More than 29,000 cases of remote banking fraud were reported to UK Finance in the first half of 2022, with scammers gaining access to bank accounts via internet, telephone or mobile banking and making an unauthorised transfer of money from the account.
And if you’re worried about phone theft, most mobile banking apps don't store your bank details on your phone but instead access them from a secure data centre, meaning your mobile itself should never hold your personal bank information.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
But, the latest research from the consumer group Which?, found basic security flaws on some of the biggest banks’ apps are putting us at increased risk of falling victim to fraud.
How safe is your banking app?
The consumer group tested the customer-facing security systems of 13 current account providers from September to November 2022, with help from independent security experts at Red Maple Technologies.
Scoring the banks in four key categories:
- navigation and logout
- account management
Banks were marked down for issues such as: not adequately blocking weak passwords, sending one-time passcodes or other sensitive information via text messages - the least secure approach - and failing to log customers out after five minutes of inactivity.
Points were also lost for allowing simultaneous access to accounts from multiple web browsers or IP addresses, without flagging it as a potential cyber-attack, and for sending customers notifications that include a phone number or web link.
The latter can be a gift to scammers who often replicate texts and emails to trick people into calling them or entering their details on a fake website.
Sam Richardson, Which? money deputy editor, said: "Our latest tests found several banks were missing important online and app protections, which could leave consumers worryingly exposed to unscrupulous fraudsters.
Bad news for TSB and Virgin customers
The lowest-scoring app in the tests belongs to Virgin Money.
Red Maple Technologies found six outdated Virgin Money web applications which had potential vulnerabilities. The bank noted minor vulnerabilities on three and said these will be corrected.
Which? also claims Virgin Money didn’t adequately block insecure passwords and remove phone numbers from notifications. Worryingly, there were no security checks to pay someone new, change an email address or edit the details of a payee.
The TSB app scored second lowest and was criticised for still asking basic security questions such as ‘name your favourite food’ to recover login details. It also failed to block insecure passwords and only requires a minimum of six characters - while longer passwords are more secure.
TSB also lost points for using SMS-based security, not sending alerts when sensitive account changes were made and including phone numbers in new-payee notifications. TSB said it is reviewing alerts and password complexity as part of its digital strategy. The bank told Which? it has now removed phone numbers from all SMS alerts, except for one which is due to be removed in February.
You can find the full list of the most and least secure banking apps on the Which? Website.
Banking app security tips from the experts
Concerned? It’s understandable if you are. But it’s important to remember banking apps are still one of the more secure ways you can access your banking information. And there are several straightforward steps you can take to ensure your app is as secure as possible.
Amir Tarighat, digital privacy expert and CEO of cyber-security company Agency recommends fives steps you can take to keep your banking app secure:
- Turn on 2FA. Easy access to your accounts through mobile banking apps can take the headache of managing your finances. But with easy access comes increased risk. One of the best ways to secure your accounts is to enable two-factor or multi-factor authentication. Even if your device is lost, stolen, or otherwise compromised, turning on this additional security measure ensures that no one else will be able to log into your accounts.
- Update your operating system. Make sure the operating systems and individual banking apps on your mobile devices are up to date. Most software updates are meant to address security vulnerabilities that leave the door open to hackers. If you're running on an out-of-date system, cybercriminals can access your devices to plant malware and steal your personal data, so you should routinely check for available updates.
- Avoid WiFi hotspots. If your WiFi network isn’t secure, hackers can hijack your session and log in as you, leaving your accounts up for grabs. Using banking apps in hotels, bars, airports, or anywhere else with public WiFi could leave you vulnerable to cyberattacks, so wait until you’re connected to a network you trust to access your bank account.
- Check your exposure. If you’re worried that your banking app has already been exposed, you can check which of your accounts might be compromised by using Agency’s free Dark Web Report.
- Brush up on the most common scams. Scammers are persistent, but they’re not terribly original. Research the most common scams that appear every year (misspelt URLs to fake sites, fake confirmation or delivery emails, gift card scams, and charity scams, just to name a few.) Recognizing the hallmarks of these scams will help you protect your financial information when banking online.
Biometric security checks, like fingerprints or face scans, can also turn the tables on any would-be hacker or scammer. Gus Tomlinson, Chief Product Officer at GBG, the digital identity expert says also recommends setting up biometric security checks
“Banking apps are designed to be secure but that doesn't mean that human error or fraudsters aren’t savvy enough to get through them.
“The biggest vulnerability comes from the user’s device, which is why implementing things like biometric security checks is key, and not just for banking but all uses of money.
“Another tip is to always have your phone linked to other devices. This means the moment you have lost it, or it has been stolen, it can be disabled. If this happens, make sure you inform your network provider and your bank so both can suspend your mobile banking immediately. “
Adam is a personal finance editor at MoneyWeek' sister site, The Money Edit. He has been working to save you money as a personal finance and consumer journalist, editor and commentator for several years.
His work has appeared in the HuffPost, Which?, i paper and This is Money, plus various TV and radio, which include Rip Off Britain, 5 News, and Newsround, to name a few. He was previously the senior consumer rights editor at Which?
When Adam isn't working he's walking his dog, or watching Norwich City yo-yo between leagues.
Will a Santa Rally provide festive cheer for investors this year?
News Equities often get a seasonal boost during December - will there be a Santa Rally in 2023?
By Marc Shoffman Published
Trading terms: The Santa Rally
Glossary Will the Santa Rally result in its traditional December effect on global markets?
By Dr Matthew Partridge Published
NatWest-owned Ulster bank boosts easy access savings rate to 5.2%
Rates on easy access savings accounts have hit over 5%, with Ulster Bank now giving savers the chance to earn 5.2% on their cash savings. We have all the details.
By Marc Shoffman Published
Moneybox raises market-leading cash ISA to 5%
Savings and investing app MoneyBox has boosted the rate on its cash ISA again, hiking it from 4.75% to 5% making it one of top rates. We have all the details.
By Ruth Emery Published
October NS&I Premium Bonds winners - check now to see what you won
NS&I Premium Bonds holders can check now to see if they have won a prize this month. We explain how to check your premium bonds
By Kalpana Fitzpatrick Published
October’s NS&I Premium Bond winners revealed - have you scooped £1 million?
Two lucky NS&I Premium Bond winners are now millionaires this October. Find out here you are one of them
By Kalpana Fitzpatrick Published
The best packaged bank accounts
Advice Packaged bank accounts can offer great value with useful additional perks – but get it wrong and you could be out of pocket
By Tom Higgins Published
Energy bills to fall 7% under new price cap
Energy bills could fall by an average 7% from October under the new Energy Price cap announced today. We explain what the new cap mean for you and when it will come into play
By Pedro Gonçalves Published
Bank of Baroda closes doors to UK retail banking
After almost 70 years of operating in the UK, one of India’s largest bank is shutting up shop in the UK retail banking market. We explain everything you need to know if you have savings or a current account with Bank of Baroda
By Vaishali Varu Published
The best options to earn cashback on spending
From credit cards and current accounts to cashback websites, there are plenty of ways to earn cashback on the money you spend.
By John Fitzsimons Published