How you can protect yourself against fraud

How to spot a scam

Be cautious with every email, text message or phone call you receive. Fraudsters will use these channels and pretend to be legitimate people or businesses. Their aim is to trick you into making unnecessary payments or buying goods you will never receive.

Following these tips will help you identify contact from fraudsters who are trying to scam you:

  • Does the deal seem too good to be true or are you being pressured to respond urgently? Fraudsters will use these tactics to make your decision easy or hurried, so if you spot these signs think twice.
  • Always check the sender of an email - fraudsters will use a range of different email addresses that appear legitimate at first glance, e.g. from HMRC or TV Licensing. However, when clicking on the sender information you’ll see a different address which is unrelated to the company or organisation they are impersonating.
  • When you have doubts about an unexpected communication you’ve received, end the phone call or don’t reply to an email or text message. Instead get in touch with the company or organisation by a trusted method, e.g. use their website to find legitimate contact details.

Above all, don’t send money to anyone you don’t know or trust - no matter how urgent or persistent someone may seem.

Protecting yourself against APP fraud

Protecting yourself against APP fraud

Protecting your money from all forms of fraud is really important to us.

Our priority is to prevent fraud from happening in the first place, but when it does occur we’ll support you trying to recover your money with our claims process.

What is APP fraud?

Authorised Push Payment fraud (APP fraud) happens when someone tricks you into sending money to them under false pretences. Fraudsters may contact you by phone, email or social media, pretending to be someone else. These scams can be complex and very convincing. APP fraud payments are requested by bank transfer or other types of online payment, so they can’t be reversed once you realise you’ve been a victim.

Phishing online

Phishing online

Phishing emails and texts contain a link that directs the user's web browser to a site that, to all intents and purposes, appears authentic. Phishing emails and texts can also contain links or attachments that will download malware on to your device, compromising its security

If you receive a suspicious email or SMS, follow these precautions:

  • Be wary of messages offering you free vouchers or alerting you to a notification or problem with your account or security.
  • Don’t click any links in these fraudulent messages, especially if it is a link that asks you to log in to your account, as these links usually lead to a compromised site.
  • Log in to your Tesco Bank account by opening your browser and manually typing in, or follow a saved bookmark.

We also have a helpful guide to help you tell if a Tesco Bank email you’ve received is genuine or not which you can find below.

Vishing (phishing on the phone)

Vishing (phishing on the phone)

Phishing can occur on the phone as well. Fraudsters may call pretending to be your bank or your internet/phone provider or even the police. Be vigilant when someone you don’t know calls you. Fraudsters will aim to trick you into giving them your details or transferring money into a bank account they have control over.

If someone suspicious calls you:

  • Ask the caller for their name and where they are calling from, hang up, then call back on a number that you know and trust, or can verify from your card or statement.
  • Always call back from another phone to the one you received the call on and if you can't access another phone, wait five minutes, or call a friend before making another call.
  • Fraudsters can spoof the number they are calling and texting from - so do not trust the incoming number if you ever asked to, instead hang up and call a number you know to be authentic.
  • Never give out your any of your banking or personal details to anyone who calls you unexpectedly.
  • Never allow anyone who calls you unexpectedly to remotely access any of your devices. This is a trick fraudsters use to transfer money from your online account by suggesting their is a problem with your router or computer.

Keeping accounts secure

Keep your accounts secure

Keep all Tesco Bank security details secret (these details include your username, security number, password and passcode). These details keep both your Online Banking account and your Mobile Banking app secure.

  • Keep valuable documents such as passports and drivers licences in a safe and secure place.
  • Research any websites you’ve never bought from before. Look on the Internet for any evidence of problems with other customers.
  • Destroy all unwanted paperwork by shredding any documentation that includes personal information such as name, address, date of birth, passwords, PINs and financial information.
  • Check your statements. If you do not recognise certain transactions, then ensure that you report it to us immediately.
  • Keep an eye on your credit rating, as this will allow you to spot any instances of where your identity is being used by a fraudster to apply for financial products. Credit agencies Experian, Equifax and TransUnion all offer credit reports, some costing as little as £2.

