Comparison of banking providers’ fraud controls

Reducing fraud is a priority for the FCA. This page contains information about banks’ fraud controls.

It is intended to enable consumers and consumer groups to compare how banks protect their customers against fraud, and to help consumers to make better informed choices about their banking providers.

The information was provided by UK Finance in March 2020.

Download the data (XLSX) 

View the tables:

1. What is the firm’s approach to Fraud Prevention?

Bank

Response

URL

Bank Of Ireland

Keeping customers' accounts secure is a top priority for us, but it is also important for you to protect yourself from fraudsters. The safety of our colleagues and customers is always a top priority for the bank. Our Security teams work round the clock to ensure our bank is a safe place to work, with plans, processes and controls in place to protect our customer’s finances.

https://www.bankofirelanduk.com/help-and-support/security-zone/

Bank of Scotland

Bank of Scotland adopts an approach to fraud risk management that seeks to balance the demands of driving down fraud losses, whilst being sensitive to the impact(s) on customer experience and operational demands. We do this by using the latest tools and industry best practice to create an environment that is unattractive to fraudsters and that protects and serves our customers, regardless of their product or channel of choice.

https://www.bankofscotland.co.uk/securityandprivacy/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.html

Barclays

We will protect our customers from fraud, to make it as easy as possible to use our services and when needed, to keep our customers fully informed. We have dedicated teams that are accessible 24/7 should customers need advice or help. We will get customers back up and running as quickly as possible.Fraud PreventionWe will deliver flexible world-class fraud capabilities to prevent fraud. We will use the latest fraud technology to deliver the right outcomes. OUR AMBITION - SHIELDING OUR CUSTOMERS & PROTECTING THEIR ASSETS FROM FRAUDSTERS.

https://www.barclays.co.uk/digisafe/

Clydesdale & Yorkshire Building Society

Our core aim is to make our customers happier about money. A key aspect of this is ensuring that customers can feel secure that their money and data is safe. Our Fraud controls operate across all brands, delivery channels and products throughout the life-cycle of each product from account opening to usage.

Co-Operative Financial Services

Protecting and preventing our customer’s falling victim to fraud and scams is of upmost importance to us. In line with our commitment to our values and ethics we strive to educate customers, colleagues and the wider community to help people spot the warning signs of fraud and identify the types of scams that they may be targeted with. Our approach to fraud prevention involves a risk based system which is designed to protect our customers against fraud. We also balance the customer’s need to have a frictionless journey when carrying out their day to day banking needs.

https://www.co-operativebank.co.uk/global/security

Danske Bank

We put the financial safety of our customers at the front and centre of all our anti-fraud activities. We do this by having a range of systems and controls in place to protect the economic well-being of our customers and the integrity of our banking platforms. We work constantly to detect and prevent fraudulent activity on customer accounts and continually adapt our communications to customers to ensure they are aware of the latest fraud and scams that they could be targeted with.

https://danskebank.co.uk/personal/fraud-prevention

First Direct

Fraudsters are constantly becoming more intelligent with the ways they commit crimes. Therefore, protecting you and your money is an absolute priority for us. To better defend you and the wider financial system from financial crime, we are making significant investments in technologies, processes and in our people. We want to ensure that you feel secure and educated against one of the fastest growing types of crime in the UK. So, if you don’t feel sure when speaking to someone you don’t know, or you have received digital correspondence that you aren’t happy about, contact us.

https://www.firstdirect.com/help/security-centre/ways-we-keep-you-safe/fraud-prevention/

Halifax

Halifax adopts an approach to fraud risk management that seeks to balance the demands of driving down fraud losses, whilst being sensitive to the impact(s) on customer experience and operational demands. We do this by using the latest tools and industry best practice to create an environment that is unattractive to fraudsters and that protects and serves our customers, regardless of their product or channel of choice.

https://www.halifax.co.uk/aboutonline/security/protecting-yourself-from-fraud/bank-safely-how-we-protect-you/

HSBC Bank

Fraudsters are constantly becoming more intelligent with the ways they commit crimes. Therefore, protecting you and your money is an absolute priority for us. To better defend you and the wider financial system from financial crime, we are making significant investments in technologies, processes and in our people. We want to ensure that you feel secure and educated against one of the fastest growing types of crime in the UK. So, if you don’t feel sure when speaking to someone you don’t know, or you have received digital correspondence that you aren’t happy about, contact us.

