Over the past five years or so, I feel the consensus has changed to using apps. However, it depends on the devices, banking software and browsers, what else is loaded on the device (either knowingly or not), and the communications network.
Browsers are risky because there are trojans designed to collect banking information. Apps are risky because most banking apps probably have security flaws, and because fake/malware apps sometimes appear in app stores.
If you are a careful user with a secure PC, and if you only use it on your secure home network, you should not have any problems. However, if you want to perform banking transactions from wherever you happen to be, without taking too many precautions, then it should be safest to use an app over 3G/LTE (turn off wifi and Bluetooth).
Systems that use two-factor authentication, preferably with a separate device that generates new passwords on demand, are really the way to go.
What is an app?
When personal computers first went on general sale in the 1970s, the VisiCalc spreadsheet was hailed as a “killer app”, which was short for “application program”. However, the past decade has seen a huge growth in app stores for smartphones and tablets. These apps are different from traditional PC programs in that they are vetted by and downloaded from secure online stores. Further, these apps run in sandboxes to prevent them from doing bad things.
PCs, by contrast, can run unvetted software from any source, including malware-infected websites, unless your anti-virus software blocks them.
When Microsoft redesigned Windows 8 to run on tablets and smartphones, it introduced a similar subsystem for apps. This enabled Windows to run sandboxed apps installed by the Windows Store. These apps are much safer than the old programs, because there are limits to what they are allowed to do.
Today there are quite a few Windows banking apps – Alliance, Citibank, FNB, RMB, HDFC, BNP Paribas, UBI, Westpac etc – but none that I can see from UK banks. They are rather slow to catch on …
The Edge browser in Windows 10 is a new sandboxed app, so it’s much better for banking than Internet Explorer. Otherwise, Chrome is the most secure alternative, because it runs in Google’s own strong sandbox. Some security companies also provide add-ons, such as Kaspersky Safe Money and Bitdefender Safepay.
The browsers on smartphones and tablets are also sandboxed, but like their desktop counterparts, they may be at risk from phishing and “man-in-the-middle” attacks.