.jpg?la=en&h=650&w=1440&hash=BECACC0E4E1E8108F5B1FCEF0D2D565A)
News of cyber attacks is now a common feature of modern life. Even Marks & Spencer fell victim to a major attack this year. It caused massive disruption, leading to a data breach where criminals stole customer information like names, addresses, and dates of birth and stopping all online sales for weeks.
Things are now pretty much back to normal at M&S, and the good news is that no payment card details and passwords were taken.
But plenty of other companies have been targeted in recent months. Any kind of hack or data breach can put you at risk if your data is involved. And when it comes to banking online, security is especially important. So how do you stay safe when banking online?
What's on this page
Around 15% of over 65s still never use online banking, a figure that has not changed much since 2019, figures from polling company YouGov suggest. That’s in part because of concerns about security. But the good news is that you can help yourself to stay safe online with some simple rules.
Your password is your first line of defence. A good tip is to combine three random words with a mix of numbers and symbols to make it harder to guess. Avoid using personal details like family names or birthdays that a criminal might be able to guess.
There are password manager services that will securely store passwords for you, suggest strong passwords and in some cases even alert you to data leaks. There are plenty of paid options, while free options include Proton Pass and Google Password Manager.
It’s really important to use a different password for every account. If one site is hacked, it prevents criminals from accessing your other accounts.
This adds an extra lock to your account. As well as your password, you'll need a code (sometimes called a one-time password or OTP) that is sent to your phone or generated by an app to log in. Turn it on for your banking and email wherever it's offered.
A card reader or banking app is generally viewed as a more secure way to get a security code compared to a text message, which could potentially be intercepted. And remember that this only adds security if you don’t reveal the code to anyone. The number of one-time passcode frauds is on the rise.
After a data breach that might involve your data, like the one at M&S, there’s an increased risk that you’ll get a fake email or text message designed to look like it’s from the affected company. These messages are designed to trick you into revealing personal information.
Remember, your bank will never contact you to ask for your full password or PIN. If you get a suspicious message, don't click on any links. Contact the company directly using a phone number or website you know to be genuine.
Companies will often email customers to let them know if their data might have been compromised. It’s useful to be aware of this, so read messages like this. There might be helpful information in the email, or signposting to where you can get support.
Do watch out though, in case these messages are scams. Check the actual email address that the email has been sent from (not just the sender name that appears). Don’t enter any login details or bank details after clicking on an email like this.
Regularly check your bank and credit statements for any transactions you don't recognise. If you see something you don’t recognise, contact your bank or card provider straight away.
If criminals have stolen personal data, they could try to apply for credit in your name. It's a good idea to check your credit report occasionally to spot any unusual activity. You can do this for free with services like Credit Karma or ClearScore.
When shopping online, many websites offer to save your card details for a quicker checkout next time. While convenient, it means your information is stored in more places. To reduce risk, consider typing in your details each time rather than saving them on retail sites.
Always install updates for your phone, tablet, or computer when prompted, as these often contain vital security fixes.
Don’t do online banking using public wi-fi (for example in places like cafes or trains), as these networks are often not secure.
.jpg?sc=max&mw=800&h=450&la=en&h=731&w=1300&hash=6C192F6FFD63B98867693505DAF80E31)
Banks and building societies invest heavily in security. According to UK Finance, £1.45 billion of unauthorised fraud was prevented by the industry in 2024.
‘Unauthorised’ means a transaction carried out by someone without payment authorisation from the account holder, as opposed to when the account holder authorises it after falling for a scam.
This amount prevented was up 16 per cent from 2023 and equivalent to 67p in every £1 attempted. Fraud cases and losses through internet banking and mobile banking declined in 2024 compared to 2023.
Below are some of the ways that banks and building societies try to protect you online.
Banks use encryption to ensure that your personal information cannot be read. You can check this by looking for a padlock symbol or 'https' (not ‘http’:) at the start of the website address. The ‘s’ stands for secure. It means that the website is encrypted, but it doesn’t guarantee that it is trustworthy.
To log into your account, you may have to enter a one-time code generated by a card reader or an app on your phone or a text message, as well as your usual password.
After a few minutes of inactivity, you’ll usually be logged out of a session automatically, reducing the risk that anyone else can take over your account. But it’s still a good idea to make sure you logout when you finish a banking session.
If you’re transferring money, almost all banks will now check the name matches the account so you can be sure you know who you’re paying. If you get a message when you’re sending money that the name doesn’t match, be extra careful and check before you proceed.
Online and mobile banking are very similar. The main difference is how you access your account. Online banking lets you carry out transactions through your bank or building society’s website, using your PC, laptop or tablet.
Mobile banking is done using the bank’s own app which you download to your smartphone or tablet. You can often also use the bank’s website on your phone, but the app will be specially designed to be easy to use on your phone.
Banks all have their own ways to allow you to log you into your account securely, but for online banking you’ll typically need a username, your sort code and account number to start.
You’ll probably need to choose some “memorable information” too that you’ll be asked to supply each time you log in. If you’re using an app, there may be biometric validation to help with security. This means you can use your fingerprint or facial recognition to confirm your identity.
Outsmart difficult retailers when buying online by brushing up on the regulations.
As more branches close, find out whether it's worth considering an online bank
Find out how to protect yourself from scams that promise big returns but are really just targeting your money.