https://www.hsbc.co.uk/help/security-centre/

Investec

A fundamental part of our business is fraud prevention. We know that you want to receive an exceptional client experience, and we know that safeguarding your financial security is essential. As the threat landscape changes every day, we work around-the-clock to optimise the controls that keep all of our clients protected.

https://www.investec.com/en_gb/legal/know-fraud/data-transparency-fraud-prevention.html

Lloyds Bank

Lloyds adopts an approach to fraud risk management that seeks to balance the demands of driving down fraud losses, whilst being sensitive to the impact(s) on customer experience and operational demands. We do this by using the latest tools and industry best practice to create an environment that is unattractive to fraudsters and that protects and serves our customers, regardless of their product or channel of choice.

https://www.lloydsbank.com/help-guidance/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.asp

M&S Bank

Protecting our customers and their money is an absolute top priority for us. We are continuously making investments in technologies, processes, and people to protect our customers and the wider financial system from fraud, cyber and financial crime.From password protection to advanced encryption technology, we use highly sophisticated fraud detection systems and technologies to keep your personal details and your money safe.

https://bank.marksandspencer.com/security/useful-information/

Metro Bank

Fraudsters’ tactics are getting more sophisticated, so we need to make sure we stay one step ahead. That’s why we have a range of safeguards in place to protect our customers, and we regularly review and update our systems. Our priority is the safety and security of the bank and its customers. By taking precautions to protect our customers, we can help them steer clear of fraud. If they are affected, we promise to investigate, and do what we can to avoid innocent victims being left out of pocket. We are involved with multiple organisations and campaigns centred on preventing fraud, and work closely with law enforcement agencies and other banks to tackle any issues as soon as they come up.

Nationwide Building Society

Central to our values, we seek to protect our members’ money and educate against the threat of Fraud. With a round the clock Fraud Department and well established detection systems we help protect our members from fraud and scams by. Maintaining a culture of fraud awareness and prevention. Designing safe and secure products, processes and systems. Balancing security with the need for fast and reliable access to products and services. Meeting regulatory expectations. Continually monitoring fraud controls to ensure they are robust and effective. Assisting law enforcement agency investigations and prosecutions, helping tackle financial crime at source.

Natwest

Our fundamental purpose is to keep our customers’ money safe and secure. Advancing technology brings many benefits. This same technology also allows fraudsters to create sophisticated scams. We’re working harder than ever to keep your money safe and secure. If the worst happens, and you fall victim to fraud & scams, we often spot it and get in touch with you. If the you spot something or are worried about a possible scam, we’re available 24/7 to report a scam. We take action against accounts where needed and report our findings to other banks and the police for further action

https://personal.natwest.com/personal/fraud-and-security/fraud-control-data.html

Royal Bank Of Scotland

Our fundamental purpose is to keep our customers’ money safe and secure. Advancing technology brings many benefits. This same technology also allows fraudsters to create sophisticated scams. We’re working harder than ever to keep your money safe and secure. If the worst happens, and you fall victim to fraud & scams, we often spot it and get in touch with you. If the you spot something or are worried about a possible scam, we’re available 24/7 to report a scam. We take action against accounts where needed and report our findings to other banks and the police for further action.

https://personal.rbs.co.uk/personal/fraud-and-security/fraud-control-data.html

Santander

We want to protect you from fraud and scams, and give you the tool you need to protect yourselves. We combine the best technology and banking security to help you manage your money safely.

https://www.santander.co.uk/personal/support/fraud-and-security/our-approach-to-fraud-prevention

Smile

Protecting and preventing our customer’s falling victim to fraud and scams is of upmost importance to us. In line with our commitment to our values and ethics we strive to educate customers, colleagues and the wider community to help people spot the warning signs of fraud and identify the types of scams that they may be targeted with. Our approach to fraud prevention involves a risk based system which is designed to protect our customers against fraud. We also balance the customer’s need to have a frictionless journey when carrying out their day to day banking needs.

https://www.smile.co.uk/global/security

Starling Bank

We recognise that fraud is increasingly sophisticated and has a devastating impact on victims. In addition to having advanced methods for deterring, detecting and preventing financial crime, we seek to educate our customers about the types of scams we know to exist so they can protect themselves and their loved ones. We were among the first signatories of the Contingent Reimbursement Model (CRM) Code, introducing new standards for minimising the number of Authorised Push Payment (APP) scams and reducing their impact on customers. In fact, we are the only digital bank to sign up to the Code.

