/ Money

How safe is online banking?

online piggy bank

In this world of ever-more sophisticated scams, it’s increasingly hard to know who to trust. How good is your online banking security?

If someone calls saying they’re from the police or the fraud division of your bank, what would they have to do to win your trust? If they knew, for example, the last five transactions on your account, would you believe they were genuine?

For most of us, the answer would be yes. And that’s why, in the ongoing battle against the scammers, it’s vital to keep your sensitive financial information secure so they can’t use it against you.

Online banking security

However, when we tested the online bank accounts of 11 volunteers, we found too many banks prioritising ease of log in over online banking security.

Several of them allowed our volunteers to access a light version of their account using only a few pieces of information that could potentially be guessed by fraudsters.

Once in, those criminals wouldn’t be able to move money directly without scaling another level of security, but they would have access to all sorts of personal information.

Our campaign on scams

Online fraud continues to rise at a staggering rate, as every new set of crime stats attest. In response, this spring Which? launched its Safeguard us from Scams campaign to encourage government and industry to do more to keep us all safe online.

Last month, we also submitted a super-complaint to the financial services regulator, calling for greater protection for consumers against bank transfer fraud.

This type of fraud has seen criminals trick victims into voluntarily transferring large sums, sometimes hundreds of thousands of pounds, with no legal right to reimbursement from their bank.

We think banks should do more to identify these high-risk transfers and protect customers.

We’ll keep fighting your corner, and while we do we’d like to hear from you. Have you ever been approached by would-be scammers armed with privileged information about you? Do you think your own bank is doing enough to keep your money safe?


Golden rules: never, ever divulge your access ID to anyone, even if they sound incredibly genuine. Always visit the bank itself if there’s any sort of major problem, never use an online banking model that doesn’t provide some sort of isolated security – i.e. a discrete key pad and never, ever, under any circumstance follow a link in an email.


On the transfer scam, by applying the above rules that would fail every time.

There’s a greater dimension to all this: society won’t function if we don’t trust one another, at least to some extent. It’s that inherent desire to trust, however, that offers criminals the easiest target. I don’t want to live in a world where we trust absolutely no one so what needs to change is the Bank systems. A good bank can pick up failed security checks for desirable items in seconds – literally. It happened to me a couple of days ago. The fault was with the Web site I was using (Canon UK) but it appeared as though the system was rejecting me for some reason. If the same system were applied to unexpectedly large transfers of money then this could be nipped in the bud.

Peter Young says:
22 October 2016

I hardly use online banking though I am registered for it. I don’t use apps nor do I have the computer on all the time so it is often quicker and easier to settle a bill by cheque. The kind of security device that you to insert your debit card in I find easy to use. Another bank has given me a little key pad which I have only once managed to use successfully. Probably I forgot due to vey few movements on that account. So now I manage it by putting my card in the in branch machine.


I have little or no trust due to real life experience , as well as day to day emails from tech security companies , information security services , hacking security services and so on . So to me real life is watching your back–always ! The FBI has a long list of methods of hacking online banking accounts but maybe I shouldnt go into details as it might give some ideas , even years ago digital hacking of passwords went at speed of 1 BILLION a SECOND , and the old- I lost my password , which doesnt directly let you in but if the hacker already has your personal details due to trojans then you are “easy meat ” . This is 2016 the hackers are so good that they are now employed by US/UK “government services ” – who advertise for them . People have no conception of the digital ability of many criminals . I dont do online banking , the same as Surgical Ophthalmologists dont use Lasec eye correction but wear glasses. The deviousness has now reached epidemic proportions . I am looking at a US security company giving advice to the US banking system and its “hair raising ” .MY philosophy is- dont keep the public in the dark -state the facts. I have a long list of files on security deception practices . years ago in 2004 2 Million Americans suffered banking fraud at an average of £1400 /fraud . Dont think -oh ! this is 2016- better protection -nope – the hackers are MUCH better too.


On a positive front, I have never had a problem with my online banking, debit or credit cards. They are extremely convenient and the likelihood of reimbursement if i have a problem keeps my confidence. I am particularly careful with online transfers to triple check that I have the correct account details and, where significant funds are involved, transfer £1 as a test before moving the whole amount.

I do hope I don’t live to regret injecting this optimistic post.

One of my daughter’s is the only family member to have had funds withdrawn fraudulently. This was from fraudulent ebay transactions using her debit card details. The bank acted promptly and sympathetically to investigate the losses and made them good very quickly.


I was about to write something along exactly the same lines as your first paragraph, Malcolm. One should not be complacent but over-worrying isn’t much help either. As Duncan perceives, it is probably best not to reveal the methods used by criminals outside the security protection business which seems to be abreast of it if not quite on top of it.


I have absolutely no doubt that a hacker could get inside my computer at any time he/she wished and while they could do some damage financially, I wouldn’t be “cleaned out.” I have a fool-proof system in place: If it’s not there it can’t be hacked.


That last sentence Vynor , thats exactly what many US security services recommend .

Vynor Hill says:
20 October 2016

Ps. When installing my security software on my new computer there was perhaps half a minute when it was not working. In that time I received a pop up to tell me that my credit card details were out of date and I should click and renew them. Not only did this provoke a full computer scan but it also elicited a few expletives.