FAQs

• We find a balance between making sure we’re talking to a genuine customer while ensuring your personal details are safe.
• So, to verify you as a customer, we may ask for your sort code, account number or card number. We may also ask you for certain digits of your Telephone Banking Password, sometimes known as a Personal Security Number (PSN).
• But, we would never ask you to reveal your full password (just certain digits of your PSN). We will also never ask you to reveal  your PIN, or to move your money to another account. If in doubt, hang up and call us back using a number found on the back of your card or at https://www.tsb.co.uk/contact-us/.

• We address you by name, not “dear sir/madam”.
• We may include the last four digits of your card number or the last three digits of your post code.
• The “from” address should be from an email address ending “tsb.co.uk”.
• We would never ask you to move your money to another account. Or ask you to re-authenticate yourself.
• Hover over any links in the email to reveal its true address. If it looks suspicious, don’t click on it.
• If in doubt, don’t click on any links and forward the email onto emailscams@tsb.co.uk.

• Scammers/fraudsters can now hijack the trail of real text messages. We would never put a phone number on a one-time password (and we’ll never ever ask you to disclose your one-time password to us).
• Always use the number on the back of your card or on https://www.tsb.co.uk/contact-us/. Don’t click on any link or call on any number found in a text message.

• If you’ve reported fraud to the police, then they may call you as part of their investigation.
• But - if someone calls you saying they are the police, remember that they would never ask you to reveal any  personal bank security details such as your PIN, passwords or username.
• They will also never ask you to move money to a ‘safe’ account or come to pick up your cards or cash.

• We have some very complex systems looking into how fraud has occurred, but we also look at things like IP addresses, devices, location and how the transactions were processed.

• We’ll do all we can to make your account safe, and help you understand what happened.
• We’ll investigate your case thoroughly and keep you updated.
• Where we are able to refund your money, we’ll do this as quick as possible and with the minimum of fuss.

• Contact TSB.
• Contact Action Fraud.
• People in Scotland can also contact Police Scotland.

• An example of phishing is when a fraudster sends an email to you purporting to be from a reputable company in order to persuade you to reveal personal information, such as passwords and credit card numbers
• Phishing can also happen via phone call (vishing), text message (smishing) and letter. Essentially these are all the same types of fraud but using different mediums.
• If you suspect an email, call, text or letter is a phishing attempt, send it on to the company and they can investigate. If it’s TSB they’re purporting to be, please send it to emailscams@tsb.co.uk.

• Identity theft is when a criminal uses your identity to obtain products and services such as bank loans, credit cards and store cards for their personal gain.
• They may be successful in committing identity theft because they have found out your personal details, such as your address, date of birth, and bank account details.
• Methods include theft (such as rummaging through your rubbish for bank statements), reviewing social media profiles (if you share too much personal information) or social engineering (where they have tricked you into revealing these details).

• Social engineering fraud is when a criminal tricks, deceives or manipulates a person into giving out confidential information or handing over money to them.
• Criminals win the trust of victims by pretending to be people of authority, such as a bank, utility company or even the police.
• Examples of where criminals can attempt social engineering fraud include email, text message and telephone calls.

• SIM swap fraud is when a criminal successfully ports your phone number onto a new SIM card that they possess, in order to intercept your text messages and phone calls.
• By doing so, they can receive one-time passwords (a.k.a. two-factor authentication or two-step verification), typically used by banks and other services that require extra security. From there, they may be able to log onto your bank account and steal funds from you.
• To keep your phone number safe, always protect your personal information and passwords. By doing so, this makes it much harder for criminals to port your telephone number with the mobile providers.
• If your mobile phone unexpectedly loses reception, contact your provider on a separate phone immediately to check all is in order.

• A romance scam is when a criminal creates a fake identity to start a relationship with a victim with the intent to steal either their money or personal information. These scammers lower victims' defences by building an online relationship, then asking for money for a variety of reasons, such as illness.

• We’re dealing with your money and so, sometimes we want to be absolutely sure we’re dealing with you. So we use Enhanced Internet Authentication (EIA).
• Setting up a new recipient or standing order are examples of when we’ll send you a One Time Password (OTP); this is to make sure the instruction is genuinely coming from you. All you need is a phone near you. You'll be able to choose which number we call you on, provided it's a number we already hold for you. For UK mobile numbers, we’ll now send you a text with your OTP. For landlines and other numbers, we’ll now give you a call and read out your OTP. You'll need to enter the six-digit number directly on Internet Banking or the app. The whole process takes less than a minute.
• Never share your OTP with anyone. If we need to contact you, we would never ask you for your OTP.
• Please make sure your contact details are up-to-date: log on to Internet Banking, then select Personal Details from the top right-hand menu.

We use Verified by Visa and MasterCard ID Check (previously known as MasterCard SecureCode) to keep you safe when you shop online.

This means that you’ll occasionally need to enter a one-time password when you use your card online. You’ll receive the one-time password in a text message sent to your registered number.

Since February 2020, you may have noticed new screens for Verified by Visa and MasterCard ID Check. These are being gradually rolled out to work better on mobile screens.

From August 2021, we will no longer facilitate transactions to cryptocurrency exchanges. The Financial Conduct Authority (FCA) has warned about the extremely high risk involved in investing in cryptocurrency and we are seeing an increasing level of fraud and financial crime through cryptocurrency merchants. Therefore, we have taken the decision to not support cryptocurrency transactions. We’ll send you a text letting you know your transaction has been declined.