www.starlingbank.com/mobile-banking-security/fraud/banking-fraud-control-comparison-data/

TSB

TSB has a straightforward fraud strategy: Prevent – we will continuously educate customers about the dangers of fraud and how to prevent it. This will include emails, social media, warnings in the banking journey and fraud awareness workshops held in local communities. Protect – We will continuously optimise our fraud prevention systems, ensuring customers remain protected Where fraud does happen, we safeguard our customers via our unique Fraud Refund Guarantee.Pursue – We will hunt down criminals that defraud TSB or our customers, ensuring that we maintain our strong relationships with law enforcement to bring fraudsters to justice.

https://www.tsb.co.uk/fraud-prevention-centre/how-we-protect-you/

Ulster Bank

Our fundamental purpose is to keep our customers’ money safe and secure. Advancing technology brings many benefits. This same technology also allows fraudsters to create sophisticated scams. We’re working harder than ever to keep your money safe and secure. If the worst happens, and you fall victim to fraud & scams, we often spot it and get in touch with you. If the you spot something or are worried about a possible scam, we’re available 24/7 to report a scam. We take action against accounts where needed and report our findings to other banks and the police for further action.

https://digital.ulsterbank.co.uk/personal/security-centre/reporting-fraud.html

2. What controls does the firm have in place?

Bank

Response

URL

Bank Of Ireland

Online Security - Our websites are encrypted to protect your information. Please use a secure browser to access account information and transact. Our websites are protected by a firewall (a barrier between the internet and our internal bank network). When you log on to Bank of Ireland 365 online, we’ll ask you for: A private and individual User ID 3 random digits from your 365 login PIN A personal detail question. This information is encrypted and will stay private if you don’t disclose it. Two factor authentication You need a Two Factor Authentication to add or edit a payee on 365 online We’ll text a code to your registered mobile phone, or send via post if you prefer. Protecting your business with Bank of Ireland award-winning* KeyCode. It has many features and benefits including: Unique, one-off codes you can use to log on to Business On Line and authorise payments and payees. You need a secure PIN to access the KeyCode app. This One Time Code is generated per transaction and expires when used, or after 60 seconds KeyCode only works on your registered device, along with your corresponding Business On Line User ID The app is registered to one individual user. Daily Control Limit - The administrator and your relationship manager will set a Daily Control Limit (DCL) on your Business On Line profile This limit means your profile is less likely to be exposed to fraud. Winner of ‘Best Information Security Initiatives (Corporate/Institutional)’ in Western Europe, Global Finance Best Digital Bank Awards 2017.

https://www.bankofirelanduk.com/help-and-support/security-zone/

Bank of Scotland

We protect your money by using real time fraud detection systems to monitor transactions on your accounts. We utilise various tools such as device identification of the phones, tablets etc. that you use, in conjunction with biometric behavioural analysis to identify potential fraudulent activity. Furthermore, we adopt a multi-channel approach to authentication. When you call our Telephone Centre, log into Internet Banking or pop into branch we will carry out verification checks to make sure it is you we are talking to. In addition to using your memorable information, personal security number or password information, we also use biometric technology to identify you, for example voice ID on our telephony channel, which allows you to use your voice as your password. When logging on to the mobile banking App, customers are able to use their Touch ID to authenticate themselves instead of their password. For some online card transactions and wallet pay card registrations, we will double check that it is you making the payment or completing the registration by sending a ‘one time passcode’ to your phone, which you can enter into the screen to complete the transaction. In the event that suspicious activity is identified we will attempt to contact you to verify. We work with the card issuer under their chargeback scheme, which means that we can often recover your money directly from them for fraud transactions. In addition, we have developed and fully apply best practice standards with the industry and regulators to ensure that authorised push payment fraud cases are dealt with efficiently, consistently and fairly by both the sending and receiving bank. Where funds have fraudulently been taken from your account, we will work with the bank that received the funds, under an indemnity scheme to recover any remaining funds.

https://www.bankofscotland.co.uk/securityandprivacy/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.html

