Online banking

How fraud occurs and what to look out for

It doesn’t take a fraudster much to access enough information to steal your identity, and there are many ways they can get hold of this sensitive information.

Fraud on your account will generally occur in two stages:

  • The theft or compromise of you personal and/or security details
  • Undertaking fraud using your identity on your account

Common methods of stealing or compromising your details

Phishing

A typical phishing scam involves a fraudster sending an email to a customer claiming to be from their bank. It may ask them to reset their security details by clicking on a link. The phishing site will ask for all of the customer's security credentials as well and maybe other details such as card number, expiry date and cv2 number. Please remember we will never ask for your bank or security details.

Malware, hidden within the links and in attachments in phishing emails, is becoming more and more common. It's therefore really important that you don't click on any links or open attachments  if you suspect it to be a phishing email.

Your help is vital in combating this process so if you think that you've received a phishing email please forward it to us.

Help and further information

Telephone phishing

There is also the possibility that fraudsters could try to phish information via the telephone or through SMS messaging. When receiving phone calls or SMS text messages claiming to be from your bank please be vigilant. If you feel uneasy about what you are being asked please hang up and call us using the numbers in the link below.

Malware

Malware is malicious software, such as Trojans and viruses, designed to infect your computer without your informed consent or knowledge. It can monitor your keystrokes (thereby recording everything you do), take control of your computer, or do any number of other things that can affect the performance of your computer.

Malware is generally distributed through email, social networking sites and video sites.

If malware has infected a friends computer it may try and distribute the malware amongst all of their contacts via emails or Social Networking sites so always be vigilant even when receiving requests and messages from friends and family. It will usually do this by asking you to click on a link.

Although anti-virus software is effective in detecting and removing the majority of malware it is not 100% effective. Vigilance is the best defence.

Help and further information

  • Find out more about how you can protect your devices
  • Find out more about malware at Get Safe Online
  • We only distribute our Mobile Banking App from Google Play or the App Store. Don't try to download the Tesco Mobile Banking App from any other source as it could be phishing or malware

Non-secure security details

Never give personal or account details to anyone who contacts you unexpectedly. Be suspicious even if they claim to be from your bank or the police. If they claim to be the bank and you are unsure then ask what department they are and then call the number on your statement or card.

When you log in to Online Banking or the Mobile Banking App, we'll never ask you to enter all six digits of your security number.

Never use your banking security details for any other website or mobile app.

Keep your security details safe and never record or store them in a manner which leaves them open to theft, such as in your purse or wallet.

You could be liable for any losses on your account if you are found to have acted with gross negligence and not kept your security details secure.

Social network sites

The rise in popularity of social networking sites has also given fraudsters a great way to steal personal details from people who have minimal security settings or publish personal details on their home page of message boards. Be cautious about what information you make publicly available on your online profiles.

Fraudsters use stolen profiles to post messages to friends of the victim with links to malicious software. Always be careful when clicking on links even if you do know the person who posted it.

Help and further information

Shoulder surfing - mobile banking app, ATMs and PIN terminals

Shoulder surfing is an old style of fraud that typically happens at ATMs, Point of Sale (POS) terminals, or with mobile phones. The fraudster will get close enough to observe the PIN being typed in and then attempt to pick pocket the victim's card or phone.

Help and further information

Always make sure no one else can see you enter your PIN or passcode when typing it in. Keep your PINs and Passcode safe and never record or store them in a manner which leaves them open to theft, such as in your purse or wallet.

Theft of mail & garbage

One of the easiest ways to steal someone's personal or financial information is through having access to their mail or garbage. This can lead to identity theft such as account takeover or application fraud.

Theft of mail can occur either within the postal system or from your letter box. Communal letter boxes at the main doors of flats are common targets for fraudsters. They are often relatively easy to gain access to because the locks are not always secure.

Fraudsters can also request Royal Mail redirections in your name to divert mail to a new address.

Finally, a fraudster may also have access to your mail at a previous address.

Help and further information

Ensure that you shred any documentation that includes personal information such as name, address, date of birth, passwords, PINs and financial information.

If you suspect that you are not receiving mail contact the Royal Mail Customers Service Enquiry Line on 0345 774 0740 to check if a redirection has been placed in your name.

Always make sure you inform your bank whenever you move house and apply for a mail redirection with Royal Mail to give you time to update your address details elsewhere.

If you think that any of your financial mail has been lost or stolen, you should contact us or the bank that it relates to.

Remember

We'll never phone and ask for all your personal information. If you do receive a call from someone claiming to be from Tesco Bank and you're not sure it's us, hang up and call us back.

  • The theft or compromise of you personal and/or security details
  • Undertaking fraud using your identity on your account

Fraudulently using your account

This form of identity theft involves fraudsters stealing enough information in order to successfully bypass security systems. This requires the fraudster to have access to your security and financial details. They will then either attempt to transfer money out of the account or order a new card.

Card fraud

Account takeover

This form of identity theft involves fraudsters stealing enough information in order to successfully bypass security systems. This requires the fraudster to have access to your security and financial details. They will then either attempt to transfer money out of the account or order a new card.

Application fraud

This is a form of identity theft where the fraudster applies for an account in your name. They will either use fake ID documents or have access to your mail in order to apply using your genuine address and intercept the mail.

Card Not Present (CNP) fraud

CNP fraud is the most common type of fraud in the UK. Fraudsters use stolen credit or debit card details to carry out transactions either online, by phone or fax, or through mail order.

Counterfeit card or skimming

This type of fraud typically happens by copying the cards magnetic strip on to another card. Historically, restaurants, supermarkets, petrol stations and ATMs were commonly used to carry out this method. However, the introduction of Chip and PIN has made this type of fraud much less common in recent years.

Lost or stolen cards

Since the introduction of Chip and PIN it has made it more difficult to commit fraud on a lost or stolen card without also having the PIN. Being vigilant when typing your PIN and ensuring that it's not recorded in an obvious manner will minimise the risk of a fraudster carrying out fraud on your card.

Online banking fraud

This fraud type involves the fraudster taking over your Online Banking or Mobile Banking account in order to transfer money out of it. The most common way for a fraudster to steal your Online Banking details is through phishing emails.

An increasingly common method for stealing your Online Banking details is through infecting your computer with malware. Once infected it can allow fraudsters to either take over your machine or record your key strokes.

Help and further information:

Telephony fraud

This fraud type involves the fraudster using the Telephone Banking facility to transfer money out of it.

The most common way for a fraudster to steal your Telephone Banking details is by telephoning you claiming to be from your bank and asking you the security and login details which they need.