We take security seriously. We're continually striving to make banking safer. Our security guides give you information and advice on staying secure, as well as details on how to contact us if you suspect there has been fraud on your account.
- What we are doing to protect you
- Top anti-fraud tips
- Protect your identity
- Cheque fraud
- Common Scams
Help and support
Contact us if you need help or support about any aspect of Barclays Online.
Security of your credentials (Protect Yourself)
When you apply to use our services online, we will set up security credentials for you. Your credentials give you access to Barclays Online services, and you should take adequate steps to make sure that this online information remains secret. To safeguard these details you should:
- Memorise your passcode and memorable word, and remember to destroy your passcode letter once you have memorised your passcode
- Do not record your passcode and memorable word
- Ensure that you do not tell anyone your passcode or memorable word, and ensure that they are kept confidential and secret by taking appropriate steps to prevent disclosure to a third party. In particular, do not allow anyone (without exception) to use your username and passcode or memorable word, as you are responsible for all transactions undertaken with your username and passcode or memorable word.
- Never keep details of your passcode or memorable word with your membership number in the same place
- Avoid using the same passcode or memorable word on other websites, applications or services, particularly when they relate to different entities
- Change your passcode regularly or when there is any suspicion that it has been compromised or impaired.
Please contact us immediately if your credentials have been lost or stolen. Inform us immediately as well if you lose your mobile phone or change your mobile phone numbers.
We will not make unsolicited requests for customer information through email or the telephone, unless customers initiate contact with us. We will use any information collected as minimally as possible, and the use of such information is mainly to assist us in customising and delivering services and products that are of interest to our customers. Under no circumstances will we ask customers to reveal their passcodes or memorable words.
You are responsible for keeping your online passcode confidential. Failure to do so exposes you to the risks of fraud and loss. Barclays Bank PLC will not be responsible for losses suffered by customers as a result of:
- input errors or misuse of its online or other internet banking services
- negligent handling or sharing of passcode
- leaving a computer unattended during an online session
- failure to immediately report known incidents of unauthorised account access.
If you have logged in to the secure area of the site and then choose to finish your session, you should always log out to prevent unauthorised access to your account.
Always log off the online session and turn off the computer when not in use.
Be extra vigilant if using public computers, including internet cafés, or wireless hotspots, where there is an increased risk of your online details being compromised. It is recommended that you use computers which you directly control, or at least consider to be secure or that which you trust, to access Barclays Online.
Do not select options to remember your details on a computer other people may use. For example, do not select the browser option for storing or retaining your credentials.
Completely close the browser, clearing private data, when you have used a computer that other people may use.
Anti-virus software is used to prevent, detect and remove known viruses.
When you use anti-virus software, ensure that you carry out regular software updates to keep it as up to date as possible. If your anti-virus software has a virus scanner option, it is recommended that you schedule regular scans of your computer. If a virus is ever found, it is recommended that you follow the instructions provided by your anti-virus software.
Updates and patches
Software patches work to close a hole or weakness in your computer's software. Keep your operating system (e.g. Windows XP or Apple OSX) and your web browser (e.g. Internet Explorer or Firefox) up to date by regularly checking the manufacturers' websites.
For Windows and Internet Explorer updates go to: www.windowsupdate.microsoft.com
For Mac updates go to: www.apple.com/uk/support
For Firefox updates go to: www.mozilla.com/en-US/firefox
For Chrome updates go to: www.google.com/chrome
For Opera updates go to: www.opera.com
Personal firewall software works in the background to manage traffic to and from your computer according to its security policy.
It is recommended that in addition to using anti-virus software, you use a personal firewall. This will help to protect you from online threats by acting as a barrier between the public internet and your personal computer, provided that you carry out regular updates.
There are many internet frauds that rely on people downloading software to their computer often without their knowledge or consent. Do not download any software onto your computer unless it is from a trusted source or site.
Be vigilant when downloading other software off the internet such as MP3s as malicious software is often 'hidden' amongst legitimate software.
Be vigilant of attachments sent to you via email, especially if you do not recognise the sender. Emails are a common way to spread viruses. If you are at all suspicious, do not open the email and delete it immediately. Delete junk or chain emails.
Spyware is a program that can secretly gather information about you as you use your computer. It is commonly downloaded without the knowledge or consent of the user.
