/ Money

Online banking – do we want safety over convenience?

Secure reader for online banking

Are you willing to swap a bit of speed and convenience when banking online if it means the process is safer? There’s always some trade-off, but some banks are dealing with the problem better than others…

When it comes to financial fraud, consumer protection in the UK is fairly good.

The onus is on banks and other financial providers to create systems that will protect their customers. So, for those of us unlucky enough to become a fraud victim, our bank or lender should be there to pick up the bill.

Given the balance of responsibility, it’s no wonder that banks have invested heavily in creating securer online banking facilities in recent years.

Who enjoys jumping through security hoops?

But for every extra security check, there’s a trade-off in terms of customer convenience; something that some banks have dealt with better than others.

Almost all banks now require you to use a card reader or small key pad to generate a security number when you log in to your online banking facilities; a hoop that few people enjoy having to jump through.

HSBC, which has been my bank for more than 15 years, became the latest to introduce its own version of this technology earlier this year. So customers like me can no longer access our accounts online without the help of a small device that’s easy to lose and never with you at the moment you need it.

Unfortunately, unlike many of its rivals, HSBC has not provided customers with an alternative way to log in to their accounts when they don’t have their ‘Secure Key’ device to hand. Other banks who have adopted similar technology only insist on customers jumping through these extra hoops when they’re using their online banking facilities to carry out a transaction.

For those who simply want to check their balance and look at statements, it’s possible to log in using ordinary passwords and security questions.

Banks need to find a better balance

I wouldn’t mind about the inconvenience if I felt that HSBC’s new technology was lifting its online security to a new level. But, as our online banking security report in Which? magazine shows this month, HSBC remains average for banking security, with a score of just 58%, and still has plenty of room for improvement.

In fact, all the banks have a long way to go. Nationwide, which topped our tests, only achieved a score of 69%.

There is always a balance to be struck between security and convenience, but that balance has not been achieved quite yet. Internet banking has become increasingly inconvenient without becoming markedly more secure. It’s time for our banks to have a rethink.


I have been internet banking for a lot of years now and despite the security hassles I find it well worthwhile.
I rarely have to go to the branch for bill payment. I can do it whenever I find it convenient.

Most importantly I can monitor my accounts and avoid falling into the red. I always know where I am with my money. Peace of mind is worth a lot of minor security hassles.


I avoided using NatWest online banking for years because of concerns about security. What finally encouraged me to move from telephone banking was the fact that a friend had a lot of money stolen from his account and NatWest fully reimbursed him.

No problems so far and it is extremely convenient. I am still rather nervous and check my account for unauthorised withdrawals.


I forgot to say that I would be would be happy to exchange some of the convenience for a higher level of security.


Well, I personally think that my bank account IS secure. Emails/phones/personal data clearly are not because they are managed by a company whose interest it is to sell this information.

I have recently just received a new security keycard from HSBC, which is fine. Prior to this, they constantly tried to get me to install “Rapport” software, which I never did. No-one knew my security number so I didn’t see the issue.

What surprises me though is that it took HSBC so long to get round to this. When I lived in Holland, my ABN AMRO account had a digital card reader at least 3 years ago, maybe even longer. In Germany, Deutsche Bank had a paper list of secure codes that you needed to enter every time you logged in or performed a secure transaction.

So I performed my first transfers this weekend with the new security measures. I have to say that I am much more at ease, even though it is a little convoluted. As soon as I get used to it, it will be just as quick to use

Matthew Pemble says:
25 August 2011

We tested the Rapport software as part of the work for Which and it does seem to add a reasonable additional level of security, as well as reminding you about password resource. You may still choose not to use it but we do think it adds value.

Of course, this only applies to your computer – if you access online banking from work or from public computers, they are unlikely to have Rapport installed or, if they do, will not be configured with your details.

Matthew Pemble says:
25 August 2011

“Password re-use”, apologies.

John says:
25 August 2011

I have to admit I have my reservations about Rapport and haven’t installed it, despite being prompted by several banks. I have never liked the idea of being prompted to install software from websites and years of internet usage have told me that generally this is a really bad idea.

Because of this I only have limited knowledge of how Rapport works – my understanding was that it tried to ensure you were entering your details into your banks web page and not a phising page. I fail to see why this is better than a webpage bookmark and the https security highlights you now get in the url bar on current browsers.
You suggest that you have to provide it with your details? Is this right? How can entering your details into a 3rd party piece of software improve you internet banking security? Surely this is a huge security risk?

Keyless says:
16 August 2011

I use internet banking regulary to monitor my bank account and credit card details and find it a very useful service. The login checks and passwords are rigorous and yet become memorable when used frequently.

PeterMonte says:
16 August 2011

Tesco Bank has just dumped its card reader system and moved to a combination of pins and passwords which is easier to access wherever you are.