Online banking: The definitive guide

online banking login

ONLINE banking is one of the wonders of the internet age.

In fact, more people than ever before are now avoiding the queues at the local branch by accessing their accounts directly on their computers, smart phones and tablets.

In this guide we take a look at the online banking services available through the main high street banks, as well as those being offered by newcomers in the world of money aggregators and smartphone banking applications.

Given the widespread concerns about security that surround online banking we'll look at this issue in detail; comparing the safeguards put in place by the banks and looking at what can be done by individuals to reduce the risks.

Online banking: who's offering what?

The high street banks

All the high street banks offer customers the chance to manage their accounts online.

Most online banking systems provide facilities to:

As the features offered by most banks are broadly the same, what really makes or breaks a site is its usability.

Big no-nos for most customers include inconsistent navigation and page layouts, unexplained bank jargon, unhelpful error messages and on-site search engines that fail to find the requests they're tasked with.

In a survey carried out earlier this year by Which? First Direct, Nationwide, TSB, Santander, Lloyds and Halifax all received five out of five stars for their online banking service.

While online banking may widely be seen as more convenient than telephone banking, it's not without problems. There have been several high profile instances where online systems and apps have crashed, as we saw with the Lloyds Banking Group earlier this year.

Anyone facing problems getting onto online banking should check out our handy guide here.

Mobile apps from high street banks

In addition to accessing online banking using standard desktops and laptops, most high street banks now offer banking applications for both tablets and phones.

Although these apps enable users to manage their accounts, much in the same way that they would from a computer, it tends to be in a slightly more limited format.

For example, not all that long ago the app from The Co-operative only allowed users to check their balances and set up weekly alerts; it's since been updated to include other services, which allow users to make money transfers and view statements.

In June this year Computer World UK ranked the mobile apps of several of the UK's main banks. In terms of functionality and usability, the best to worst were:

  1. Lloyds
  2. Barclays
  3. Nationwide
  4. Natwest
  5. Santander
  6. HSBC

Although security doesn't seem to have been factored into this particular survey.

It's worth noting though that the banks have recently taken action to step up the security of their respective apps yet, as with account aggregators, there are still some concerns, which we look at in more detail here.

Account aggregators

Account aggregation allows those with internet accessible accounts at several financial institutions to monitor their accounts from a single web page or mobile application.

Using various tools and features, such as graphs and charts, expenditure is categorised so that users can see exactly where their money is going. They can also set monthly budgets to help with savings.

First Direct, Moneydashboard, and are all providers of account aggregating services that can be used online via a desktop or laptop. Whilst mobile apps operating in a similar way include You Need a Budget and Goodbudget.

But the Financial Services Authority (FSA) does not regulate the provision of these (and other) aggregation services; users share their online banking login details at their own risk.

In addition, many banks state in their terms and conditions that sharing account information in the way necessary for aggregators to work isn't allowed, so anyone using such a service could find themselves liable should there be fraudulent or unauthorised activity on their accounts.

Find out more about how these services work and the risks in our budgeting article.

Digital banks

A more recent phenomena of the internet age, these banks offer some of the services and products of conventional banks but operate wholly online, with no physical branch locations.

Customers can set up an account online and then manage it using an online banking system, or in many cases via a smartphone app.

Smile, part of the Co-op Bank, was the UK's first full service digital bank and offers one of the broadest ranges of products, including current and savings accounts, mortgages, credit cards and insurance.

Current account holders can benefit from an increased number of online banking services, which include payments and transfers up to £250 without the need of a card reader as well as spending and balance notifications so account holders know exactly what they are spending and when they are about to dip into an overdraft.

Atom Bank, built exclusively for mobiles and tablets, has a more limited offering of products - saving accounts and mortgages - yet boasts some great deals, such as fixed saving accounts offering up to 2.30%.

Overall these banks have very few customers comparative to the high street institutions like Lloyds and Halifax, perhaps due to their smaller product ranges and unconventional set up. They have been popular amongst younger customer though and may perhaps expand and grow in the coming years.

Challenger banks

A boom in fintech start-ups has caused further innovation in the finance world with the advent of mobile banking only applications like Monzo, Starling Bank and Tandem, so-called "challenger banks".

Whilst these companies don't offer financial products of their own, at least not for the time being, they do allow customers to manage their accounts with other providers.

Many of their features resemble those offered by money aggregators - the categorisation of expenditure and setting of monthly budgets - but some go beyond what has been traditionally offered in the finance sector, such as real time balance updates and instant payment notifications.

These apps can also link your debit/credit card to smartphone payment services like Apple and Android Pay, which in many cases can be a much simpler and secure method of payment providing retailers have the necessary technology.

Another mobile app and payment system Curve allows users to link all debit and credit cards via one master card so you only ever need to carry one card at any time. It also boasts a retroactive payments tool that gives users a 14-day period in which to change the card used for a particular purchase.

