Barclays Leads in Web Security among UK Banks

Photo credit: Tupungato/Shutterstock.com
Photo credit: Tupungato/Shutterstock.com

The majority of UK adults (64%) now bank online, whether that’s viewing a balance, paying a bill or transferring money online. In light of this, the research firm set out to find out how functional banks’ secure sites really are, analyzing Barclays, Halifax, HSBC, Lloyds Bank, Nationwide Building Society, NatWest, Santander and the Co-operative Bank, across more than 50 criteria. Benchmark areas included account management, security and login, money management, money movement, cross-selling, self-service features, assisted-service features, alerts and electronic delivery.

Barclays topped this year’s rankings with an overall score of 66 out of 100. The bank’s secure site was strong across a range of categories, Forrester noted in the report, a copy of which was provided to Infosecurity, particularly when it comes to account management, money movement, security and login, and electronic delivery.

Specifically regarding security functionality and privacy content on a bank’s website, Forrester took a look at sign-in options, security policies and guidance on avoiding fraud.

The UK’s banks performed well overall here, combining effective security with usability in Forrester’s estimation; but Barclays did best overall, just ahead of Nationwide. It offers some notable features that set it apart from the pack: for instance it’s the first, and so far only, bank in the UK to offer customers a digital vault/cloud IT option for banking.

Banks should also require additional authentication for key tasks, like adding a payee or executing a transfer – simply put, additional security steps both reassure customers and reduce fraud. Barclays shines here, by implementing two-factor authentication via a mobile device. Santander, meanwhile, offers dynamically generated, one-time passcodes for additional authentication.

Most other banks though employ a common practice of using a separate card reader, Forrester noted. “Other banks should follow suit [with digital authentication], as it gives customers reassurance without the inconvenience of carrying a separate device, while encouraging them to rely on their mobile phone for banking,” the analyst firm said.

Banks should also provide clear fraud reporting tools for customers. “All UK banks provide useful, easy-to-understand guidance on how to avoid fraud and protect themselves online,” the report found.

Nationwide offers customers an automated online form in which they can report possible fraud – for example, to dispute an ATM transaction. In addition, Lloyds Bank offers customers an explicit fraud protection guarantee within the secure site, Forrester noted.

The old standbys, such as secure login, are table stakes at this point. “Customers entering the secure site are dealing with a sensitive subject — their money — and have a natural need for reassurance about security and privacy,” noted the report. “We’ve consistently found that customers’ perceptions of online security and privacy have more influence [on brand perception] than a firm’s actual security and privacy measures.”

Therefore, a directive for any bank should be to provide easy-to-digest security and privacy information, making sure that content is displayed prominently alongside key areas of the website.

When it comes to overall functionality, the report said that UK bank sites perform well on money movement and electronic statements in particular. Lloyds Bank was second after Barclay’s with an overall score of 61 and is still the “only bank in the UK to offer effective money management tools,” Forrester said. Santander was close behind Lloyds with an overall score of 60, with particular strengths around cross-selling and a range of transaction and balance alerts.

Unfortunately though, taken together, the banks scored an average of 54 out of 100 this year, meaning that as a group, the UK’s banks lag behind the leading banks elsewhere, including Citibank, Wells Fargo, and Bank of America in the US and Royal Bank of Canada and Bank of Montreal in Canada.

What’s hot on Infosecurity Magazine?