How you can protect yourself against fraud

We take your security as seriously as you do.

Please note that Tesco Bank will never ask for your full security PIN over the phone, and we will never email or text you links that direct you to your account login page. If you have any concerns, please contact us.

Phishing online

Phishing online

Phishing emails and texts contain a link that directs the user's web browser to a site that, to all intents and purposes, appears authentic. Phishing emails and texts can also contain links or attachments that will download malware on to your device, compromising its security

If you receive a suspicious email or SMS, follow these precautions:

  • Be wary of messages offering you free vouchers or alerting you to a notification or problem with your account or security.
  • Don’t click any links in these fraudulent messages, especially if it is a link that asks you to log in to your account, as these links usually lead to a compromised site.
  • Log in to your Tesco Bank account by opening your browser and manually typing in tescobank.com, or follow a saved bookmark.

We also have a helpful guide to help you tell if a Tesco Bank email you’ve received is genuine or not which you can find below.

Vishing (phishing on the phone)

Vishing (phishing on the phone)

Phishing can occur on the phone as well. Fraudsters may call pretending to be your bank or your internet/phone provider or even the police. Be vigilant when someone you don’t know calls you. Fraudsters will aim to trick you into giving them your details or transferring money into a bank account they have control over.

If someone suspicious calls you:

  • Ask the caller for their name and where they are calling from, hang up, then call back on a number that you know and trust, or can verify from your card or statement.
  • Always call back from another phone to the one you received the call on and if you can't access another phone, wait five minutes, or call a friend before making another call.
  • Fraudsters can spoof the number they are calling and texting from - so do not trust the incoming number if you ever asked to, instead hang up and call a number you know to be authentic.
  • Never give out your any of your banking or personal details to anyone who calls you unexpectedly.
  • Never allow anyone who calls you unexpectedly to remotely access any of your devices. This is a trick fraudsters use to transfer money from your online account by suggesting their is a problem with your router or computer.

Keeping accounts secure

Keep your accounts secure

Keep all Tesco Bank security details secret (these details include your username, security number, password and passcode). These details keep both your Online Banking account and your Mobile Banking app secure.

  • Keep valuable documents such as passports and drivers licences in a safe and secure place.
  • Research any websites you’ve never bought from before. Look on the Internet for any evidence of problems with other customers.
  • Destroy all unwanted paperwork by shredding any documentation that includes personal information such as name, address, date of birth, passwords, PINs and financial information.
  • Check your statements. If you do not recognise certain transactions, then ensure that you report it to us immediately.
  • Keep an eye on your credit rating, as this will allow you to spot any instances of where your identity is being used by a fraudster to apply for financial products. Credit agencies Experian, Equifax and Callcredit all offer credit reports, some costing as little as £2.

Staying secure online

Staying secure when you're online

  • Protect your computer and mobile devices with up-to-date security software and install regular security and software updates.
  • Keep your operating system up-to-date and always use an up-to-date Internet browser - find out more about the browsers we support when using Online Banking.
  • Check a website is secure before you enter any account or card details. Look for the 'https' at the start of the web address and the padlock or unbroken key icon next to the address bar.
  • Do not enter your security information on a website you have accessed via a link in an email or text message.
  • Avoid using non-secure or unencrypted Wi-Fi, as fraudsters can set up malicious Wi-Fi networks that could intercept your data.
  • Use public Wi-Fi hotspots only if you know they are trustworthy.
  • Avoid downloading attachments or clicking links from unsolicited emails - please forward any suspicious emails from Tesco Bank to phishing@tescobank.com.
  • Only download apps, files and programmes from sources you trust.
  • Make sure your device is locked when you're not using it, and don't share your password with anyone.

Staying secure when using Online Banking or Mobile Banking App

Staying secure when using Online Banking or the Mobile Banking App

  • Log in to your Tesco Bank account by opening your browser and manually typing in tescobank.com, or follow a saved bookmark.
  • Do not let anyone else use your device if you are logged in to Online Banking or your Mobile Banking App.
  • Do not leave your device unattended after you've logged in to Online Banking or your Mobile Banking App.
  • Do not set up a public computer as a computer you want us to recognise, e.g. in an internet cafe.
  • Do not register the Mobile Banking App on someone else's phone.
  • Log out of Online Banking or the Mobile Banking App when you've finished - do not rely on the website or app to log you out automatically.
  • Only download the Tesco Mobile Banking App from Google Play or the App Store, other sources could be phishing or malware.

Contact us straight away if you think your details have been compromised.

Using Authorised Third Party Provider Services

Using Authorised Third Party Provider (TPP) Services

From January 2018, if you are a credit card, current account, internet saver account or IASA customer, you may choose to use authorised third party providers (TPPs) who, with your consent, can provide account management or payment initiator services. To use these services, you will need to allow the TPP access to your online banking by sharing your security credentials.

To keep your accounts secure when using a TPP:

  • Only use TPPs who are authorised to provide these services (further details of authorised TPPs can be found on the FCA register)
  • Remember that once you have shared your details with an authorised TPP, they will be able to see all of your accounts that appear on online banking.
  • If we receive an instruction for a TPP we will treat this as them having consent to act on your behalf, so you must inform us if you think that your details have been compromised in any way.
  • Be aware that once a TPP has access to your account information, Tesco Bank will have no control over how this data is used.

To stop using a TPP services and to prevent them from continuing to access your account(s) you must first contact the TPP to withdraw your consent to use their services, and then should update your security details with us to prevent further access to your accounts.

Authorised TPPs can only have access to your account if you choose to share your online banking details with them, if not your account will remain unchanged.

Please refer to your product terms and conditions for more information.

These are some of the important questions other customers often ask us:

What if I think someone knows my Tesco Bank Online Banking or Mobile Banking App security details?

You must contact us immediately and change your Tesco Bank security details straight away.

What if I forget or lock my Tesco Bank security details?

If you've forgotten your existing details or you are locked out of Online Banking or the Mobile Banking App, you can reset them online. We may need to send you a Temporary Security Number by text message or post to make sure it's really you.

What should I do if my phone is stolen?

Call our Online Helpdesk immediately so that we can block the Tesco Bank Mobile App being accessed on your stolen phone. If you suspect that someone else knows any of your log-in details then ask us to reset them when you call.

What if I want to change my Tesco Bank security details?

If you want to change your security details, you can do so by logging in to Online Banking and choosing Manage Security Details on the Online Banking Overview or by contacting us.

What if I'm asked for my Tesco Bank Online Banking security details?

Once you've registered, we'll never ask for all of your security details when we contact you.

If you ever receive a request for all of your details at any time (by email or otherwise), don't give them out and report it to us straight away by emailing phishing@tescobank.com. You'll never be asked for your security details or your PIN by online retailers, so you should never disclose them, even to the police or other security agency.

Further information

More information on how to protect yourself and how to protect your devices is available at Take Five, which is a joint initiative between Financial Fraud Action UK and the Government.

Visit Take Five