The question is versatile and as such technical, nobody is able to tell which one is better than the other due to our unprofessionalism.
The only set of people that can give you an accurate answer to your question are the computer engineers that build the system and website.  Based on the protocols, manner and security measures applied when building the system, they will be able to tell which one is more susceptible owing to the method applied by the organisations. It will also interest you to know that banks use different engineering companies and each of them have their own way of setting up the server.