It can slow down your computer, alter your homepage, produce lots of adverts or links to websites and even include keystroke loggers to record details such as passwords and user names.
If your security software detects a threat on your computer, it is recommended that you follow the instructions provided by your software.
Trojan programs are hidden programs, again commonly downloaded without the knowledge or consent of the user, that can give control of your computer to a hacker or gather information about you as you use your computer. A trojan is a type of computer worm or virus that is installed on your computer without your knowledge or consent.
Typically, the fraudster will send you an email that tries to trick you into following a website link and downloading a piece of software or opening an attachment. If you take this action, the trojan can be installed.
Trojans can be capable of recording passwords and other personal details by capturing keystrokes or taking screen shots of sites you visit. These details can then be sent to the fraudster.
- Remove file and printer sharing in your personal computers, especially when you have internet connections
- Make regular backup of critical data
- Clear browser cache after each online session
- Consider the use of encryption technology to protect highly sensitive data
Our website security
The security of your financial and personal information is very important to us and we take appropriate steps to protect you online. We use proven technology to ensure that our online services are provided in a safe and secure environment. This includes:
Secure Socket Layer
Our web based services use a technology known as Secure Socket Layer (SSL) which means that the information sent across the network is scrambled. To support this technology, you need an SSL-capable browser.
A symbol on your browser, usually a lock or key, tells you if you are on a secure site. If the symbol is unbroken or in the locked position then you are using a secure connection to the server.
You should check whether our website address changes from http:// to https:// and a security icon that looks like a lock or key appear when authentication and encryption is expected.
You should always check the authenticity of our website by comparing the URL and our bank’s name in its digital certificate or by observing the indicators provided by an extended validation certificate.
Cookies are harmless text files that web servers can store on your computer when you visit a site. They allow the server to recognise you when you revisit.
We use two types of cookie:
- Transient (or per-session) cookies - these only exist for your site visit and are deleted on exit. They recognise you as you move between pages
- Persistent (or permanent) cookies - these stay on your machine until expiry or deletion. Many are built with automatic deletion dates to help ensure your hard drive does not get overloaded. These cookies often store and re-enter your log-in information, so you don't need to remember membership details.
Additionally, cookies can be first or third party cookies. First party cookies are owned and created by the website you are viewing. Third party cookies are owned and created by an independent company, usually a company providing a service to the website owners.
Internet cookies are common and do not harm your computer - they just store or gather site information. They help you do things online, like remembering login details so you do not have to re-enter them when revisiting a site.
- Gather customer journey information across our sites
- Ensure your privacy in our secure sites
- Store login details for our secure sites
- Temporarily store details input into our calculators, tools, illustrations and demonstrations
- Store details of your marketing, product and business unit preferences to improve our targeting and enhance your journey through our sites
- Evaluate our sites' advertising and promotional effectiveness
Following a period of inactivity we apply a time-out to your session in case you forget to log out.
Back to top
Protect yourself from fraud
Fraud crime is growing and everybody needs to be aware of it. We hope you find the following tips useful and informative.
Keep your details safe
Keep your cards, passwords, PINs, OTP security token, documents and personal information secure. Do not reveal the OTP generated by your security token to anyone. Do not divulge the serial number of your security token to anyone.
This will protect you from identity theft, online fraud, card fraud and more. To learn more about how you can keep these details safe, see our guide to identity fraud
Be suspicious of any unsolicited communications that ask for your personal details.
Although unsolicited phone calls, letters, emails or texts can look or sound legitimate, chances are they are fraudulent. Do not respond to these kinds of communications until you have contacted the company concerned to check that they are genuine.
Never download software, open attachments or follow links that you have been sent by email unless you are sure they are safe.
If in doubt, delete the email immediately. These tricks are commonly used by fraudsters to install trojans or spyware.
Check your bank and credit card statements carefully and frequently
Contact us straight away if you spot any transactions you do not recognise.
Let us know if you are going somewhere unusual
This helps avoid problems with using your cards and accounts overseas, as well as helping to protect you from fraud whilst you are away. You can use contact us to tell us.
Learn about common scams
There are some common scams that may target our customers.
Be vigilant and up to date
Keep your computer and mobile software up to date.
Keeping your computer and mobile's operating systems, applications, virus checkers, firewalls, spyware and software up to date is the best proactive protection for your computer, mobile and data.
Be vigilant when using cash machines.
Move to another machine if someone behind you is behaving suspiciously or attempts to distract you.