Still in the early stages of development there have been some hiccups with these apps, mainly related to security and customer service.

The big problem, however, seems to be their availability, limited supplies and high demand have led Monzo, Curve and Tandem to employ waitlists for new customers.

Login methods: how the banks compare

The process of logging in is a security measure was designed so that online bank accounts may only be accessed by the account holder.

The days when customers could simply enter a username and password are long gone. Instead, banks are forced to adopt ever more elaborate ploys to foil cyber criminals.

Card readers

Card readers are small plastic devices that resemble mini calculators or chunky credit cards. They are issued to online banking customers who use them to generate a unique number used to log in to their accounts or validate transactions.

Banks that provide card readers include Barclays, Natwest, HSBC, the Co-op, Nationwide, First Direct and RBS.

Barclays say that they've seen a 90% reduction in online fraud since they introduced card readers. The Payments Council - the body with responsibility for ensuring that payment services work - is also a supporter of two-factor authentication.

Now, the only banks without card readers are:

Card reader problems

Although card readers undoubtedly increase security, they have incited anger among some consumers. When HSBC launched its "Secure Key" - used to generate a unique identification number - in 2010, many users found that they were unable to log in at all because they hadn't yet received a device.

HSBC also didn't win any fans by making Secure Key a mandatory part of logging in to online banking. With other banks, it's possible to skip the process and log in with personal and online banking information alone.

The devices are also reportedly too fragile to be carried around without smashing and, once smashed. To get around this problem, HSBC now supply a digital secure key, which can be accessed through their mobile banking system so it's not necessary to carry a Secure Key around.

Passwords and personal information

Banks without card readers rely on user generated passwords and the input of personal information in order for customers to access their accounts.

Unfortunately, when asked to create a password, many people plump for easy to remember words. Passwords that can be found in a dictionary or more likely jump out of our keyboards - qwerty anyone? - make the job of cyber criminals very much easier.

Personal information such as dates of birth, addresses and telephone numbers are also relatively easily obtainable by nefarious intent.

To combat this, most banks will now insist that passwords contain both letters and numbers. Some, such as Santander, and credit card provider MBNA, make use of phrases and pictures chosen by the customer when their account is created.

Some banks, such as Santander, now request the use of a one-time passcode as an additional level of security when making certain types of transactions, like money transfers. This procedure usually entails a unique code being sent to an account holder's phone and then entered using the online system.

Minimising the risk of fraud

Although figures from Financial Fraud Action UK showed a reduction in the overall amount of money lost from online banking fraud compared to 2015, the number of cases reported did increase.

ofcom peak time speed proportion

SOURCE: Financial Fraud Action UK. Available here [pdf].

Also it now seems that criminals are targeting service providers as much as they are individuals, accessing information that can directly or indirectly enable them to scam thousands of customers - as was the case in late 2014, when TalkTalk customers began to report receiving suspicious phone calls.

Who's safest?

When consumer magazine Which? tested online banking services in October 2016, it gave First Direct the most security seals of approval with an overall score of 78%.

Other top scorers included:

At the other end of the scale, those with the least secure systems included:

Going paperless

To some extent, simply using online banking and going paperless helps to reduce the risk of fraud, as a large proportion of identity theft is carried out by thieves stealing paper statements and transaction slips.

Staying safe

But although it is in the banks' own interest to keep security tight, that doesn't mean consumers should get lax with theirs. Banks generally bear the cost of online fraud, but they only have to repay customers who have been careful to keep their own login details safe.

According to David Divitt from security consultants ACI Worldwide, "The most important thing is that customers pay attention."

This means exercising common sense precautions such as not writing PIN numbers down and properly disposing of waste containing personal information.

As mentioned above, anyone wary of fraud should also make sure to avoid aggregator and unauthorised banking app services. Several banks have explicitly stated that customers will not be compensated if they become victims of fraud while using external sites requiring their secure information.

Some commentators also advise backing away slowly from any Windows-based operating systems when using online banking services, as Windows is the most targeted OS when it comes to malicious software.

A switch to Mac or Linux isn't the most practical advice, though it could become easier as people begin to acquire multiple devices: it makes online banking on the iPad seem like a pretty good idea, for example.


13 April 2012
Online First Direct Fraud

I was subject to £58,000 online fraud by someone logging on to my account with First Direct and then transferring payments out to 10 different bank accounts. I do not know how they got my details as I log onto the account very infrequently and could not find any trojans.

The bank were great and spotted the problem and refunded the money to the account immediately. They notified the banks where the money was sent (Barclays and Lloyds). Sadly there does not seem to be any organised police response despite this being obvious serious organised crime. I have reported it to the National Fraud office online.

» Read more of the latest news

» Search for more guides on money

Follow us or subscribe for FREE updates and special offers