Nationwide tops Which? online banking tests

Consumer organisation Which? has rated 12 of the UK's leading online banking services to see how well they protect customers' systems and data when they perform typical tasks

Nationwide has topped online banking security tests conducted by Which?, out of a list comprising a dozen financial institutions.

The consumer advice organisation enlisted volunteers to carry out a series of tests using a specially equipped computer that included a keylogger and software to capture the data sent to the banks' servers. In the tests, the volunteers carried out typical tasks on 12 banking websites, according to a report in the September issue of Which? magazine.

The tests looked at factors such as whether a token such as a card reader was required to log in; how well personal details were protected against a keylogger; whether it was possible to browse to another site and remain logged in; whether the bank offered a free download of Rapport software; whether there were checks on changing address and password; and whether logout security was handled well. Banks were rated on these categories and assigned an overall percentage score out of 100.

"Nationwide had the best website on test, with good login security and logout performance," Which? said in its report. "It also has potentially excellent new-payee security, but was let down by the ambiguity of instructions to users."

The building society topped the list, followed by Natwest/RBS and Barclays. The worst performers were Santander, Halifax, and Norwich & Peterborough building society. The full rankings are here:

Financial institution Score (percent)
Nationwide 69
Natwest/RBS 63
Barclays 62
Cooperative Bank 59
Clydesdale Bank 56
First Direct 54
Lloyds TSB 54
Smile 49
Santander 44
Halifax 38
Norwich & Peterborough 35

Halifax scored poorly on login security, among other factors, according to Which? "It was also poor for logout, and it scored badly in the forward/back and browse-away tests. Payment security was also relatively weak," the report read. "On the plus side, however, it scored highly for address changes, and reasonably well for password changes."

Last year, cybercriminals targeted British bank customers with Trojans linked to Zeus botnets that install a keystroke logger on an infected machine. Security experts have warned that fraudsters are constantly working on new ways to outsmart security measures for online banking.

In its report, Which? made recommendations for avoiding online banking security problems and phishing attempts. These included never responding to emails or phone calls from a bank asking for security information, avoiding public computers for online banking, keeping all software up to date, installing antivirus software, and securing the home Wi-Fi network.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.