Check for signs of tampering, as this could mean that the machine has been fitted with a skimming device.
Never leave receipts behind - keep them until you have checked them against your statements and then dispose of them safely, preferably by shredding them.
If you are concerned about the security of your account
Contact us immediately
Security of your credentials
Avoid falling victim to this fraud by following our simple tips.
If you are concerned about the security of your account, contact us.
What is identity theft?
Identity theft occurs when fraudsters use your personal information without your knowledge or consent to take out bank accounts, credit cards, loans, state benefits and documents such as passports and driving licenses in your name.
It can have a terrible impact on your personal life and finances. For example, you may have difficulty getting loans, credit cards or a mortgage until the problem is sorted out.
Keep your personal information secure
- Be extra careful if you live in a property where other people could access your mail. People who live in properties with communal letterboxes are particularly vulnerable.
- Consider picking up valuable items from companies directly rather than having them mailed. For example, if you've ordered new debit cards, credit cards or chequebooks from your bank, you might be able to pick them up from your local branch.
- If you move house, tell your bank, card issuer and all other organisations that you deal with immediately. Ask your local mail service to redirect any mail from your old address to your new one for at least a year.
Keep your documents safe
- Keep your personal documents in a safe place, preferably locked away at home or your bank. If any of your documents have been lost or stolen, contact the issuing organisation immediately.
- Destroy unwanted documents, preferably by using a shredder. Never throw away entire bills, receipts, credit or debit card slips, bank statements, or even unwanted post in your name.
- Check statements as soon as they arrive. If you spot any unfamiliar transactions, contact the company concerned immediately.
Keep your passcodes, PINs and memorable words safe
- Do not base your PIN or password on guessable information such as your user-id, personal telephone number, birthday or other personal information
- PIN or password should be at least 6 digits or 6 alphanumeric characters, without repeating any digit or character more than once.
The information above has been taken from the identity theft website developed by the Government, Metropolitan Police and various industry bodies. Visit this site if you'd like to know more about identity theft
If you receive e-mails of potentially involving identity theft you may wish to contact us and the Singapore or Hong Kong Police.
Back to top
How does cheque fraud occur?
Want to know how you can protect yourself from cheque fraud? Follow our tips and you will be well on your way.
If you think you have fallen victim to identity theft on your Barclays cards or accounts, contact us.
Cheque fraud takes place when a fraudster uses a stolen or counterfeit cheque to pay for goods and services. More than 90% of fraudulent cheques are stopped before any loss occurs. But even so, cheque fraud still costs millions of pounds a year.
These losses can be compounded when the fraud also involves an 'overpayment'. This occurs when the fraudster - who is often part of an organised gang - targets the seller of a high value item, such as a car, and offers to pay using a stolen or counterfeit cheque made out to more than the price of the goods. Once the cheque clears, the victim is asked to transfer this 'overpayment' to a third party, as well as handing over the item to the fraudster.
When the real cheque owner discovers that money has been stolen from their account, the victim can be obliged to repay the total sum - even if this happens several weeks later.
How to protect yourself against cheque fraud
- Do not accept cheques from anyone unless you know and trust them, especially when a high-value cheque is involved
- Be aware that there is a risk that money credited to your account from a cheque could be reclaimed if the cheque turns out to be stolen or counterfeit
- Always consider other ways of accepting payment for high-value items - a CHAPS payment, or guaranteed, same-day bank transfer, is ideal. Be especially wary if the buyer is unwilling to pay or split the relatively small cost involved with you.
- Keep your chequebook in a safe place
- Report any missing cheques to your bank immediately
- Always check your bank statements thoroughly
Social engineering is the act of manipulating people into doing what you want. In terms of online fraud, it usually involves tricking people into disclosing passcodes, login details or other confidential information.
You can protect yourself by:
- Not disclosing confidential information over the phone unless you are sure that the caller is really who they say they are. If in doubt, ask for the caller's phone number, satisfy yourself that it is genuine, and only then call them back.
- Never sending confidential information by email. It can easily be intercepted by a third party, and companies like ours will never ask you to email personal details, account information or passcodes.
- Keeping your credentials (PINs, passcodes and memorable words) confidential at all times. Banks, including us, will never ask you to disclose this type of information.
