How Cyber Resilient Are The Top Online Banks?

How Cyber Resilient Are The Top Online Banks?

Abstract shapeAbstract shape
Join 27,000+ cybersecurity newsletter subscribers

Booksellers and electronics retailers aren't the only brick-and-mortar businesses challenged by the rise of highly agile, online-only competitors—traditional retail banking institutions also face stiff competition from Internet-based consumer banking upstarts. But are these born-in-the-cloud banks and financial services offerings safer than their traditional counterparts? Let's take a look at the leading online banks to see if they're equipped to handle today's cyber threats.

According to recent numbers, 81% of those responsible for managing household finances have done so via the web in the previous 12 months, making up a whopping 69 million Americans who currently bank online. However, the numbers behind the banking industry's digital renaissance aren't all rosy adoption metrics: last year's Bangladesh Central Bank heist would have surpassed $1 billion in stolen funds, if not for a hacker's typo (they still managed to get away with $80 million).

Traditional banking institutions face a myriad of security challenges in digitizing their products and services, but how do online-only banks compare when it comes to cyber resilience? Does having a digital DNA from the outset result in more resilient online banking services? Let's find out.

Online Banking Roundup

All of the following online-only retail banking firms lack physical branch locations and process transactions entirely online. A few—most notably Synchrony Bank—white label their consumer credit offerings to major brands like Amazon, Walmart, and Guitar Center, to name a few.

1. Goldman Sachs Bank - 836 out of 950

Goldman Sachs CSR 836

Referred to as GS Bank for short, this online-only consumer bank is a subsidiary of the century-old investment banking giant. How resilient are its efforts in transitioning from "Wall Street to Main Street"? An expiring SSL certificate and lack of DNSSEC are its only website perimeter security issues.

2. Synchrony Bank - 834 out of 950 

Synchrony Bank CSR 834

You may not have heard of Synchrony Bank, but if you have an or Amazon Prime Store Card, you're likely a banking customer of theirs. Despite its strong 834 CSR score, a handful of security issues like missing HTTP transport security, server information leakage, and lack of DNSSEC could lead to a data breach.

3. Ally Bank - 836 out of 950

Ally Bank CSR 836

Utah-based Ally Bank offers a range of consumer banking products: savings, checking, money market, certificate of deposit (CD), and IRA CD accounts, all online-only.

Its good but less-than-perfect 836 CSR score is a result of several flaws in its website perimeter security—server information leakage, lack of HTTP strict transport security, and missing DNSSEC.

4. GoBank - 808 out of 950

GoBank CSR 808

Prepaid debit card issuer Green Dot launched GoBank in 2013 as a mobile-only banking institution—everything from opening accounts and ordering debit cards to paying bills is done exclusively via its mobile app. Unfortunately, its website's SSL certificate is cause for concern, to put it mildly.

GoBank SSL Error

Its mobile web presence scores a strong 808 CSR rating, but falls short due to several security flaws including server information leakage, missing HttpOnly/secure cookies, and disabled DNSSEC.

5. Radius Bank - 884 out of 950

Radius Bank CSR 884

Boston-based Radius Bank was founded in 1987 by the Massachusetts Carpenters Combined Pension and Annuity Funds—created by/for local union carpenters. The company recently transitioned to digital-only banking services, folding its 6 retail branches into 1 as part of its bank "virtualization" efforts. Security flaws such as lack of DMARC and missing DNSSEC mar its otherwise respectable 884 CSR score.

6. Bank of Internet USA - 789 out of 950

Bank of Internet USA CSR 789

Founded in 1999, Bank of Internet USA was one of the first banks worldwide to offer Internet-only consumer deposit accounts and loans—in fact, the company holds the enviable title of the oldest Internet-only bank in the United States. Its 789 CSR score is a reflection of various security gaps: lack of HTTP strict transport security, missing secure cookies, and disabled DMARC/DNSSEC.

7. Simple - 880 out of 950

Simple CSR 880

Like GoBank, Portland-based Simple offers online-only banking services that focus on mobile devices. The company is part of the STAR network and issues FDIC-insured checking accounts exclusively to U.S. citizens via its partnership with The Bancorp. The company scores a strong 880 CSR score, despite security flaws like missing DMARC and lack of DNSSEC.

8. BankPurely - 656 out of 950

BankPurely CSR 656

In case you were wondering if there's such a thing as green banking, this is (presumably) it: BankPurely's online-only bank was "specifically crafted for ethical consumers with greater awareness about environmental and social issues." Or in other words, digital banking saves trees. Its CSR score of 656 suffers due to server information leakage, missing secure cookies, lack of DMARC/DNSSEC, and other flaws.


In general, the leading online-only banking institutions have most of their bases covered in regards to cyber resilience and security fitness—though none were able to achieve an excellent CSTAR rating. Want to learn more about UpGuard's CSTAR cyber resilience rating methodology? You can start by giving UpGuard's risk grader web application and chrome extension a free spin to instantly validate a website's security posture

Free eBook

IT Compliance Risk Management for Banking and Financial Services

Learn about IT compliance risk management for banking and financial services organizations with this in-depth eBook.
UpGuard logo in white
IT Compliance Risk Management for Banking and Financial Services
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape