Internet Guide Logo

Secure banking: Safety features online banks employ

Last Edit: 21/06/18

With Which? predicting that UK banks are planning to close 2,900 branches over the next three years, it has become clear that banking trends are going to switch more and more to online banking. Natwest, HSBC, Lloyds, Barclays, Santander, and RBS are the banks predicted to close the most branches. Therefore, even if you are uneasy about banking online, it may become a necessity, and the unease most people have about online banking is how secure it is and what safety features do banks employ.

HTTPS: The primary safety feature that online banks use is HTTPS: which means your connection is using Hypertext Transfer Protocol (HTTP) over either Transport Layer Security (TLS) or Secure Sockets Layer (SSL); typically the former. HTTPS encrypts data between the client (user) and server (bank); with servers requiring a safety certificate from a certificate authority. Users will need to trust that: their browser (client) interprets that the certificate a website is using is valid; that certificate authorities are vouching for a secure website; and that HTTPS is secure against hackers who attempt to eavesdrop communications.

When using a web browser, it is possible to view whether the connection is using HTTPS by noting the following:

  1. The web page address will begin with https// "s" is for secure.
  2. The address bar will contain some type of padlock symbol.

An example of a secure webpage is shown below: the HSBC login webpage loaded within the Internet Explorer Web browser:

Image showing a https secure address url for a banking site in the ukThe padlock symbol in the IE browser, which shows the webpage is an encrypted transmission.

Fraud detection: Most banks have also been recording your spending habits, and if something drastically changes it may create a fraud alert which may stop the transaction or result in the bank contacting a customer to verify that they're making the purchase. Some behaviours which can create a fraud alert are: a large purchase; a small purchase followed immediately by a large purchase (a fraudster testing the card); making a purchase outside the normal geographical area; and purchasing items that more associated with fraud (diamonds/gold). The fraud protection provided by banks varies, but are compared by consumer watchdogs like Which?.

Two factor authentication: Is another security feature employed by most online banks. The way in which two factor authentication is implemented changes amongst banks. One factor authentication only requires a username and password, whereas two factor authentication requires an extra piece of information; which attempts to make it more difficult for hackers to access your account. A popular two factor authentication device is a secure key pad (shown below) that produce a unique code for each login attempt. These secure key pads can also produce unique codes for new payees; alongside their primary purpose of creating a secure login code. HSBC's Secure Key (shown below) and Barclay's PINsentry card reader are two examples of secure key pads, and have helped both banks to generally rank amongst the most secure UK banks from 2015-2018.

Secure key pad, which is provided to most personal bank accounts of customers banking with HSBC

Authentication devices differ in how they function, but, on the whole, they create a six digit unique code to be entered into a banking website. HSBC's Secure Key requires users to enter a four digit pin number before it will generate a six digit code for login and payee purposes. Older HSBC authentication devices -- for business banking -- didn't require users to enter a four digit pin; therefore authentication devices have evolved to increase security. Banking app's -- installed on smartphones -- may end up replacing secure key pads.

Security education: Online banking often becomes insecure, not because of the bank, but because of a customers behaviour or computer/device. Therefore, banks are increasingly attempting to educate users about Internet security. Phishing has become a major problem: this is where fraudsters email/phone users asking for personal information which can compromise their bank account. Banks have issued many warnings about these phishing schemes; highlighting that they will never email customers asking for their login details. The security of a users computer is another problem area, malware/key loggers/viruses, can all compromise accounts. Banks recommend users to install anti-virus software, firewalls, and use the latest version of their operating system and browser. Some banks recommend you install specific security software: HSBC recommend you install IBM's Trusteer Rapport. Alongside online behaviour, banks advise about real world behaviour: keeping bank statements and other ID documents secure; so that a customers identity cannot be stolen. The Internet connection a customer uses is also important: using an open WIFI network in a cafe or hotel is not advised, and generally speaking using a wired ethernet connection (on a home network) without Wifi enabled will increase security.