Phishing is the process of attempting to acquire confidential information by sending out emails or other kinds of messages that direct you to bogus websites or phone lines. These emails or messages claim to be from a particular company, but are actually sent by fraudsters, often at random. Any information you disclose on these bogus websites or phone lines is captured by the fraudsters.
You can protect yourself by treating any unsolicited emails or calls that ask for confidential information as suspicious. If in doubt, do not provide any personal or financial information.
Barclays Bank Plc will never send you any email containing a link to any of our log-on pages. If you receive one, it is not from our bank and you should not click the link therein and should not enter any of your personal credentials and passcode in those websites.
W-8BEN Form scam
The W-8BEN form is a legitimate US tax exemption document, however fraudsters have been using the W-8BEN format to acquire personal details such as mother's maiden name, passport number, date of birth, PIN numbers and passcodes.
The fraudulent forms are being sent under the guise of anti money laundering regulations claiming to review client information and asking that the form be completed.
Please be advised that we will never ask you for your passcode or memorable word in this manner. Should you receive such a form do not reply to it.
If you believe you may have replied and provided this information please contact us <0.2> immediately.
Barclays job offer email scam
This scam involves someone offering, via an email or website, an opportunity to gain employment within Nigeria at "THE NEW BARCLAYS NIGERIA BANK PLC" office. In this scam you are asked to provide various personal details although ultimately you will be accepted for the role. The scam also requires that, before your employment can start, you must pay an advanced fee in lieu of your starting date.
Please note that Barclays is in no way associated with THE NEW BARCLAYS NIGERIA BANK PLC, nor with this scam and the offer of employment which it promises. Moreover, the Barclays office in Nigeria is in Lagos only. Accordingly, please ignore any request which conforms with this scam and delete the email.
Additional income email scam (money mules)
Most UK bank accounts will not let you make online cross-border transfers from overseas. Since most online fraudsters tend to be based outside the UK, they need money mules to launder the funds they receive from their scams.
Money mules receive funds into their accounts and send it to the fraudsters using a wire transfer service, minus their commission. They are recruited through a variety of methods, including spam emails, genuine recruitment websites, approaches to people whose CVs are available online, instant messaging and newspaper ads.
This scam offers you the chance to earn some easy money for a few hours' work each week, but beware: handling money that has been obtained fraudulently is a crime. You can protect yourself from becoming involved by:
Treating any unsolicited job offers with suspicion, especially if the company is based overseas
Verifying the details of any company that you are considering working for
Not giving your bank account details to anyone that you do not know and trust
Remember the golden rule: If it sounds too good to be true, it probably is.
Lotto prize and advance fee scams
These scams are variations of the same type of fraud, in which the victim is asked to make a payment in return for receiving a substantial amount of money. Advance fee fraud is also known as West African or 419 fraud. In both types of scam, the fraudster will claim the money is available but a payment is needed to help cover transfer or administrative costs. Lotto fraud payments tend to be low to start with and increase as the victim becomes more engaged with the scam. In contrast, the payment requested in advance fee fraud is usually quite high - often £15,000 or more.
To protect yourself:
- Treat any such requests for money with suspicion
- Be aware that these requests can be made not only by phone, but by email, letter, or even in person, and can look and sound legitimate
- Do not respond to any unsolicited communications promising prize money in return for payment
Boiler room scams
Boiler room scams are scams where 'companies' contact clients generally out of the blue either by post, email or telephone and offer them shares in a company at a supposedly heavily discounted price. They will often use hard sell tactics to persuade the client to buy the shares e.g. creating a sense of urgency or using a persistent and aggressive style. This pressurised tactic is why they are referred to as boiler room scams. The company that they are trying to sell may be listed on an illiquid market so the shares cannot be sold. Or they could be a small unquoted company that the broker claims is planning to list. In other cases the company itself may not exist or the share certificates delivered are fake.
The Financial Conduct Authority (FCA) has published a list of firms that they are aware operate in this manner.
In general the bulk of these firms operate overseas with hotspots being in Spain, Switzerland, Dubai, Japan, Bermuda and the US and are therefore outside the remit of the FCA and/ or PRA. However, these firms are likely to have a UK registered address and a name which suggests legitimacy.
Both inexperienced and experienced people have been affected by this type of scam with a typical victim losing around £20,000.
Further information on boiler room scams can be obtained from the FCA.
You can contact us using the information in Wealth Online Banking.
Select Contact us in the banner to get contact details and instructions.