Which? Report: Some Banks Lag in Mobile and Online Security

April 26, 2024

In today’s digital era, ensuring the safety of users’ financial information online has become imperative. With the advent of modern banking technologies, customers enjoy increased convenience, but this also opens up new possibilities for cybercriminals to exploit security loopholes. The consumer advocacy group Which? has shed light on this pressing issue, revealing through their recent investigation that not all banks are keeping pace with the evolving threats posed by highly sophisticated scammers. Although there have been significant advancements in digital banking security, it is clear that some institutions must redouble their efforts to safeguard their customers’ sensitive data and hard-earned money. As online banking becomes the norm, the significance of fortifying digital defenses cannot be overstated, with both customers and banks sharing the responsibility to remain vigilant against these modern-day threats.

Evaluate Banks on Mobile and Online Security

Which? focused on assessing the mobile and online security protocols of various banks, measuring their effectiveness across important criteria including login procedures, security best practices, account management, and navigation capabilities. This investigation revealed disparities among the banks, with some failing to meet the essential standards expected by consumers, thus potentially leaving customers vulnerable to scams and security breaches.

The report indicated that common issues stem from inadequate login security, subpar account management features, and lax navigation practices, which collectively may create opportunities for cybercriminals to access personal information or financial resources. Alarmingly, some banks were criticized for allowing users to set weak passwords and failing to promptly log out inactive users—basic yet critical practices in maintaining online security.

Identify Weak Links in Security

Among the laggards, TSB and The Co-operative Bank were specifically mentioned for their lower-than-desirable security scores. Concerns over TSB’s mobile app included the insecure handling of sensitive data and a lack of robust password requirements, leaving customer credentials at risk. On the other hand, The Co-operative Bank faced criticism for not mandating two-factor authentication in certain scenarios and for permitting weak passwords.

Furthermore, the findings highlighted Lloyds Bank for not automatically logging users out after five minutes of inactivity, a surprising deviation from regulatory requirements. In contrast, Starling Bank, NatWest, and RBS set the bar high with their online security scores. HSBC led the pack in terms of mobile app security due to its comprehensive security measures that did not rely on SMS-based verifications.

Recommendations for Enhanced Security

Which? is calling for urgent improvements from the named financial institutions and advocating for the appointment of a Fraud Minister ahead of a general election. This focus on cybersecurity is vital to safeguard the finances of millions of users who regularly utilize digital banking platforms. Until such measures are implemented industry-wide, consumers must take proactive steps to shield themselves from the evolving threats posed by online scammers.

In light of the report, Which? offers six actionable tips for customers to enhance their personal online security. These range from securing mobile devices to crafting strong passwords and monitoring for unauthorized transactions. Following these guidelines can help individuals safeguard their sensitive information and financial assets, even as the banking industry works to fortify its digital defenses.

Subscribe to our weekly news digest!

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for subscribing.
We'll be sending you our best soon.
Something went wrong, please try again later