Staying secure online

Staying secure when you're online

  • Protect your computer and mobile devices with up-to-date security software and install regular security and software updates.
  • Keep your operating system up-to-date and always use an up-to-date Internet browser - find out more about the browsers we support when using Online Banking.
  • Check a website is secure before you enter any account or card details. Look for the 'https' at the start of the web address and the padlock or unbroken key icon next to the address bar.
  • Do not enter your security information on a website you have accessed via a link in an email or text message.
  • Avoid using non-secure or unencrypted Wi-Fi, as fraudsters can set up malicious Wi-Fi networks that could intercept your data.
  • Use public Wi-Fi hotspots only if you know they are trustworthy.
  • Avoid downloading attachments or clicking links from unsolicited emails - please forward any suspicious emails from Tesco Bank to
  • Only download apps, files and programmes from sources you trust.
  • Make sure your device is locked when you're not using it, and don't share your password with anyone.

Staying secure when using Online Banking or Mobile Banking App

Staying secure when using Online Banking or the Mobile Banking App

  • Log in to your Tesco Bank account by opening your browser and manually typing in, or follow a saved bookmark.
  • Do not let anyone else use your device if you are logged in to Online Banking or your Mobile Banking App.
  • Do not leave your device unattended after you've logged in to Online Banking or your Mobile Banking App.
  • Do not set up a public computer as a computer you want us to recognise, e.g. in an internet cafe.
  • Do not register the Mobile Banking App on someone else's phone.
  • Log out of Online Banking or the Mobile Banking App when you've finished - do not rely on the website or app to log you out automatically.
  • Only download the Tesco Mobile Banking App from Google Play or the App Store, other sources could be phishing or malware.

Contact us straight away if you think your details have been compromised.

Using Authorised Third Party Provider Services

Using Authorised Third Party Provider (TPP) Services

If you are a credit card, current account, internet saver or instant access savings account customer, you may choose to use authorised third party providers (TPPs) who, with your consent can provide account management or payment initiator services.

If you wish to use these services, you will need to allow the TPP access to your online banking by sharing your security details.

To keep your accounts secure when using a TPP remember:

  • To check with the TPP that they are authorised to undertake the services for you (further information can be found on the FCA register website, that you trust them with your account, and you are clear what accounts they have access to and what they are using your data for.
  • Once you share your online banking security details, TPPs will have the same access to your online banking that you have, which includes accounts that you may not explicitly have given consent for them to view.
  • We will treat all instructions as you having given consent for the TPP to act on your behalf, so inform us if you believe your details have been compromised and contact us immediately if you have any concerns.
  • That once you share your online banking security details, Tesco Bank will have no control over how your data is used, which is why you must ensure you only ever deal with TPPs authorised to undertake these services.
  • If you wish to stop using a service, you will need to withdraw your consent from the TPP and update your security details with us. This will prevent them from having further access to your account(s).

You are in control - if you don't want to use third party providers, you don’t have to. If you don’t want TPPs to access your account, you don’t need to do anything.

Please refer to your product terms and conditions for more information.

These are some of the important questions other customers often ask us:

What if I think someone knows my Tesco Bank Online Banking or Mobile Banking App security details?

You must contact us immediately and change your Tesco Bank security details straight away.

What if I forget or lock my Tesco Bank security details?

If you've forgotten your existing details or you are locked out of Online Banking or the Mobile Banking App, you can reset them online. We may need to send you a Temporary Security Number by text message or post to make sure it's really you.

What should I do if my phone is stolen?

Call our Online Helpdesk immediately so that we can block the Tesco Bank Mobile App being accessed on your stolen phone. If you suspect that someone else knows any of your log-in details then ask us to reset them when you call.

What if I want to change my Tesco Bank security details?

If you want to change your security details, you can do so by logging in to Online Banking and choosing Manage Security Details on the Online Banking Overview or by contacting us.

What if I'm asked for my Tesco Bank Online Banking security details?

Once you've registered, we'll never ask for all of your security details when we contact you.

If you ever receive a request for all of your details at any time (by email or otherwise), don't give them out and report it to us straight away by emailing You'll never be asked for your security details or your PIN by online retailers, so you should never disclose them, even to the police or other security agency.

Further information

More information on how to protect yourself and how to protect your devices is available at Take Five, which is a joint initiative between Financial Fraud Action UK and the Government.

Visit Take Five