Which Bank is Most Secure for Online Banking in the UK

In the UK, online banking has become the norm, with millions of people relying on it to manage their finances. Barclays is one of the biggest banks in the UK, with a large customer base.

Barclays has a strong security record, with a dedicated team that works around the clock to detect and prevent cyber threats. They use advanced encryption methods to protect customer data.

HSBC is another major bank in the UK, with a significant presence in the country. HSBC has invested heavily in its online banking security, with a focus on protecting customer information.

HSBC's online banking system is protected by a robust firewall, which blocks malicious traffic and prevents hacking attempts. This has helped to reduce the risk of cyber attacks.

The bank security rankings are a crucial aspect to consider when choosing a bank for online banking. Starling and NatWest tied for the top spot with an overall score of 87%, followed closely by HSBC with a score of 78% in the mobile banking app ratings.

The banks that excel in security best practice, account management, and navigation and logout are the ones to watch. In the online banking ratings, Starling and NatWest received the highest possible ranking in these areas, while in the mobile banking app ratings, HSBC also achieved the highest possible ranking in security best practice.

Here's a breakdown of the top banks in the online banking security rankings:

These banks have demonstrated a strong commitment to security, and their high rankings are a testament to their dedication to protecting their customers' sensitive financial information.

Starling topped our online banking security rankings with an impressive 82% score.

The bank's stringent checks for device security are a notable feature, requiring a 'selfie video' to match existing identification videos and documents for any account changes.

You can also 'untrust' devices via Starling's app at any time, giving you control over your security settings.

However, we were able to bypass Starling's protections for rooted devices in our test, highlighting the need for ongoing security improvements.

A longer passcode would be beneficial, as Starling's four-digit passcode is relatively short compared to other banks.

Starling does check for common passwords, but it didn't stop us using a pattern or sequence of numbers, suggesting room for improvement in this area.

HSBC's online security is top-notch, with an impressive 80% rating. They've ditched weak security questions for recovering login data, and now use a username and OTP generated via the Secure Key device on the HSBC app.

The bank supports the latest encryption standards for both its app and website. This is a big plus, as it ensures that your sensitive financial information is protected from prying eyes.

One area where HSBC falls short is with its content security policy header, which is missing. This is a minor issue, but it's worth noting nonetheless.

Let's take a look at HSBC's app rating, which is a respectable 82%. This is a testament to the bank's commitment to mobile security.

TSB scored 66% online and 57% in its app security test, which is a significant difference. The bank's app didn't exit when an analysis tool was used, which is a requirement for a top score.

TSB failed to block insecure passwords and only requires six characters, which is a concern. Banks should encourage longer, more secure phrases.

A potentially vulnerable subdomain was found, but the bank said it will be removed in 2023. This is a step in the right direction, but more needs to be done.

TSB also lost points for using SMS-based security, not sending alerts when sensitive account changes were made, and including phone numbers in new-payee notifications. These are all areas where the bank can improve.

The bank is reviewing alerts and password complexity as part of its digital strategy. It has already removed phone numbers from all SMS alerts, except for one which is due to be removed this month.

Virgin Money scored a low 52% for online banking and a slightly higher 54% for its app. Unfortunately, this means it ranks low in terms of bank security.

The bank has some work to do, as Red Maple found six outdated web applications, including some with minor vulnerabilities that will be corrected.

Virgin Money's app didn't detect our analysis tool or a rooted phone, which is a concern. However, the bank claims it uses internal controls to protect customers.

A security check is missing when paying someone new, changing an email address, or editing the details of a payee. This is unusual and raises some red flags.

The bank's spokesperson emphasized the importance of digital user experience while ensuring robust security controls.

HSBC takes the top spot with a score of 78%, thanks to not relying on SMS when users log in. This is a key factor in maintaining security.

Barclays places second, but the investigation revealed issues with website management, including allowing users to log in from multiple browsers at the same time. This is a major concern for security.

TSB comes in last, with a score of 54%, due to a 'medium risk' issue with the app. Specifically, the bank's handling of sensitive financial information could allow other apps to access confidential data.

The top-performing banks in terms of online security are Starling and NatWest, both with scores of 87%. These banks achieved the highest possible ranking across security best practice, account management, and navigation and logout.

The Co-operative Bank ranked lowest, with an overall score of 61%. One of the most serious issues was the bank's failure to require two-factor identification when researchers attempted to log in using a test laptop.

The following banks were penalized for using SMS to verify customers at login: Nationwide, NatWest, Santander, The Co-operative Bank, and TSB. This is a significant security risk.

The table below shows the top 5 and bottom 5 banks in terms of online security:

The bottom 5 banks in terms of online security are:

These banks have significant security concerns that need to be addressed.

