Keeping your accounts safe online

Learn how we protect your accounts, and our tips on staying safe online.

How we protect you from scams and fraud

Our fraud prevention and detection measures work behind the scenes to keep your accounts secure.

  • We perform a range of fraud-prevention checks to make sure all new account applications are genuine. We do this to make sure that those who apply for a Tesco Bank account are who they say they are.
  • If we suspect unusual activity on your account, we’ll suspend the suspicious transaction and alert you that we believe you’re at risk of fraud. We’ll never send an alert that requests your security details.
  • We have a range of anti-fraud systems and tools to help prevent and detect fraud that stems from phishing email scams. We work to close down phishing websites as soon as we detect or are notified of them.
  • We use the latest technology to manage the security of our Online Banking and Mobile Banking App.
  • We use enhanced security when you register and log into Online Banking or our Mobile Banking App.

Protecting your money from all forms of fraud is really important to us.

Our priority is to prevent fraud from happening in the first place, but if it does occur, we’ll support you trying to recover your money with our claims process.

    How we’ll contact you when we need to

    If we suspect you may be a victim of fraud, we’ll be in touch right away.

    • We send alerts by either text or email.
    • We’ll send alerts if we think your account is at risk of fraud, or if certain things happen – like a change of address.

    At other times, we might contact you about your account(s) for other reasons.

    • We may send you reminders, for example when your statement is available to view online.
    • We’ll never send an alert that requests your security details.
    • We may sometimes send you a text when you pay online with your debit or credit card. This is will contain a one-time passcode so we can tell it’s you making the payment.

    If you’re ever unsure about alerts you receive about your accounts, contact us straight away.

    To protect your account(s) it’s important you always keep your contact details up to date. You can do this using Online Banking.

      Strong Customer Authentication

      We use Strong Customer Authentication (SCA) to increase your protection from fraudsters and scammers. It’s set of rules for confirming your identity that gives you greater protection when accessing your accounts online or via the Mobile App, paying for things online or using contactless payments.

      • If you have our Mobile Banking App we may send a push notification to your device asking you to authenticate the payment.
      • When you pay for something online, we may send a code to your mobile or landline to check its really you. Find out more about one-time passcodes.
      • If you make contactless payments, we may ask you to input your PIN from time to time. This doesn’t apply to travel, so this won’t apply to your regular contactless payments for the bus, train or tube.
      • We may ask you to confirm it’s really you in our Mobile App or Online Banking more often under SCA rules.

      SCA helps reduce fraud by giving you increased protection when paying for things online and with contactless card and phone payments. Some kinds of transactions are exempt from SCA protection, so you won’t always be asked to complete extra security steps.

      Remember, banks and other genuine organisations will never contact you out of the blue to ask you for payments or to give your full security details. Read more about when it pays to stop and think at Take Five to Stop Fraud.

        Using Third-Party Providers (TPPs)

        If you have a credit card, current account, internet saver or instant access savings account with us, you may choose to use authorised TPPs. With your permission, they can provide account management or payment services.

        If you wish to use these services, you’ll need to give permission for the TPP to access your account.

        There are two ways you can do this:

        1. With Open Banking, you can use your Online Banking login to give a TPP permission to access one or more of your accounts. You can control exactly what information they can see.

        2. By allowing the TPP to use your Online Banking security details on your behalf. Remember if you share your security details with an authorised TPP, they will be able to see all the accounts that appear in your Online Banking.

        To keep your account(s) secure if you choose to use TPPs:

        • Check the TPP is authorised to provide the service they offer. This is easy to do with the FCA register website
        • Make sure you understand how they’re using your data.
        • When we receive an instruction from a TPP, we’ll assume that this has been made with your permission. So you must contact us immediately if your security info has been compromised or you have any concerns.

        If you share your Online Banking details, remember:

        • TPPs will have the same access to your Online Banking that you have. This could include accounts that you may not want them to see.
        • Tesco Bank will have no control over how your data is used. This is why you must make sure you only ever deal with TPPs authorised to provide their services.
        • If you want to stop using a service, you’ll need to withdraw your permission from the TPP and update your security details with us. This will prevent the TPP accessing your account(s).

        You’re in control - if you don't want to use third-party providers, you don’t have to.

        If you don’t want TPPs to access your account, you don’t need to do anything.