UK consumers' association Which? has hit out at much of the banking industry for failing to protect online customers with two-factor authentication (2FA).
Which? says that seven out of Britain's top 12 online banking providers do not offer 2FA. despite having the technology to do so.
The guilty parties are named as the Co-operative Bank, Clydesdale and Yorkshire Bank, Lloyds Bank (and sisters Bank of Scotland and Halifax), Metro Bank, NatWest and RBS, Santander and TSB.
Which? argues that this is dangerous in an era where crooks can glean valuable information about people from social media, rendering passwords less safe.
Things could be about to change, with more payment providers likely to adopt 2FA ahead of new ‘strong customer authentication’ regulations, due to be introduced from September.
Stuart Rye, director of business development, financial services, Fujitsu UK, says banks are under increasing scrutiny from both customers and the government.
"While we don’t expect biometric adoption to happen overnight, many organisations looking to digitally transform will find themselves reevaluating their current systems and investing in more efficient and effective measures," says Rye.
Overall, Which? ranks first direct as the top bank website, based on an evaluation of five factors: login, encryption, account management, and navigation and logout.
First direct scores 76%, ahead of its owner HSBC on 73% and Barclays on 68%. At the bottom of the table are Metro on 52%, Natwest on 53% and Santander on 54%.