Barclays

Fraud detection systems which monitor transactions and payments on a real time basis. If something looks suspicious, we may try to get in contact and take action to protect the account while a review is carried out. Biometric systems help us track your normal behaviour when you are viewing your account details online. This helps us to try to identify if a fraudster has accessed your account and is used strictly in compliance with our internet banking terms and conditions, to protect your privacy and information about you. We work with external vendors and companies to ensure the contact details you have provided have no unwanted interference before we check a transaction with you. Industry Wide Support - Participation in industry schemes such as CIFAS and Hunter. Phone number checker via the Barclays website so you can check it’s us trying to contact you. Our Fraud teams are available to talk about your account 24/7. Whilst offering protection, we will always endeavour to eliminate interruptions to our genuine customers, enabling them to use their Barclays products freely. Specialist vulnerable teams are in place to help if you have any specific needs or requirements that may affect you running your account and becoming a victim of fraud. We will notify you via SMS or letter when any changes are made to your account.* Warning messages when making online payments to confirm you are confident that you are sending money to the genuine payee. Proactive Messaging which engage with you, notifying you of any changes and how we are actively protecting your account/card. Notification of data breaches from other organisations allows us to keep your data secure. If we are notified that your card details have been breached, we’ll be in touch to arrange a replacement but you’ll be able to use your card until the new one arrives. If any fraudulent activity occurs during this period, you’ll be covered by our fraud guarantee. *there are some exceptions please see the product terms and conditions.

https://www.barclays.co.uk/digisafe/

Clydesdale & Yorkshire Building Society

KYC Controls – we use credit bureau data or identity documents to verify that our customers are who they say they are prior to commencing a relationship with them or when that relationship changes. Application Fraud Controls – we use industry standard databases to supplement internal scorecards to identify suspicious applications that require further investigation. Secure Access to Services- We authenticate our customers when they register to use our channels and every time, they contact us. Authentication varies depending on the channels and the risk of the activity the customers wants to complete but includes one-time passcode Transaction fraud controls – We assess customer payment transactions on plastic cards or via faster payments and CHAPs and highlight suspicious payments for further investigation either pre or post making the payment depending on the risk involved. Where customers are victims of fraud, we recover funds and restore victims of Fraud to their pre fraud position as soon as possible.

Co-Operative Financial Services

Real-time fraud detection system – We use a real-time fraud prevention system for Faster Payments, Credit and Debit card payments. The systems mean that we can hold or decline a payment if the rules within the system identify a suspicious transaction. Biometric analysis – The fraud systems use behavioural analysis to build a profile of what is normal for customers. This is used in rules to detect suspicious transactions. One-time passwords – The Bank uses one time passcodes through Online Banking for a variety of customer requests. One-time passcodes will be used for strong customer authentication for card payments. Two factor authentications – Used in Online Banking and Mobile Banking. Helpful hints – There are dedicated Fraud and Security pages on the Bank website which provide information on fraud protection. Free anti-virus software – The Bank offers free anti-virus software for Online Banking which is available to all customers.

https://www.co-operativebank.co.uk/global/security

Danske Bank

Real-time Transaction Screening – We monitor transactions across all our banking platforms to look for unusual patterns in our customers’ behaviour and then use this information to detect and prevent unauthorised transactions. Online Security/Encryption –We use SSL encryption to keep your data and online banking channels protected from unauthorised access. Danske ID - Danske ID is a secure app that you install on your smartphone that creates a secure digital signature each time you use it to logon or approve payments on our eBanking and Mobile Bank systems. You should only approve requests in the Danske ID app for logons or payments that you yourself have created. We will NEVER contact you and instruct you to use this app to approve any transactions or logons. eSafeID - When you access Business eBanking/District, we ask you for your password and a security code provided by your eSafeID device. This device provides a unique one-time passcode that you use to sign in to Business eBanking/District. Some customers may also be required to use this device to logon and/or approve payments in eBanking or Mobile Bank. Codes from this device are unique to you and you should NEVER share these with anyone, including us!Webroot Anti-Virus Software – We provide Webroot Secure Anywhere® free to all eBanking & Business eBanking/District customers. Biometric Analysis – We use behavioural analysis to help make sure it’s really you giving us instructions in your internet banking account. This technology builds a detailed profile of how you use eBanking (i. e. what’s ‘normal’ for you) that can be very difficult for a fraudster to mimic. One-time passcodes – We use SMS (text) messages to issue unique codes to, for example, approve some payments you make online using your debit or credit card or to verify it’s really you when registering for our digital wallet services or registering for Danske ID. These codes are unique to you and you should NEVER share these with anyone, including us!