HSBC is a high street giant that received a score of 80% and five stars for safe access to accounts, recovering usernames and passwords, navigation and logging out.

HSBC's mobile app security is particularly impressive, scoring a high rating of 78% due to its decision not to use SMS for login, and no issues with logging out and navigation.

HSBC's online banking system is designed to keep you safe, with no issues with logging out and navigation, making it easy to manage your accounts.

If you're looking for a reliable online banking experience, HSBC is definitely worth considering, given its strong ratings in these key areas.

Barclays is taking steps to combat financial crime, reinstating its £20k cash deposit limit in branches.

It scored 78% for safe online banking, but still allows customers to access their accounts through multiple browsers, IP addresses, and devices, which could potentially provide loopholes for criminals.

Barclays' mobile banking app security is a strong point, earning it a 74% rating.

Santander and Chase are among the top-ranked banks in terms of security best practices, both scoring a perfect five out of five.

Their strengths lie in other areas as well, such as navigation and logging out, where Santander excelled.

Monzo's online security ratings have taken a dip, ranking it as the third-lowest for online security. This is a drop from 65% in February.

It received mixed reviews for its navigation and logging out methods, earning only two stars. On the other hand, its login authentication methods received a perfect score of five out of five.

Banks that allow you to log in from multiple browsers or computers at the same time may be compromising your online security.

Having multiple login locations can make it easier for hackers to access your account, so it's best to stick with banks that require you to log in from a single device.

Banks that permit you to move backwards and forwards within the browser without needing to sign in again can also be a security risk.

This practice can make it difficult to track suspicious activity, so it's essential to choose a bank that requires you to sign in again after a certain period of inactivity.

Banks that send notifications to flag up potentially suspicious activity can be a great way to stay on top of your account security.

Risky cybersecurity practices can put your financial information at risk. Banks that allow you to log in from multiple browsers or computers at the same time are considered high-risk.

Sending notifications with phone numbers or links to login pages is a red flag, as scammers often use similar tactics to trick victims.

Banks that permit you to move backwards and forwards within the browser without needing to sign in again are also vulnerable to attacks.

These lax security measures can compromise the safety of your online transactions.

To help you safely navigate the online world, Regions Online and Mobile Banking continually evaluates its security environment to ensure the highest level of privacy and safety for customers.

One way to add an extra layer of protection is to use strong, unique passwords for all online accounts. This is a common-sense tip that can help prevent unauthorized access to your sensitive information.

Regions Online and Mobile Banking has some common-sense tips to help you stay safe online, including using strong, unique passwords for all online accounts.

Using two-factor authentication can provide an additional layer of security, requiring a second form of verification, such as a code sent to your phone, in addition to your password.

Regions Online and Mobile Banking continually evaluates its security environment to help ensure the highest level of privacy and safety for its customers, which is a reassuring practice for anyone using online banking.

Regularly updating your software and operating system can help protect against cyber threats, as outdated software can leave you vulnerable to attacks.

Regions Online and Mobile Banking has a commitment to the safety and security of its online and mobile banking services, which is reflected in its continuous evaluation of its security environment.

Mobile banking is generally safe, thanks to built-in features like automatic logouts and multi-factor authentication.

However, consumers need to take an active role in protecting themselves. Don't use public wi-fi networks, as they can be vulnerable to hacking.

It's also essential to ensure your phone is password protected, so if someone picks it up, they won't have access to your personal information. This simple step can add an extra layer of security.

Banks that allow you to log in from multiple browsers or computers at the same time can put you at risk, so be cautious of those policies.

Controlling your cards is an essential part of maintaining your financial security. You can prevent unauthorized use of your personal cards by blocking certain types of transactions with Regions LockIt.

Regions LockIt allows you to control your cards by blocking specific types of transactions, such as online purchases or international transactions. This feature is a game-changer for anyone looking to minimize their financial risk.

Blocking certain types of transactions can help you avoid unexpected charges and protect your financial information.

If you're looking for a bank that's secure for online banking, Starling and NatWest are the strongest options, with scores of 87% in the Which? investigation. They achieved the highest possible ranking across security best practice, account management, and navigation and logout.

Starling and NatWest require users to use two-factor identification when logging in, which adds an extra layer of security to prevent unauthorized access. This is a crucial feature that sets them apart from other banks.

However, not all banks are created equal when it comes to security. Co-operative Bank, for example, placed bottom in the ratings with an overall score of just 61%. One of the issues with their online banking service is that they don't block users from setting weak passwords on their accounts.

Here's a comparison of the top and bottom-scoring banks in the online security ratings:

The difference between these two banks is striking, and it highlights the importance of security when choosing a bank. If you're looking for a secure online banking experience, it's worth considering a bank that prioritizes security best practices, such as requiring two-factor identification and blocking weak passwords.

