A lack of security protection on some banks’ websites and apps is leaving “open doors” for scammers, Which? claims. The customer security systems of 13 current account providers were tested by the consumer group with help from security experts at Red Maple Technologies. The security features of online and app services offered by account providers were scored by looking at their processes for login, navigation and logout, account management and encryption. Virgin Money scored the lowest overall for online and app banking in the research. “The safety and security of our banking services is our top priority, and we are continually monitoring, assessing and improving our security controls," a Virgin Money representative said. “A number of the points raised in this research relate to decisions we’ve taken to enhance the digital user experience while ensuring our robust, multi-layered controls remain in place to protect customers’ accounts.” Which? said it also had some concerns over TSB, which received the second lowest score for its app in the study. “We continue to invest in our online and mobile services – and work with globally leading tech firms to deliver both security and accessibility to our customers," a TSB. "TSB also tracks well across the industry on fraud prevention and we are the only bank that protects its customers with a guarantee to return their money should they ever fall victim to fraud.” Nationwide Building Society was given the second lowest score for online banking security. “Nationwide takes the security of its members and their money very seriously," Nationwide said. “We are never complacent and conduct regular testing of our systems to ensure that we maintain an appropriate level of protection, whilst ensuring a positive user experience. “We will take the points raised by Which? on board as we continue to evolve our digital services.” Meanwhile, Which? said Starling Bank was top for online banking security. Top scorer for online banking security last year, HSBC UK, also performed well this year. It followed closely behind Starling for online banking, while its app had the highest score. Which? said the banks included in the research also had behind-the-scenes systems that the consumer group and Red Maple Technologies were not able to test. In general, the consumer champion said it wanted improvements in which weak passwords were blocked. It also believes that sensitive data should not be sent by text messages because they can be intercepted. If the worst happens and people fall victim to remote banking fraud, in many cases they will be entitled to a refund from their bank. “Banks should not be leaving these open doors for scammers to exploit and must up their game to protect their customers properly," said Sam Richardson, Which? Money deputy editor. “By making improvements, such as blocking weak passwords, banks can take an important step in preventing unscrupulous fraudsters from attempting to steal money and personal data from consumers.” A UK Finance representative said: “The banking and finance industry is committed to stopping fraud from happening in the first place, investing billions in advanced technology to protect customers. “Our figures have shown that the number of recorded cases of unauthorised fraud has fallen year on year, with the first half of 2022 showing a fall of 7 per cent to just under 1.4 million, and banks stopping £583.9 million ($720 million) of unauthorised fraudulent transactions. “The industry continues to work closely with the government and law enforcement to target the criminal gangs responsible and continue its efforts to prevent fraud to customers.” <b>Here are five tips from Which? for safe banking online:</b> 1. If you receive unexpected emails, texts, WhatsApp messages or any other type of online correspondence, do not click on the hyperlinks they contain. Criminals posing as your bank might try to steal sensitive data or trick you into sending money, going as far as creating fake websites to impersonate banks and other companies. Do not download attachments or call phone numbers. If you need to get in touch with your bank, call it on a trusted number, such as the one on your debit card. 2. Use up-to-date security software. This means downloading antivirus software on your computer, phone and any other devices you have. It is also important to download and install the latest updates for the device. Updates contain security patches for new vulnerabilities, so do not use an out-of-date device. 3. Protect your mobile phone. Go into the settings to ensure your phone automatically locks after a short period of inactivity. While you are in there, disable lock screen notifications, to prevent criminals seeing incoming texts, which could include bank codes for accessing your account. You can also add a Pin to your Sim card, to prevent it being accessed. 4. Check privacy settings on social media. Remove any personal information such as your email, date of birth and phone number, all of which can be used by criminals to steal your identity or impersonate your bank. Only accept friend requests from people you know. 5. Replace default passwords on your home router. This will prevent others from accessing it. Also, avoid banking on unsecured wireless networks or public computers. If you do use a public computer, never leave it unattended and always log out when you have finished.