https://danskebank.co.uk/personal/fraud-prevention

First Direct

2 factor authentication for new payees – Our Secure Key gives you added protection against the threat of fraud. It generates a temporary code which you use to set up a new payee. You need your PIN or password, Touch ID, Face ID or Android Fingerprint. It means only you can setup new payees. Real-time fraud detection system – As part of our digital security promise, we’ll safeguard your money by keeping a lookout 24/7 for unusual activity on your account. From time to time we may get in touch with you to check on anything suspicious. One-time passwords – We use Verified by VISA or MasterCard Identity Check Service for online purchases. If we need to check that a purchase is genuine, we will send you a unique 6-digit SMS passcode. The passcode is only used as an identity check and you should never share it with anyone. Transaction monitoring – We may send you a text message to confirm whether a card transaction has actually been made by you or to ask you to contact us regarding possible unusual activity on your account. If you are unsure, please contact the number on the back of your debit or credit card. Helpful hints – Our fraud and security centre on our website outlines key information on what we do to keep you safe and secure online and how to protect yourself. You can find helpful hints and tips on fraud by clicking here Free Security Software – We recommend you have security software (such as IMB Trusteer Rapport) as well as additional anti-virus software on your PC.

https://www.firstdirect.com/help/security-centre/ways-we-keep-you-safe/fraud-prevention/

Halifax

We protect your money by using real time fraud detection systems to monitor transactions on your accounts. We utilise various tools such as device identification of the phones, tablets etc. that you use, in conjunction with biometric behavioural analysis to identify potential fraudulent activity. Furthermore, we adopt a multi-channel approach to authentication. When you call our Telephone Centre, log into Internet Banking or pop into branch we will carry out verification checks to make sure it is you we are talking to. In addition to using your memorable information, personal security number or password information, we also use biometric technology to identify you, for example voice ID on our telephony channel, which allows you to use your voice as your password. When logging on to the mobile banking App, customers are able to use their Touch ID to authenticate themselves instead of their password. For some online card transactions and wallet pay card registrations, we will double check that it is you making the payment or completing the registration by sending a ‘one time passcode’ to your phone, which you can enter into the screen to complete the transaction. In the event that suspicious activity is identified we will attempt to contact you to verify. We work with the card issuer under their chargeback scheme, which means that we can often recover your money directly from them for fraud transactions. In addition, we have developed and fully apply best practice standards with the industry and regulators to ensure that authorised push payment fraud cases are dealt with efficiently, consistently and fairly by both the sending and receiving bank. Where funds have fraudulently been taken from your account, we will work with the bank that received the funds, under an indemnity scheme to recover any remaining funds.

https://www.halifax.co.uk/aboutonline/security/protecting-yourself-from-fraud/bank-safely-how-we-protect-you/

HSBC Bank

2 factor authentication – Our Secure Key gives you added protection against the threat of fraud. It generates a temporary code which you use to access digital banking. You need your PIN or password, Touch ID, Face ID or Android Fingerprint. It means only you can access your accounts. Real-time fraud detection system – As part of our digital security promise, we’ll safeguard your money by keeping a lookout 24/7 for unusual activity on your account. From time to time we may get in touch with you to check on anything suspicious. Behavioural Analysis – We use behavioural analysis to help make sure it’s really you giving us instructions for your online banking. This tech builds a profile which helps us reduce fraud. One-time passwords – We use Verified by VISA or MasterCard Identity Check Service for online purchases. If we need to check that a purchase is genuine, we will send you a unique 6-digit SMS passcode. The passcode is only used as an identity check and you should never share it with anyone. Bank name display – We use bank name display when you set up a new payee to confirm which bank you are sending money to. Transaction monitoring – We may send you a text message to confirm whether a card transaction has actually been made by you or to ask you to contact us regarding possible unusual activity on your account. If you are unsure, please contact the number on the back of your debit or credit card. Helpful hints – Our fraud and security centre on our website outlines key information on what we do to keep you safe and secure online, including how to protect yourself. Free Security Software – We recommend you have security software (such as IMB Trusteer Rapport) as well as additional anti-virus software on your PC.

