Most banks still aren’t doing enough to protect your account

More than half of high street banks haven’t adopted two-factor security

The majority of high street banks in the UK have still not adopted two-factor authentication, and are thus failing to properly protect their customers when it comes to online logins.

Those are the latest findings of Which, with the consumer watchdog testing out 11 banks over a range of security considerations this summer, and finding that only five of them offered two-factor verification – namely First Direct, HSBC, Barclays, M&S Bank and Nationwide.

Two-factor verification simply means having a second hurdle to jump when it comes to your bank login – the initial factor is the usual password, and the second factor can be a one-time passcode texted to your smartphone, or a one-time PIN facilitated by a dedicated piece of hardware the bank has sent you (for example, First Direct uses a ‘secure key’, a small keypad with a tiny display).

The banks which don’t offer two-factor security are Royal Bank of Scotland/NatWest, Metro Bank, Halifax/Bank of Scotland, Lloyds Bank, Santander and TSB.

Which noted that all of these banks do insist on additional checks when it comes to transferring money, but this isn’t necessarily enough, because cybercriminals who are able to log into a victim’s account can access a wealth of financial data – and they can subsequently use this to contact the victim and be convincing enough to dupe them into transferring money across voluntarily, at least in some cases.

No excuse 

Alex Neill, managing director of Which Home & Legal, commented: “The best banks in our test manage to use two-factor authentication without it being too onerous for their customers, so there’s no excuse for others to sacrifice security.

“Online banking is increasingly part of our daily lives and at the same time online scams are becoming more sophisticated. People can only do so much to protect themselves from fraud, it's time for banks to shoulder more of the responsibility and introduce extra protections to safeguard their customers.”

Which ranked all the banks in various different categories including login security and encryption to come up with a total rating for overall security. First Direct was top of the table on 78%, followed by HSBC on 76% and then Barclays on 75%.

At the relegation end, Halifax/Bank of Scotland languished in joint eighth with Lloyds Bank on 62%, followed by Santander on 59%, and TSB propped up the division with a rating of 56%.