Online banking: The definitive guide

justin schamotta
By Justin Schamotta

online banking login

ONLINE banking is one of the wonders of the internet age.

It's one of the main reasons we go online and has saved millions of people the pain of watching their life pass them by while listening to god-awful hold music or standing in motionless queues.

Almost all online banking services offer a bare minimum of features: the ability to view account balances and recent transactions, download bank statements, set up standing orders and direct debits, transfer money and access other financial products.

However, some offer considerably more.

In addition, despite online banking's many positive attributes, there are still serious concerns about security - and although all banks continuously improve their security measures, some are better than others.

We take a look at that issue near the end of this guide.

Online banking: who's offering what?

The high street banks

All the high street banks offer customers the chance to manage their accounts online.

Features offered are broadly the same, so what really makes or breaks a site is its usability.

Big no-nos for most customers include inconsistent navigation and page layouts, unexplained bank jargon, unhelpful error messages and on-site search engines that fail to find the requests they're tasked with.

Way back in 2010, The Co-operative was found to have the most usable and functional customer website, followed by Natwest, Santander, Barclays, then Lloyds TSB, according to a study carried out by Forrester Research.

Meanwhile in terms of design, Top Design Mag found that Barclays, Nationwide, Bank of Scotland, Natwest, HSBC and Citibank have some of the friendliest sites.

Account aggregators

Account aggregation allows those with internet accessible accounts at several financial institutions to manage all their accounts from a single web page. The sites are popular with savers trying to make the most of their money by moving it around.

Providers offering account aggregators include First Direct, Moneydashboard, and

But the Financial Services Authority (FSA) does not regulate the provision of these (and other) aggregation services; users share their online banking login details at their own risk.

In addition, many banks state in their terms and conditions that sharing account information in the way necessary for aggregators to work isn't allowed, so anyone using such a service could find themselves liable should there be fraudulent or unauthorised activity on their accounts.

Find out more about how these services work and the risks in our budgeting article.

Smartphone banking apps

Almost all the main providers now offer some kind of official banking app for smartphones, including:

iPhone Android Blackberry Windows phones
Barclays here
Co-operative Bank here
First Direct here
Halifax here
HSBC here
Lloyds Bank here
Nationwide here
Natwest here
RBS here
Santander here
TSB here

These apps enable users to manage their accounts online, much in the same way that they would from a computer, albeit often in a slightly more limited format.

For example, not all that long ago the app from The Co-operative only allowed users to check their balances and set up weekly alerts; it's since been updated to allow money transfers, show the last 25 transactions, and find local branches.

As the number of official apps grows, and what can be done with them improves, so security also improves. But as with account aggregators, there are still some concerns, which we look at in more detail here.

Login methods: how the banks compare

The process of logging in is a security measure designed so that online bank accounts may only be accessed by the account holder.

The days when customers could simply enter a username and password are long gone. Instead, banks are forced to adopt ever more elaborate ploys to foil cyber criminals.

Card readers

Card readers are small plastic devices that resemble mini calculators or chunky credit cards. They are issued to online banking customers who use them to generate a unique number used to log in to their accounts or validate transactions. This second level authentication helps protect against online fraud.

Banks that provide card readers include Barclays, Natwest, HSBC, the Co-op, Nationwide and RBS.

Barclays say that they've seen a 90% reduction in online fraud since they introduced card readers. The Payments Council - the body with responsibility for ensuring that payment services work - is also a supporter of two-factor authentication.

Now, the only banks without card readers are:

Card reader problems

Although card readers undoubtedly increase security, they have incited anger among some consumers. When HSBC launched its "Secure Key" - used to generate a unique identification number - in 2010, many users found that they were unable to log in at all because they hadn't yet received a device.

HSBC also didn't win any fans by making Secure Key a mandatory part of logging in to online banking. With other banks, it's possible to skip the process and log in with personal and online banking information alone.

The devices are also reportedly too fragile to be carried around without smashing and, once smashed, HSBC seem just as slow to replace the devices as they were at rolling them out in the first place.

Passwords and personal information

Banks without card readers rely on user generated passwords and the input of personal information in order for customers to access their accounts.

Unfortunately, when asked to create a password, many people plump for easy to remember words. Passwords that can be found in a dictionary or more likely jump out of our keyboards - qwerty anyone? - make the job of cyber criminals very much easier.

Personal information such as dates of birth, addresses and telephone numbers are also relatively easily obtainable by nefarious intent.

To combat this, most banks will now insist that passwords contain both letters and numbers. Some, such as Santander, and credit card provider MBNA, make use of phrases and pictures chosen by the customer when their account is created.

Minimising the risk of fraud

Debit and credit card fraud did drop to its lowest level for a decade in 2012, but as banks have pushed further online, the rate of fraud has rocketed again. Figures from Financial Fraud Action UK showed that in the first six months of 2014, online banking fraud was up 71% on the same period in 2013.

Criminals are now targeting service providers as much as they are individuals, accessing information that can directly or indirectly enable them to scam thousands of customers - as was the case in late 2014, when TalkTalk customers began to report receiving suspicious phone calls.

The battle for online security is still raging.

Who's safest?

When consumer magazine Which? tested online banking services in July 2014, it gave Nationwide the most security seals of approval with an overall score of 79%.

Other top scorers included:

All the banks rated did better than they had in a previous "ethical hacking" test three years previously - although, as the banks' security becomes more sophisticated, so do the criminals.

Going paperless

To some extent, simply using online banking and going paperless helps to reduce the risk of fraud, as a large proportion of identity theft is carried out by thieves stealing paper statements and transaction slips.

Staying safe

But although it is in the banks' own interest to keep security tight, that doesn't mean consumers should get lax with theirs. Banks generally bear the cost of online fraud, but they only have to repay customers who have been careful to keep their own login details safe.

According to David Divitt from security consultants ACI Worldwide, "The most important thing is that customers pay attention."

This means exercising common sense precautions such as not writing PIN numbers down and properly disposing of waste containing personal information.

As mentioned above, anyone wary of fraud should also make sure to avoid aggregator and unauthorised banking app services. Several banks have explicitly stated that customers will not be compensated if they become victims of fraud while using external sites requiring their secure information.

Some commentators also advise backing away slowly from any Windows-based operating systems when using online banking services, as Windows is the most targeted OS when it comes to malicious software.

A switch to Mac or Linux isn't the most practical advice, though it could become easier as people begin to acquire multiple devices: it makes online banking on the iPad seem like a pretty good idea, for example.


13 April 2012
Online First Direct Fraud

I was subject to £58,000 online fraud by someone logging on to my account with First Direct and then transferring payments out to 10 different bank accounts. I do not know how they got my details as I log onto the account very infrequently and could not find any trojans.

The bank were great and spotted the problem and refunded the money to the account immediately. They notified the banks where the money was sent (Barclays and Lloyds). Sadly there does not seem to be any organised police response despite this being obvious serious organised crime. I have reported it to the National Fraud office online.

» Read more of the latest news

» Search for more guides on money

Follow us or subscribe for FREE updates and special offers