List of UK Building Societies that are secure by default

By Stephen Kellett
15 December, 2017

This is one of several posts of the topic of security of websites. Inspired by my initial post on the security of UK banks.

The reason for splitting this data into multiple posts is to make it more manageable. So that data on one institution is not mixed with data on another type of institution.

The following key is used for the secure status:

YesThe site is secure, loaded via https
InvalidThe site loads via https, but the security certificate is invalid and thus the site is insecure.
PartialThe site loads via https, but loads some parts of the page without https. The site is insecure.
NoThe site is loaded via http, not via https.
FixedThe site is loaded via https, but at the time of first writing it was loaded via http.
??We could not find a website to evaluate.

We tested 45 building societies. We found 16 building societies that did not have a secure home page (not https or did have https with an invalid security certificate). That is 36% of UK building societies have security vulnerabilities.

Building SocietySecureHome Page
Bath Investment & Building SocietyYeshttps://www.bathbuildingsociety.co.uk/
Beverly Building SocietyNohttp://beverleybs.co.uk/
Britannia SavingsNohttp://britannia.co.uk/
Buckinghamshire Building SocietyNohttp://www.bucksbs.co.uk/
Cambridge Building SocietyYeshttps://www.cambridgebs.co.uk/
Chorley & District Building SocietyNohttp://www.chorleybs.co.uk/
Coventry Building SocietyYeshttps://www.coventrybuildingsociety.co.uk/
Cumberland Building SocietyYeshttps://www.cumberland.co.uk/
Darlington Building SocietyYeshttps://www.darlington.co.uk/
Dudley Building SocietyYeshttps://www.dudleybuildingsociety.co.uk/
Earl Shilton Building SocietyNohttp://www.esbs.co.uk/
Ecology Building SocietyYeshttps://www.ecology.co.uk/
Furness Building SocietyYeshttps://www.furnessbs.co.uk/
Hanley Economic Building SocietyYeshttp://www.thehanley.co.uk/
Harpenden Building SocietyYeshttps://www.harpendenbs.co.uk/
Hinckley & Rugby Building SocietyYeshttps://www.hrbs.co.uk/
Holmesdale Building SocietyYeshttps://www.theholmesdale.co.uk/
Ipswich Building SocietyYeshttps://www.ibs.co.uk/
Leeds Building SocietyNohttp://www.leedsbuildingsociety.co.uk/
Leek United Building SocietyYeshttps://www.leekunited.co.uk/
Loughborough Buildiong SocietyYeshttps://www.theloughborough.co.uk/
Manchester Building SocietyYeshttps://www.themanchester.co.uk/
Mansfield Building SocietyYeshttps://mansfieldbs.co.uk/
Market Harborough Building SocietyNohttp://www.mhbs.co.uk/
Marsden Building SocietyYeshttps://www.themarsden.co.uk/
Melton Mowbray Building SocietyYeshttps://www.themelton.co.uk/
Monmouthshire Building SocietyYeshttp://www.monbs.com/
National Counties Building SocietyNohttp://www.ncbs.co.uk/
Newbury Building SocietyYeshttps://www.newbury.co.uk/
Newcastle Building SocietyYeshttps://www.newcastle.co.uk/
Norwich & Peterborough Building SocietyYeshttps://www.nandp.co.uk/
Nottingham Building SocietyYeshttps://www.thenottingham.com/
Penrith Building SocietyYeshttps://www.penrithbuildingsociety.co.uk/
Principality Building SocietyNohttp://www.principality.co.uk/
Progressive Building SocietyNohttp://theprogressive.com/
Scottish Building SocietyYeshttps://www.scottishbs.co.uk/
Saffron Building SocietyYeshttps://www.saffronbs.co.uk/
Skipton Building SocietyNohttp://www.skipton.co.uk/
Stafford Railway Building SocietyYeshttps://srbs.co.uk/
Swansea Building SocietyNohttp://www.swansea-bs.co.uk/
Teachers Building SocietyYeshttps://www.teachersbs.co.uk/
Tipton & Coseley Building SocietyYeshttps://www.thetipton.co.uk/
West Bromwich Building SocietyNohttp://www.westbrom.co.uk/
Yorkshire Building SocietyYeshttps://www.ybs.co.uk/index.html

Disclaimer

I shouldn’t need to point this out, but i will, all the same, just to be clear.

The data provided on this page should taken at face value. If you’re not sure about something, please verify it yourself. Nothing reported here should be regarded as a criticism or an endorsement or recommendation of an organisations security effectiveness. I am simply passing comment on whether the home page (whatever that may be) is provided as https on not. Other security concerns are a separate matter.

If your organisation is listed here and is not marked as secure, your best course of action is to fix that, not to complain that someone is reporting a fact anyone with a web browser can discover. The security status of your home page is public information, albeit information that many people don’t understand.

Fully functional, free for 30 days