Neil Turner's Blog

Blogging about technology and randomness since 2002

UK Banks and Encryption

Here’s a short survey I have done on the levels of encryption employed by UK banks for their online banking systems, and whether they use EV (extended validation) security certificates.
Ideally, sites such as those that deal with money should be using the strongest encryption available (256-bit AES) and use an EV certificate (the green bar) to allow the user to verify that the site isn’t a hoax.

UK Online banks
Bank nameBit strengthEV?
NatWest128-bit RC4Yes
HSBC168-bit 3DESNo
Halifax128-bit RC4No
Lloyds TSB256-bit AESNo
Barclays256-bit AESNo
RBS128-bit RC4Yes
Alliance & Leicester128-bit RC4No
Abbey128-bit RC4No
Nationwide128-bit RC4No
Co-operative Bank128-bit RC4No

All tests were carried out on Firefox 3 Beta 5 running on Windows, and data is from the login screens only, not actual online banking sessions.
The test results are slightly concerning. Though RC4 is largely safe, there are a growing number of attacks used against it, especially when used for securing WEP wireless networks. AES, on the other hand, has fewer known flaws, but it should be in wider use.
The lack of sites with EV certificates is also surprising, particularly as phishing is a growing problem and all of the sites listed here have been targeted in emails that I have seen. Only two sites have them and they are owned by the same parent company and use the same domain.


  1. Hello Neil, your autodetect atom feed (on ) appears to be busted.
    Also, no idea what to subsribe to from
    help please?

  2. I have just moved house, am on virgin media (same account, just moved addresses) and I cannot access Natwest or RBS websites, either .com or Google Chrome says “oops, this link appears to be broken”. I have also checked and I can’t access through Internet Explorer. Is this something to do with my security settings? No-one else seems to have this issue.