Online banking security
How safe is online banking?
By Chiara Cavaglieri
Article 1 of 4
How safe is online banking?
Everything you need to know about the most common scams and how to protect your online bank account.
More and more people are choosing the convenience of banking online. But is it safe? What can you do to make sure your bank account isn't emptied by fraudsters?
Visit our tips for avoiding phishing and identity theft to reduce your chances of experiencing fraud.
Fraud is a constantly evolving problem but, broadly speaking, these are the main ways scammers can actually get their hands on your money:
1. Remote purchase or ‘card not present’ fraud
By far the most common type of fraud, with losses of £224.1 million between January and June 2016, remote purchase is when card details are stolen (for example, through a computer virus or an unsolicited email/phone call – see 6. Phishing and vishing) and used to buy things online, by phone or mail order.
2. Counterfeit (cloned/skimmed) fraud
When a fake card is set up using stolen details from the magnetic stripe on a card. Crooks can use the cloned card in countries where chip and Pin isn’t available, such as the US.
3. Fraud on lost or stolen cards
These can be used online, over the phone or in shops that don’t have chip and Pin. Criminals also ‘shoulder surf’ to watch people enter their Pin and then use it more widely. Read about your rights if your card has been lost or stolen.
4. Card identity theft
This takes two forms: account takeover (where a fraudster infiltrates an existing account to order a new card and Pin) and application fraud (setting up a new account using stolen details).
5. Card non-receipt
When fraudsters steal post to intercept a new/replacement card, then use it to commit card fraud and ID theft. Anyone with a communal letterbox is at greater risk of this type of fraud.
Phishing emails are sent by criminals posing as genuine companies such as a bank or HMRC. Clicking on a link takes you to a fake website where fraudsters steal financial or personal details. You type in your security details, thinking they’re secure, and unwittingly pass them on to thieves.
Or, the link might install malicious software (malware) on your computer as another means to capture details. Thieves can steal your password by tricking you into installing a program on your computer that records what you type, so when you next log on to your online account, the program secretly records your password details. It then sends them to a thief over the internet.
Telephone fraud, or vishing, is particularly sneaky. Fraudsters call up pretending to be the police or your bank’s fraud department and warn you that your account has been compromised to trick you into moving your money somewhere ‘safe’. Some tell you to call the genuine number for your bank to ‘verify’ the call, then play a dialling tone while they stay on the line, before posing as your bank and conning you into giving them sensitive information.
Remember, your bank would never ask for your full PIN or passwords on the phone or via email, and they would never ask you to authorise a transfer of money to a new account.
Stay one step ahead of the fraudsters by learning these seven ways to spot a scam.
Protecting your online bank account
The two key ways thieves can access online bank accounts are through phishing and password theft, but it’s easy to protect yourself from these and other scams.
Common sense is the best protection against phishing scams. Don’t click on any links in emails that say they’re from your bank. Instead, type your bank’s full website address into your browser. If you want to double-check if a message is genuine, ring your bank.
Good security software (see our security software reviews) will protect your computer against malicious software – as will not opening any email attachments you're not expecting and avoiding downloading files from websites you don’t trust.
Know your rights: Think you may have given a fraudster your bank details? Find out what to do.
If you're a victim of online bank fraud
You should regularly check your account online to pick up on any irregularities and contact your bank as soon as possible if you think you've been a victim of fraud. Your bank is responsible for passing details of the fraud to the police.
Your bank must refund unauthorised transactions and restore your account to the state it would have been in had the transaction not be made, unless it can prove that you've acted fraudulently or been grossly negligent. Importantly, you don't have to prove that you didn't authorise the transaction.
Sadly, you're far less likely to get a refund if you've been tricked into transferring money. For example, if a fraudster called up, posing as your bank's fraud department, and convinced you to move your money into a new account (because yours had been compromised) your bank may not be liable to cover losses – because you authorised the payment.
Which? has called on the regulator to ensure banks better protect customers from these bank transfer scams. However, it’s not yet convinced that banks should be made liable for victims' losses. We need more people to share their experiences of bank transfer scams and help put pressure on the regulator to deliver this change.
See how Which? members rated the way their banks and credit card providers handle fraud claims.
- Last updated: January 2017
- Updated by: Chiara Cavaglieri