https://www.hsbc.co.uk/help/security-centre/

Investec

Real-time fraud detection system – We use a fraud detection solution to identify potentially fraudulent transactions from your account. Alerts are reviewed by our dedicated fraud team, who monitor transactions 24 hours a day. Voice biometrics – With your consent, we use advanced software to authenticate your identity when you phone our contact centres. Knowledge-based authentication – In some instances, our colleagues will ask security questions as part of the telephone authentication process. We will only use this information strictly in accordance with our banking terms and conditions to protect your privacy and security. One-time passcodes – For certain activities carried out on Investec Online that may indicate a higher risk of fraud, we may send you a one-time passcode via SMS as an extra layer of security. Two-factor authentication – When you login online, we will authenticate your identity through your mobile app or through a one-time passcode via SMS. Timed log out – You will be automatically logged out of Online Banking if you don’t use the service. If you forget to log yourself out, this will give you added protection. Deactivation of your login details – If three incorrect attempts are made to log in using your credentials, we will temporarily block access to your Online Banking service. This helps prevent unauthorised access to your account. Data encryption – Our Online Banking service is hosted on a secure platform. This means that any information you send us is encrypted for your protection. Malware detection – We have anti-malware detection systems on our online and mobile banking applications. This helps us to identify whether your device’s security has been compromised. Transaction SMS notifications – We send transaction notifications when you spend on your card, as well as when a payment is made from your online bank account. This helps you know immediately if there is as unexpected action.

https://www.investec.com/en_gb/legal/know-fraud/data-transparency-fraud-prevention.html

Lloyds Bank

We protect your money by using real time fraud detection systems to monitor transactions on your accounts. We utilise various tools such as device identification of the phones, tablets etc. that you use, in conjunction with biometric behavioural analysis to identify potential fraudulent activity. Furthermore, we adopt a multi-channel approach to authentication. When you call our Telephone Centre, log into Internet Banking or pop into branch we will carry out verification checks to make sure it is you we are talking to. In addition to using your memorable information, personal security number or password information, we also use biometric technology to identify you, for example voice ID on our telephony channel, which allows you to use your voice as your password. When logging on to the mobile banking App, customers are able to use their Touch ID to authenticate themselves instead of their password. For some online card transactions and wallet pay card registrations, we will double check that it is you making the payment or completing the registration by sending a ‘one time passcode’ to your phone, which you can enter into the screen to complete the transaction. In the event that suspicious activity is identified we will attempt to contact you to verify. We work with the card issuer under their chargeback scheme, which means that we can often recover your money directly from them for fraud transactions. In addition, we have developed and fully apply best practice standards with the industry and regulators to ensure that authorised push payment fraud cases are dealt with efficiently, consistently and fairly by both the sending and receiving bank. Where funds have fraudulently been taken from your account, we will work with the bank that received the funds, under an indemnity scheme to recover any remaining funds.

https://www.lloydsbank.com/help-guidance/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.asp

M&S Bank

Real-time fraud detection system – 24/7 lookout for unusual activity on your account. We may get in touch with you to check on anything suspicious. Authorised Push Payment (APP) Scams Voluntary Code – M&S Bank is one of the first banks to sign up to the new APP voluntary code launched 28/05/2019, demonstrating our commitment to protecting our customers from fraud.2 factor authentication – To access online or mobile banking, you will need a temporary code generated by the M&S Pass. To generate it, you can use biometric functionality on compatible devices or a PIN/password known only by you. One-time passwords – We use Verified by VISA or MasterCard SecureCode for online shopping. If we need to check that your purchase is genuine and that it is you, we’ll text-message you a unique 6-digit passcode to use. You should never share it with anyone. Secure sessions – When you log into Internet Banking or fill in an online form, any details and information you give or access are stored securely on our site. Check the web address starts with https:// and there is a closed padlock at the top of the page in the address bar, which is an indicator of a secure area (please note this does not guarantee a secure site).Automatic timeout – If you forget to log out of your account or your computer remains inactive for a period of time, the session will end automatically, logging you out. Automatic lock-outs – We will suspend online access to your account after a number of unsuccessful attempts to sign in, in case someone else is trying to access it. You can reset using the instructions on our website or by calling one of the numbers displayed. Online fraud guarantee –Please contact us if unauthorised payments are made from your current or savings account, and refer to our online fraud guarantee.