UK Financial Institutions are a crucial part of our daily lives, and choosing the right one for online banking is a big decision.

The best UK banks for online banking are ranked based on their safety features, with some institutions standing out from the rest.

Some of the UK's top online banks have implemented robust security measures, such as encryption and two-factor authentication, to protect users' sensitive information.

NatWest/RBS and Starling Bank are among the best UK banks for online banking, receiving a total of 87% in all four categories and five stars for security best practices, account management, and navigation.

Their online banking systems are considered safer than others due to their high scores and ratings.

First Direct and Nationwide have made significant improvements in their online banking systems, with Nationwide upgrading its system to prevent scammers from hijacking data and improving its authentication methods.

Nationwide now scores 74% and has received five out of five stars for login and security best practices.

First Direct also made a slight improvement, now scoring 74% for safe online banking.

TSB, on the other hand, received the worst rating of 54% for mobile app security, with several serious issues flagged by Which? including not storing users' sensitive credentials safely.

TSB has acknowledged these issues and is reviewing them, but no fix has been implemented yet.

Fraudsters are getting more sophisticated, and scammers are taking advantage of vulnerabilities in online banking systems, so it's essential to remain vigilant and take extra precautions when using online banking services.

Lloyds Bank has seen extensive branch closures, with a whopping 300 branches shutting down by 2025.

The bank has implemented some strict measures for navigation and logging out, but it's worth noting that it doesn't log out users after five minutes of inactivity, despite it being a regulatory requirement.

However, the bank does log out users after ten minutes of inactivity, which is intended to make it easier for vulnerable customers and businesses that may need longer periods to complete transactions.

Lloyds Bank scored 69% for its safe online banking practices, but received only three stars for account management.

Its mobile banking app, on the other hand, enforces stricter security measures, requiring customers to use a trusted device with secondary authentication and choosing between one to five minutes of inactivity before being logged out.

The bank's mobile app received four stars for security best practices, account management, and navigation and logging out.

Virgin Money has had its fair share of issues with online banking, particularly with navigation and logging out, scoring a disappointing two stars and 68% in a recent report.

The bank's takeover by Nationwide for £2.8 billion could potentially be the biggest UK bank takeover since the 2008 financial crisis.

However, it's worth noting that Virgin Money has made significant improvements to its mobile banking app, boosting its rating from 54% to 67%.

The app now receives five stars for login procedures, a notable improvement that suggests the bank is taking customer safety seriously.

Santander scored a solid five in security best practices, but fell short in other areas.

Santander's average rating was brought down to 67% due to its poor performance in login and account management, making it the second-lowest of all online banks.

TSB scored 67%, but stood out as the only bank to receive two stars for online account management, which could be a plus for customers.

The Co-operative Bank's online and mobile banking services have some significant security concerns. The bank scored only 61% in security measures, largely due to its failure to ask for two-factor authentication on a test laptop.

This lack of security is particularly worrying, as it leaves customers vulnerable to potential threats. The bank's mobile app also failed several security checks, allowing customers to set up weak passwords or log in from different IP addresses at the same time.

Phone numbers were visible in alerts, and security codes were sent on SMS, further compromising customer security.

Starling and NatWest tied for the top spot with an overall score of 87%, making them the strongest banks for online security. This is due in part to their perfect scores in security best practice, account management, and navigation and logout.

Some banks, like Nationwide, have excellent login security, with a perfect 5/5 score. This is reassuring for customers who value their online banking security.

The banks that achieved the highest possible ranking across security best practice, account management, and navigation and logout were Starling and NatWest. This indicates that they have robust security measures in place.

However, not all banks have their security priorities straight. The Co-operative Bank placed last in the ratings, with an overall score of just 61%. This is due in part to its failure to require two-factor identification when researchers attempted to log in using a test laptop.

Some banks, like Barclays and HSBC, have excellent security best practice, with scores of 5/5. However, they fell short in other areas, such as account management and navigation and logout.

Here's a breakdown of the banks' scores in the security features category:

Banking apps can be a convenient way to manage your finances, but not all of them are created equal when it comes to security. This is how the banks rank in terms of how safe their banking apps are for their customers.

The banks rank in terms of their app's safety. Some banks have been found to be more vulnerable to cyber threats than others.

It's worth noting that the safest banking apps often have robust security measures in place, such as encryption and two-factor authentication. This is crucial for protecting sensitive customer information.

The banking app of one bank was found to be the most secure, with a rating of 9 out of 10 for its safety features. This is likely due to its use of advanced security protocols.

Another bank's app was found to be less secure, with a rating of 6 out of 10, due to its lack of robust security measures. This highlights the importance of choosing a bank with a secure app.

Ultimately, the safest banking app is one that balances ease of use with robust security measures.