Banking and payments

Banking wherever you are

Online banking has become highly popular in the UK and across the world because it saves time and effort calling in at your bank branch or using an ATM, it is accessible 24/7 from any internet-connected device and it provides a real-time view of your balances and payments.

Like many things you do online, however, you need to exercise care with internet banking as it is a favourite target for criminals to commit fraud and steal your money and even your identity. This is often done by infecting your computer or mobile device (smartphone or tablet) with malware which either snoops on your confidential transactions, or takes over your browser, fooling you into entering details such as your entire password or memorable information. This infection typically happens when you click on a link to a fake website, or open an attachment in an email sent by fraudsters.

Another method is where someone will send you an e-mail or call you (known as ‘phishing’ and ‘vishing’) posing as your bank or another trusted body like the police, and convincing you to reveal confidential details. See the Online safety, security and fraud module for more information on malware, phishing and vishing.

How do I protect myself?

There are a number of ways in which you can protect yourself from threats. In terms of security you should use strong passwords and PINs combined with a secure internet connection and up-to-date internet security software. Take advantage of free additional security software that many banks offer their online banking customers.

You should use a different password for each online banking account you have and these should be different to your passwords for any other kind of account, such as emails, shopping or social media. Otherwise, if one gets compromised, criminals have all the details they need to access the others.  Do not reveal your passwords or PINs to anybody, or make it easy for anyone to find them, and never disclose your confidential information in response to any email, phone call or other type of message.

It’s important to also remember that banks will never call you and ask you to transfer money to a new account, so ignore such calls.

When you connect to your banking and payment sites you should type the web address into your browser or use a bookmark that you have already created. Never access your online banking login page via a link in an email or text message and don’t use a search engine, as fraudsters can manipulate the results to take you to a fake login page. Always check if the site is secure by checking for ‘https’ at the beginning of the address and the padlock symbol in the browser frame (the ‘s’ stands for ‘secure’).

You should avoid using online banking when using any Wi-Fi connection you are not certain is secure, such as free public Wi-Fi, unless using secure in branch Wi-Fi. Use 3G or 4G instead, or a secure internet dongle. Remember that you should always log completely out, irrespective of which connection you are using. Regularly check your statements for unexpected transactions (you can do this quickly and easily online) and report fraudulent activity on your account to your bank straight away.

Watch the video below for more on the impacts of banking fraud:

Phone or Branch?

According to a report commissioned by the British Bankers Association, mobile banking, via smartphone and tablet apps, has overtaken branches and the internet as the most popular way to bank. The technology used by banks for their dedicated apps makes them inherently secure, but it is how you use the app that can leave you open to issues.

As we talked about in the online banking article, a criminal could email, text or call you posing as your bank or another trusted body like the police, and convince you to reveal confidential details, or may try to infect your mobile device with malware. They can then use your details to set up or access your mobile banking.

If your mobile device is lost or stolen, somebody else could gain access to your bank accounts and confidential details if your device is not secure. There is also the added danger that someone could be looking over your shoulder or using a bogus app to obtain bank account and confidential details. Using unsecure Wi-Fi adds to risk of your transactions being intercepted.

How do I protect myself?

As you would with computers and laptops, you should also protect your mobile devices with internet security software and install regular security and software updates. There are some good security software apps specially designed for smartphones and tablets and these may also be offered free by your bank.

Secure your device with a PIN or password which is difficult to guess in the event that the device is lost or stolen and don't give anyone your banking security details or store them on your mobile in a way that might be recognised by someone else. Enabling tracking and remote erasing will also help keep your mobile device secure. This is normally found in Settings on the device but you should refer to your phone manual or service provider.

Mobile phone providers are frequently changing mobile operating systems to close security issues so it is imperative that you keep your operating system up to date. You will normally receive a prompt to update this.

Only use official Mobile Banking apps and only download apps from an official app store, such as the Play Store of App Store. You should also run any updates to your mobile banking app when prompted to do so.

Be wary of opening attachments or links in emails or texts that you weren’t expecting or are unsure about and never give your PIN, password, PINsentry codes or full security details to anyone who calls you, and never reveal them in an email or text message.

Pay as you go

Making utility, phone company, credit card, insurance and other payments online or via your mobile device is thought by some to be fast and convenient. However, you do need to aware of the risks associated with making payments online, and take a few simple precautions.

The pages you use to make payments may not be all they appear to be. A fraudulent page could be used to trick you into revealing confidential details and you may be directed to a fake page via an email or text message. This is becoming increasingly widespread.

You could also become a victim of fraud if the payment page you are using is not secure or your transaction is intercepted via using unsecured Wi-Fi.

How do I protect myself?

Remember not to click on links sent from organisations requesting payment details and double check all details before confirming any online transaction. Consider paying by credit card as this offers greater protection against fraud than other methods and never transfer money directly into a bank account of an organisation or individual you don’t know.

Check that payment pages are secure by checking for ‘https’ at the beginning of the address and the padlock symbol in the browser frame. As with other online transactions make sure you are using a secure connection.

Only download authentic apps from official app stores. Check the app ratings and beware if an app is asking for access to too much information.

Take the time to double check payments against your to identify any potential fraud as early possible. Contact your bank straight away if there are any transactions you don’t recognise or the amount is incorrect.

Supporting good causes

Increasingly, charities are turning to the internet to seek and collect donations for their good work, but this is seen as a rich vein of income for fraudsters too. This seems particularly nasty as not only does the donor lose their money, but legitimate charities can no longer help those most in need.

When it comes to online charity fraud, the main things to be alert against are bogus websites – which can either take your payments or confidential details or infect your device with malware.

As with online banking websites, ensure that you visit charity websites by typing the website address into the browser yourself or via a bookmark which you have set up. Check for the https and padlock symbol before entering your details or making any payments and never make online payments when using any Wi-Fi connection you’re not certain is secure. Don’t make charitable donations via bank transfer and ignore requests to donate via a money transfer company such as Western Union or MoneyGram.

You can call the charity to confirm the authenticity if you are worried. You can also visit the online register of your national charity regulator, the Charity Commission for England and Wales, the Office of the Scottish Charity Regulator, or the Charity Commission for Northern Ireland, if you are still uncertain.

Report any actual or attempted charity fraud to your bank and to Action Fraud at www.actionfraud.police.uk