Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
Wednesday 24 April 2024 6:00 am  |  Updated:  Wednesday 24 April 2024 10:48 am

Consumer group names TSB, Co-op Bank and Monzo as worst major banks for mobile app security

By: Lars Mucklejohn

Banking and Fintech Reporter

Add as a preferred source on Google
TSB, The Co-operative Bank and Monzo have been named the worst major banks for mobile app security by consumer group Which?
TSB, The Co-operative Bank and Monzo have been named the worst major banks for mobile app security by consumer group Which?

TSB, The Co-operative Bank and Monzo have been named the UK’s worst major banks for mobile app security by consumer group Which? amid warnings that scammers are increasingly targeting customers via their phones.

The group reviewed the apps and websites of Britain’s 13 largest current account providers between January and February, with assistance from computer security experts.

Which? rated the banks on their login procedures, security “best practice”, account management and navigation and logout. Its researchers were not able to test back-end security systems.

While each bank used multi-layered security helping to reduce the chance of major breaches, Which? said it believed that some towards the bottom of its league tables “fell short of the high standards customers should expect”.

TSB scored 54 per cent for its mobile app security and 67 per cent for its online security – coming in bottom and second-bottom respectively.

Which? said TSB’s handling of sensitive data meant it could be read by other apps running on the phone and that the app stores users’ details “in an insecure manner”. The bank said the matter was under review and a fix would be “considered in the future”.

Researchers also found TSB sent a phone number in an SMS alert, which could be replicated by scammers. The bank said it would remove the number from this alert, having already done so for others.

Which? added that TSB’s password requirements are only six characters and let users choose “insecure” combinations which are easier for scammers to crack.

TSB said: “We continue to strengthen the and mobile banking while delivering a positive and convenient user experience for customers. That’s reflected in our high app store ratings.”

Which? ranked Co-op Bank bottom for online security, with a score of 61 per cent. It was second-to-last for mobile app security, with a score of 57 per cent.

The group said Co-op Bank was the only firm that failed to require a two-factor authentication login on a test laptop and that it also does not block customers from setting weak passwords.

It added that researchers could be logged in from two different IP addresses at once, and, like TSB, there were phone numbers in SMS alerts.

Read more

Top-rated casino apps displayed on a smartphone screen, highlighting user-friendly interfaces and popular gaming options

The bank said: “We are constantly reviewing and enhancing our security controls and we will be delivering a number of further improvements in 2024 to give our customers peace of mind that they can continue to bank safely and securely with us.”

Lloyds was the only bank that failed to log out website users after five minutes of inactivity. The group said this feature makes banking easier for its vulnerable customers.

Customers are increasingly using mobile phones as their primary way of accessing banking services, with a flurry of online-only and app-based offerings emerging in recent years to meet the demand.

Nine-year-old Monzo, which only offers online personal banking for emergencies, came third-bottom for mobile app security with a score of 60 per cent.

The digital-only challenger was also listed by the Payments Systems Regulator last October as one of the major banks most hit by fraud and least likely to refund customers for 2022.

A spokesperson said it used “cutting-edge technology like machine learning, as well as hiring the best people in the industry” to keep customers’ money safe. “With fraudsters always evolving their tactics, we continue to invest heavily in new ways to tackle financial crime and launch leading and industry-first tools to protect our customers,” they added.

Starling and Natwest/RBS topped the Which? ranking for online security, both scoring 87 per cent, while HSBC came top for mobile app security with a score of 78 per cent.

Sam Richardson, deputy editor of Which? Money, said: “While our investigation found no major security issues, there were some areas of concern that we think the banks in question need to urgently address, so that sophisticated scammers can’t use loopholes to target innocent victims.

“With fraudsters still relentless in their pursuit of our money and a general election looming, the next government must make fighting fraud a national priority, with a fraud minister installed to work across multiple government departments.”

A spokesperson for banking trade body UK Finance said the industry “invests heavily in cyber security and data sharing, seeking to detect and prevent malicious actors from infiltrating systems, stealing data, and committing fraud”.

“As the fraud landscape evolves, banks update and reinforce security measures on their platforms to mitigate potential threats, whilst maintaining a positive user experience for customers,” they continued.

Read more

For all their charm, digital banks still leave me tearing my hair out

Digital bank interface showing user-friendly dashboard with financial analytics and transaction history on a modern screen

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Banking
  • Business

People & Organisations

  • Monzo Bank
  • The Co-operative Bank
  • TSB

Related Topics

  • Challenger banks
  • Company
  • fraud
  • Monzo Bank
  • The Co-operative Group
  • TSB Banking Group

Trending Articles

  • Burnham tax plans spark investor rush to bank capital gains

  • Nothing fails to file accounts months after dissolution threat

  • Cruyff turn: Starmer allows pubs to stay open for England World Cup game

  • I’ve taken the best train trips in the world. Here are my 5 favourites

  • PwC joins the Canary Wharf crowd in major property shake-up

More from City PM

  • For all their charm, digital banks still leave me tearing my hair out

    Opinion
    Digital bank interface showing user-friendly dashboard with financial analytics and transaction history on a modern screen
  • Barclays pays £180m for loss-making UK fintech Gohenry

    Banking
    Barclays posted its first-quarter update on Wednesday.
  • Britain’s first sovereign AI model secures blue-chip backing as Starmer unveils £400m plan

    Tech
    Prime Minister Keir Starmer addressing media at a press conference podium, discussing current governmental policies and in...
  • UK banks’ digital ID bid is a game of optics – and the odds are not in their favour

    Banking
    Banking app interface showing financial transactions and account balance on a smartphone screen, emphasizing digital finan...
  • Apple claims CMA app store shake-up could ‘open the door to scams’

    Tech
    Apple App Store with UK flag and warning sign about potential scams due to proposed CMA competition reforms

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy