Cyber attacks: Lloyds Bank digital boss claims online crime now “one-fifth or one-tenth of what it was last year”
UK businesses have reported losses of over £1bn between 2015-2016 due to cybercrime Reuters

There are major differences in the systems Britain's major banks employ to keep their users' online bank accounts safe, a new research from a consumer group showed.

According to data released by Which? on Thursday (20 October), a number of main lenders do not use 'two-factor' security steps when customers are prompted to enter their log-in details. The two-factor authentication system requires users to complete two different kind of security checks – such a PIN or a password combined with a card reader, or a unique code sent to their mobile – before accessing their accounts.

The system is thought to be safer than traditional safeguards as the added layer of security makes it harder for potential fraudsters to access online details. However, Which? said that only five – Barclays, HSBC, Nationwide, M&S Bank and First Direct – of the 11 banks it tested offered a two-factor authentication system.

Which? said hackers who were able to penetrate the first level of security at login could access people's sensitive financial details, which they could use to convince victims they were talking to their bank.

"The best banks in our test manage to use two-factor authentication without it being too onerous for their customers, so there's no excuse for others to sacrifice security," said Alex Neill, managing director of Which? Home and Legal.

"Online banking is increasingly part of our daily lives and at the same time online scams are becoming more sophisticated.

"People can only do so much to protect themselves from fraud, it's time for banks to shoulder more of the responsibility and introduce extra protections to safeguard their customers."

Lloyds Banking Group was among the lenders found to use a more traditional security check but the lender said the results of the research did not paint an accurate picture.

"The findings do not provide an accurate reflection of the highly sophisticated security our customers benefit from that is undetectable in this research," the bank said in a statement.

"We don't consider the results accurately reflect these factors which have a material impact on how we protect our customers' daily needs."

Katy Worobec, director of Financial Fraud Action UK, whose members include banks, said all lenders have added layers of security during online banking sessions, even though some might not be visible to customers and, therefore, have not been reflected by the research.

Her stance was supported TSB, which said in a statement that it maintained "complex and multi-layered fraud prevention controls which will not be visible to the customer – or reflected in this survey."

A spokeswoman for Santander pointed to the bank's low ratio of fraud incidents as proof of its robust security model, while Natwest said it had a "layered security model that incorporates a number of different controls working in the background in addition to the information a customer enters at login."