Which? uses cookies to improve our sites and by continuing you agree to our cookies policy.

Online banking security

How safe is online banking?

By Chiara Cavaglieri

Article 1 of 4

Put us to the test

Our Test Labs compare features and prices on a range of products. Try Which? to unlock our reviews. You'll instantly be able to compare our test scores, so you can make sure you don't get stuck with a Don't Buy.

How safe is online banking?

Everything you need to know about the most common scams and how to protect your online bank account.

Protecting your online bank account

More and more people are choosing the convenience of online banking. Thieves target accounts through phishing emails and password theft, but you can protect yourself from these and other scams. 

Up-to-date security software – see our security software reviews – will protect your computer against malicious software (malware), as will not opening any email attachments you're not expecting and avoiding downloading files from websites you don’t trust.

Common sense is usually the best protection . Don’t click on any links in emails that say they’re from your bank. Instead, type your bank’s full website address into your browser. If you want to double-check if a message is genuine, call your bank. 

Know your rights: Find out what to do if you have given a fraudster your bank details

Watch out for scam emails

Phishing emails are sent by criminals posing as genuine companies such as a bank or HMRC. Clicking on a link takes you to a fake website where fraudsters steal financial or personal details. 

Or, the link might install malware on your computer as another means to capture details. Thieves can steal your password by tricking you into installing a program on your computer that secretly records your password when you type. 

Telephone fraud, or vishing, is particularly sneaky. Fraudsters call up pretending to be the police or your bank’s fraud department and warn you that your account has been compromised to trick you into revealing your full password, or persuade you to move your money somewhere ‘safe’. 

Some tell you to call the genuine number for your bank to ‘verify’ the call, then play a dialling tone while they stay on the line, before posing as your bank and conning you into giving them sensitive information.

Remember, your bank would never ask for your full Pin or passwords on the phone or via email, and they would never ask you to authorise a transfer of money to a new account. 

Stay one step ahead: Learn these seven ways to spot a scam.

If you're a victim of bank fraud

Check your account online regularly to spot any irregularities and contact your bank as soon as possible if you think you've been a victim of fraud. 

Your bank must refund unauthorised transactions and restore your account to the state it would have been in had the transaction not be made, unless it can prove that you've acted fraudulently or been grossly negligent.

They can't refuse to refund you based on a hunch – they must investigate properly – but banks don't always get this right. Which? Money has obtained exclusive data from the Financial Ombudsman Service (FOS) revealing the card providers handling fraud claims poorly

Bank-transfer scams

Sadly, you're far less likely to get a refund if you've been tricked into transferring money. For example, if a fraudster called up, posing as your bank's fraud department, and convinced you to move your money into a new account (because yours had been compromised) your bank may not be liable to cover losses – because you authorised the payment. 

They should try to recover the funds once notified of a scam – and you could have grounds to complain if they failed to do so – but it isn’t legally obliged to refund payments that you technically authorise. 

Victims of bank transfer scams can lose eye-watering sums so Which? wants banks to introduce better safeguards to protect their customers. The regulator isn't yet convinced that banks should be made liable for victims' losses. We need more people to share their experiences of bank transfer scams and help put pressure on the regulator to deliver this change. 

  • Last updated: May 2017
  • Updated by: Chiara Cavaglieri
SHARE THIS PAGE

Which? Limited (registered in England and Wales number 00677665) is an Introducer Appointed Representative of Which? Financial Services Limited (registered in England and Wales number 07239342). Which? Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FRN 527029). Which? Mortgage Advisers and Which? Money Compare are trading names of Which? Financial Services Limited. Registered office: 2 Marylebone Road, London NW1 4DF.