> What happened to Nationwide?
They may have a weak score but they do at least use 2FA [*] rather than "please enter the 2nd, 7th and 19th characters of your password".
[*] Although I'm now awaiting the revelation that the calculator-like gadget that reads your debit card and generates a one-time code, simply XORs your PIN with the card number so any MITM now knows your card PIN. :-(