By At Ease Online · Updated May 2026 · 7 minute read
The one rule that matters most: Your bank will never call and ask for your full password or PIN, ask you to transfer money to a different account for safekeeping, or send someone to your door to collect your card or cash. If anyone does any of these things — whoever they claim to be — it is a scam.
Online Banking Safety: What You Need to Know
Online banking is convenient, well-protected, and used by millions of people every day. But a few simple habits make the difference between banking safely and leaving yourself open to fraud.
Setting up safely.
More than £1.1 billion was lost to fraud in the UK in 2024, with bank transfer scams accounting for £450 million of that total, according to UK Finance. People aged 61 and over are disproportionately affected, representing a quarter of all identity fraud cases recorded by Cifas in 2025.
The good news: the vast majority of online banking fraud is preventable. Not through complicated technology, but through a small number of habits that become second nature very quickly. This guide covers exactly what those habits are.
Before you log in for the first time, two things are worth getting right. They take a few minutes and dramatically reduce the chance of anyone else accessing your account.
Use a password you don't use anywhere else
Your online banking password should be unique - not shared with your email, shopping accounts, or anything else. It should not contain your name, date of birth, or the name of a family member. Most banks will ask for a mix of letters, numbers, and a punctuation mark such as an exclamation mark or underscore.
If keeping track of passwords feels like a challenge, a password manager is worth knowing about. Apps like 1Password or Bitwarden store all your passwords securely in one place - you only need to remember one master password to access them. Many people find this far simpler than trying to remember a different password for every account.
Turn on two-step verification
Two-step verification (sometimes called 2SV or two-factor authentication) means that logging into your account requires two things: your password, and a one-time code sent to your phone. Even if a fraudster gets hold of your password, they cannot get in without your phone. Most UK banks now offer this - check your security settings or call your bank if you are unsure whether it is active on your account.
Logging in safely, every time.
Where and how you log in matters just as much as your password. Two situations in particular carry real risk.
Never use online banking on public Wi-Fi. Networks in cafés, libraries, hotels, and train stations are not secure. Anyone connected to the same network could potentially intercept what you are doing. Wait until you are on your own home broadband - or use your mobile phone's data connection instead.
The same applies to public computers - a library PC, or a device that belongs to someone else. These may have software on them designed to record what you type. Your own phone, tablet, or laptop, on your own home network, is where online banking belongs.
When you have finished banking, always log out using the logout button rather than just closing the browser tab. It takes one click and closes the session properly.
Keeping an eye on your account.
One of the most useful habits you can build is logging in once a week and spending two minutes looking through your recent transactions. You are not looking for anything complicated - just anything you do not recognise.
If you see a transaction that surprises you, even a small one, report it to your bank straight away using the number on the back of your card. Fraudsters sometimes start with small test payments to check an account is live before attempting larger transfers. Catching it early is always better.
What your statement tells you: Every payment will show a name, amount, and date. If a name is unfamiliar, that is enough reason to call your bank. You do not need to be certain it is wrong — simply asking is always the right thing to do.
Things to watch for.
Fraud involving online banking rarely happens because someone guessed a password. It usually happens because a fraudster persuades the account holder to take an action themselves. These are the most common tactics used in the UK.
The "safe account" call. Someone calls claiming to be from your bank's fraud team, saying your account has been compromised and you must transfer your money to a new "safe" account they have set up. No bank ever does this. Hang up and call your bank directly.
A message saying your account is suspended. A text or email tells you to click a link and log in to verify your details or restore access. The link leads to a fake version of your bank's website. Your bank will never ask you to log in via a link in a message. Go directly to their website by typing the address yourself.
Remote access requests. Someone claims to be from your bank or from a computer company and asks to access your device remotely to fix a problem. Once connected, they can see everything on screen — including your banking session. No legitimate organisation will ever ask for remote access to resolve a banking issue.
Act immediately - and know your rights
If you notice a payment you did not make, or you believe you have been targeted by a scam, call your bank straight away using the number on the back of your card.
REPORT FRAUD TO THE POLICE
OR CALL 0300 123 2040 - AVAILABLE 24/7
YOUR BANK'S FRAUD TEAM
Number on the back of your card
CALL THIS FIRST IF MONEY HAS MOVED
Under rules introduced in October 2024, UK banks are legally required to reimburse victims of authorised push payment fraud in most cases. In the first three months of the scheme, 86% of eligible losses were returned to victims. Speed matters — the sooner you report it, the better the outcome.
For a more detailed guide on what to do if you think you've been scammed, read our Scam Response Guide.
If something does go wrong.
One Final Note
You can't always have someone beside you whenever something doesn't look right. But when everything is properly organised and up to date, there's no room for doubt, you'll know exactly what's happening.
That's where we come in.
At Ease Online
We're worth knowing about
Sources
UK Finance Annual Fraud Report 2025 — APP fraud losses and reimbursement data; Cifas Fraudscape 2025 — identity fraud victim profiles by age; National Cyber Security Centre — password and two-step verification guidance (ncsc.gov.uk); Age UK — online banking safety guidance for older adults; Action Fraud / Report Fraud — fraud reporting and recovery guidance; Payment Systems Regulator — APP fraud reimbursement scheme update, May 2026.
This guide is for general information only and does not constitute financial advice. For guidance specific to your bank or account, contact your bank directly.