A Which? test of 11 high streets banks found that only five have adopted two factor security checks combining something you know, such as a password or Pin, with something you have, such as a card reader or a mobile phone, to protect their customers.

The consumer champion name-checked Halifax, Lloyds Bank, Santander and TSB as among the worst offenders.

Alex Neill, managing director of Which? Home & Legal, points to figures which show losses in 2014-2015 soaring by 64% to £133.5m for online banking and 28% to £323.3m for phone banking.

“The best banks in our test manage to use two-factor authentication without it being too onerous for their customers, so there’s no excuse for others to sacrifice security," he says. “Online banking is increasingly part of our daily lives and at the same time online scams are becoming more sophisticated. People can only do so much to protect themselves from fraud, it’s time for banks to shoulder more of the responsibility and introduce extra protections to safeguard their customers.”

Which? recently used its super-complaint powers to call on the financial regulator to investigate whether banks could do more to protect people who are tricked into transferring money to a fraudster.

Banks named in the survey rejected the consumer group's claims, pointing to multi-layered security controls deployed at the back end to protect customer funds from fraudulent attacks.

Says Lloyds: “The findings [of this research] do not provide provide an accurate reflection of the highly sophisticated security our customers benefit from that is undetectable in this research. We don’t consider the results accurately reflect these factors which have a material impact on how we protect our customers’ daily needs.”