We find a balance between making sure we’re talking to a genuine customer while ensuring your personal details are safe.
So, to verify you as a customer, we may ask for your sort code, account number or card number. We may also ask you for certain digits of your Telephone Banking Password, sometimes known as a Personal Security Number (PSN).
But, we would never ask you to reveal your full password (just certain digits of your PSN). We will also never ask you to reveal your PIN, or to move your money to another account. If in doubt, hang up and call us back using a number found on the back of your card or at https://www.tsb.co.uk/contact-us/.
An example of phishing is when a fraudster sends an email to you purporting to be from a reputable company in order to persuade you to reveal personal information, such as passwords and credit card numbers
Phishing can also happen via phone call (vishing), text message (smishing) and letter. Essentially these are all the same types of fraud but using different mediums.
If you suspect an email, call, text or letter is a phishing attempt, send it on to the company and they can investigate. If it’s TSB they’re purporting to be, please send it to email@example.com.
Identity theft is when a criminal uses your identity to obtain products and services such as bank loans, credit cards and store cards for their personal gain.
They may be successful in committing identity theft because they have found out your personal details, such as your address, date of birth, and bank account details.
Methods include theft (such as rummaging through your rubbish for bank statements), reviewing social media profiles (if you share too much personal information) or social engineering (where they have tricked you into revealing these details).
SIM swap fraud is when a criminal successfully ports your phone number onto a new SIM card that they possess, in order to intercept your text messages and phone calls.
By doing so, they can receive one-time passwords (a.k.a. two-factor authentication or two-step verification), typically used by banks and other services that require extra security. From there, they may be able to log onto your bank account and steal funds from you.
To keep your phone number safe, always protect your personal information and passwords. By doing so, this makes it much harder for criminals to port your telephone number with the mobile providers.
If your mobile phone unexpectedly loses reception, contact your provider on a separate phone immediately to check all is in order.
A romance scam is when a criminal creates a fake identity to start a relationship with a victim with the intent to steal either their money or personal information. These scammers lower victims' defences by building an online relationship, then asking for money for a variety of reasons, such as illness.
Further information on how to avoid romance scams can be found here.
We’re dealing with your money and so, sometimes we want to be absolutely sure we’re dealing with you. So we use Enhanced Internet Authentication (EIA).
Setting up a new recipient or standing order are examples of when we’ll send you a One Time Password (OTP); this is to make sure the instruction is genuinely coming from you. All you need is a phone near you. You'll be able to choose which number we call you on, provided it's a number we already hold for you. For UK mobile numbers, we’ll now send you a text with your OTP. For landlines and other numbers, we’ll now give you a call and read out your OTP. You'll need to enter the six-digit number directly on Internet Banking or the app. The whole process takes less than a minute.
Never share your OTP with anyone. If we need to contact you, we would never ask you for your OTP.
Please make sure your contact details are up-to-date: log on to Internet Banking, then select Personal Details from the top right-hand menu.
Strong Customer Authentication is a new legal requirement for UK banks that will create additional ways for you to verify your identity, and will make online banking and payments more secure.
How will this affect me?
We have already introduced extra security on your account. This means we may need to send more One-Time Passwords to your mobile or UK landline phone when you access internet banking or before you use certain services in internet banking. All you’ll need to do is enter these passwords when you’re asked to.
Because your passwords will be unique and sent only to your phone, when you use a password, we’ll know it’s really you. This will help us make sure that only you have access to your account.
We’ll soon be introducing this extra security when you use your debit or credit card online too. If you’re registered for our Mobile Banking App you’ll be asked to approve your card payment in the App. If you don’t have the App (or for example if you lose internet connection) we’ll send a one time password to your mobile phone or UK landline.
Do I need to do anything?
It’s important that you give us the right phone number to ensure we can send these passwords to you. This will allow you to continue using your Debit or Credit card online, as well as our internet banking services.
From August 2021, we will no longer facilitate transactions to cryptocurrency exchanges. The Financial Conduct Authority (FCA) has warned about the extremely high risk involved in investing in cryptocurrency and we are seeing an increasing level of fraud and financial crime through cryptocurrency merchants. Therefore, we have taken the decision to not support cryptocurrency transactions. We’ll send you a text letting you know your transaction has been declined.
Report suspected fraud
Find the fastest way to report your fraud on our
‘How to report fraud’ page