List of UK Building Societies that are secure by default

By Stephen Kellett
15 December, 2017

This is one of several posts of the topic of security of websites. Inspired by my initial post on the security of UK banks.

The reason for splitting this data into multiple posts is to make it more manageable. So that data on one institution is not mixed with data on another type of institution.

The following key is used for the secure status:

YesThe site is secure, loaded via https
InvalidThe site loads via https, but the security certificate is invalid and thus the site is insecure.
PartialThe site loads via https, but loads some parts of the page without https. The site is insecure.
NoThe site is loaded via http, not via https.
FixedThe site is loaded via https, but at the time of first writing it was loaded via http.
??We could not find a website to evaluate.

We tested 45 building societies. We found 16 building societies that did not have a secure home page (not https or did have https with an invalid security certificate). That is 36% of UK building societies have security vulnerabilities.

Building SocietySecureHome Page
Bath Investment & Building SocietyYes
Beverly Building SocietyNo
Britannia SavingsNo
Buckinghamshire Building SocietyNo
Cambridge Building SocietyYes
Chorley & District Building SocietyNo
Coventry Building SocietyYes
Cumberland Building SocietyYes
Darlington Building SocietyYes
Dudley Building SocietyYes
Earl Shilton Building SocietyNo
Ecology Building SocietyYes
Furness Building SocietyYes
Hanley Economic Building SocietyYes
Harpenden Building SocietyYes
Hinckley & Rugby Building SocietyYes
Holmesdale Building SocietyYes
Ipswich Building SocietyYes
Leeds Building SocietyNo
Leek United Building SocietyYes
Loughborough Buildiong SocietyYes
Manchester Building SocietyYes
Mansfield Building SocietyYes
Market Harborough Building SocietyNo
Marsden Building SocietyYes
Melton Mowbray Building SocietyYes
Monmouthshire Building SocietyYes
National Counties Building SocietyNo
Newbury Building SocietyYes
Newcastle Building SocietyYes
Norwich & Peterborough Building SocietyYes
Nottingham Building SocietyYes
Penrith Building SocietyYes
Principality Building SocietyNo
Progressive Building SocietyNo
Scottish Building SocietyYes
Saffron Building SocietyYes
Skipton Building SocietyNo
Stafford Railway Building SocietyYes
Swansea Building SocietyNo
Teachers Building SocietyYes
Tipton & Coseley Building SocietyYes
West Bromwich Building SocietyNo
Yorkshire Building SocietyYes


I shouldn’t need to point this out, but i will, all the same, just to be clear.

The data provided on this page should taken at face value. If you’re not sure about something, please verify it yourself. Nothing reported here should be regarded as a criticism or an endorsement or recommendation of an organisations security effectiveness. I am simply passing comment on whether the home page (whatever that may be) is provided as https on not. Other security concerns are a separate matter.

If your organisation is listed here and is not marked as secure, your best course of action is to fix that, not to complain that someone is reporting a fact anyone with a web browser can discover. The security status of your home page is public information, albeit information that many people don’t understand.

Fully functional, free for 30 days