The study found that banks are sending security codes via text, which is the least secure way to authenticate customers. Banks were given a score based on four key areas – login, navigation and logout, account management, and encryption – and those with the lowest scores were Virgin Money, TSB, and Barclays. Virgin Money lost points for not adequately blocking weak passwords and sending one-time passcodes via text messages. Barclays lost points for failing to log customers out after five minutes of inactivity. Overall, the study found that banks are doing a poor job of security and are putting customers at risk of fraud.