I think pretty much everyone is agreed that implementing two factor authentication on important online accounts currently represents the "Gold Standard" in terms of security for the average consumer. There can be few accounts as important to protect as our online banking accounts with password managers, email accounts and others very close behind indeed in terms of security requirements.
With this in mind it has always seemed odd to me that I can log in to a Santander account with no second factor being checked, therefore if someone did obtain my login credentials they would be able to access my financial information and I would be none the wiser. I do not believe this to be an optimal arrangement in terms of security, for such a sensitive system,
Being curious I wrote to Santander outlining my concerns and asking for an explanation why two factor authentication has not been implemented, others may be interested in their position, which is as follows:
Thank you for your letter dated 6th January 2018.
I understand you would like to know why Santander do not use two factor authentication for the initial log-in step for our online banking service.
Unfortunately, I am only able to advise that this is a business decision made by Santander, and that it will not be possible for me to provide an explanation of how this decision was reached.
I can confirm that Santander do take online and mobile banking security very seriously, and that we are constantly looking for ways to improve our security for customers, however they choose to bank with us.
I have raised a suggestion form detailing the concerns given in your letter, which will be reviewed by our feedback team. Our customer suggestions are recorded and are taken into account in future reviews our our policies and processes.
If you'd like to discuss any of the above points, please call me on 0151 2548618.
Thank you for raising your concerns with us, they will help us to improve and meet our aim to deliver the highest level of customer service.
In summary, no, we don't use two factor authentication and we are not going to tell you why that decision was made, but we are happy to look after your money for you.
Only a matter of time before 2FA is implemented but the Santander systems I believe are less secure in the meantime without it.