UK banks web security

This page compares the web security of online banking websites of British banks. HTTPS is the encryption between your web browser and the bank’s web server. It protects against others reading or changing the page (a man-in-the-middle attack). This is particularly important if you use wifi in a public place.

Scores are from the SSL server test run by SSL Labs, and consider protocol support, certificates and signatures. It tests whether sites are vulnerable to attacks such as Heartbleed and Poodle.

The scores don’t assess:

How you login to the websites, eg. whether you need a cardreader, what details someone else would need to login to your account. See Which? magazine.
The security of banks’ internal computers and systems. See newspaper articles Hacking attack gang stole £1.3 million and Computer hacking gang ordered ATM machines to dispense money…
Whether branch doors are left unlocked overnight

Scores

Last updated: 2022-06-22

Show grades for homepages as well as login pages

Bank	Login page	Homepage
Barclays	A+	A+
Co-op	A+	A+
First Direct	A+	A
Halifax	A+	A+
HSBC	A+	A+
Lloyds	A+	A+
Metro Bank	A+	A+
Nationwide	A+	A+
Natwest	A	B
RBS	A	B
Santander	A+	A
Smile	A+	A+
Tesco	A+	A
TSB	Hostname blacklisted	Hostname blacklisted
Facebook	B
Gmail	B
GOV.UK	A+
Twitter	A+
Wikipedia	A+

Questions and comments welcome to bank.grade.ssl.uk@gmail.com. If you run a website and would like to improve its score, read the guide SSL and TLS Deployment Best Practices.