behind the Halifax on 38%, Santander 44% and Smile 49%.

Santander was the only bank to ask for a full password, which could leave accounts vulnerable to keyloggers, although the bank has since made changes to its online service. Halifax scored poorly for logout security.

Richard Lloyd, executive director, Which?, says: 'With so many of us doing our banking online these days, it's important that banks' security is up to scratch. We were alarmed to find significant flaws in the online security of some of the UK's biggest banks."

Comments: (3)

Melvin Haskins
Melvin Haskins - Haston International Limited - 26 August, 2011, 16:37Be the first to give this comment the thumbs up 0 likes

As a Nationwide customer who has banked with HSBC, Lloyds and Coutts I concur with the survey - Nationwide outshines all of them by far.

However, I take issue with Which!'s consideration of free security software. Nationwide offer exactly the same free security software as HSBC. If you install it, it takes over 90% of your CPU usage and slows the machine down to a grinding halt. And I do not use bottom of the range PCs.

You should be wary of free software. You get what you pay for.

Mel Haskins

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 29 August, 2011, 10:43Be the first to give this comment the thumbs up 0 likes

+1 re. free security software from HSBC. I had to eventually uninstall it. 

It will be interesting to watch how this issue pans itself out. Will banks implement better security measures for Internet Banking yet keep it simple and convenient enough so that more customers migrate to remote channels? Or, will the enhanced security create even more friction in remote channels such that customers will troop back to branches?  

A Finextra member
A Finextra member 30 August, 2011, 11:32Be the first to give this comment the thumbs up 0 likes

It's good that Which's methodology was objective, based on a standard suite of tests. Access to such a suite for internal testing and development would be useful for banks. Also, customer confidence would be boosted by evidence of compliance. However, there are hints that the test suite is not fully up to date with current vulnerabilities. For example, asking for only partial passwords to protect against key loggers is no longer a mitigation, and arguably increases the risk of password guessing. So, it’s important that highly publicised tests like this explore real threats and mitigations, not just what the customer perceives to be risky.