https://bank.marksandspencer.com/security/useful-information/

Metro Bank

Here are just some of the measures we use (we have others, but it’s safer that we don’t publicise them): Behavioural analysis. We build profiles of our customers based on the interactions we normally have with them. This means that if their usual activity changes, it can help us to identify a potential fraudster. We build customer profiles in order to identify unusual account activity if it happens. Multi-factor authentication. For example, one-time SMS passcodes and hard tokens. Anti-spoofing solutions for SMS and calls. If a message hasn’t been sent by us, but says it has, in certain situations we can block it. This limits the opportunities for fraudsters to pretend to be us. We also have controls in place to prevent fraudsters from impersonating our call centres and using our telephone numbers. Real-time detection system. Every transaction goes through a number of checks before being approved. Online security - We protect our websites with encryption, malware detection and firewalls to protect against unauthorised access. We also advise our customers on how to keep their data and money safe, such as never sharing passwords. Warning messages - Our pop-up messages prompt customers to consider if their payment is for a legitimate reason. Phone Checker - Our phone checker allows customers to see if a phone number is genuinely one of ours.

Nationwide Building Society

Fraud Systems - We have a suite of Fraud Detection Systems that monitor activity undertaken on our members’ accounts, blocking or suspending suspicious transactions and generating alerts for our specialist Fraud teams to investigate to prevent fraud. Transacting Online - Our Digital Banking Promise covers our Banking app, Internet Bank and Open Banking service and means we’ll, refund money taken from a member’s account without their authorisation as well as committing to monitor & protect all members’ accounts 24/7 and provide education on how to stay safe. We welcome and are adopting new regulatory requirements for Strong Customer Authentication. These measures help fight fraud and increase security by using 2 factor authentication when accessing our Internet Bank or shopping online. We use Verified by Visa (VbV), an extra step in the online purchasing journey, to help confirm it’s the cardholder making the transaction and prevent card fraud. Built in Warning Messages- We display tailored scam warnings within the Internet Bank and Banking App which highlight to our members that they may be being asked to move money as part of a fraud scam and recommend actions they should take before proceeding with the transaction. For our members who transact in Branch, our internal systems will alert to potential scams so employees can provide helpful warnings and discuss any scam risks further. Member Authentication- To ensure we are dealing with our member and not a fraudster, we will robustly authenticate them via phone, in branch or through our Internet Bank or Mobile App whilst making every effort to minimise any delay or friction caused by these security steps. Applications - We robustly check any new applications to ensure a fraudster is not using someone else’s information to impersonate them.

Natwest

• We are investing £100 million over 3 years to combat fraud to ensure we remain up to date with the latest fraud trends. • We use sophisticated technical profiling systems that measure things like: device, payment amount, biometric behaviours, location, and payment risk. All of this helps us to identify where there may be suspicious activity on your account. • Where our systems flag a suspicious payment, we will contact you to check if the payment is genuine. Most concerns can be resolved by phone, but we may also ensure you get the help you need by referring to one of our branches to speak to someone in person. • Our front-line staff are specially trained to question suspicious transactions that may be a scam. They are also trained in aftercare for those who have fallen victim to scams. • When you pay a new contact via Online or mobile banking, you will be given scam advice and asked to acknowledge this before you make the payment. We also offer a sort code checker so that you can be sure your payment is going to the bank you expect. • We use biometrics, like fingerprint and facial recognition, to log into our mobile banking app as a secure method of authentication to check it’s really you logging in.• Sometimes we’ll ask you to provide a One Time Passcode (OTP), when you’re paying for something online or logging into Online banking. This gives us a second layer of security to ensure it’s really you making a payment. • We’ll ask you to input your PIN more often when you pay with contactless. It’s another way for us to keep money safer.

https://personal.natwest.com/personal/fraud-and-security/fraud-control-data.html

Royal Bank Of Scotland

• We are investing £100 million over 3 years to combat fraud to ensure we remain up to date with the latest fraud trends. • We use sophisticated technical profiling systems that measure things like: device, payment amount, biometric behaviours, location, and payment risk. All of this helps us to identify where there may be suspicious activity on your account. • Where our systems flag a suspicious payment, we will contact you to check if the payment is genuine. Most concerns can be resolved by phone, but we may also ensure you get the help you need by referring to one of our branches to speak to someone in person. • Our front-line staff are specially trained to question suspicious transactions that may be a scam. They are also trained in aftercare for those who have fallen victim to scams. • When you pay a new contact via Digital or mobile banking, you will be given scam advice and asked to acknowledge this before you make the payment. We also offer a sort code checker so that you can be sure your payment is going to the bank you expect. • We use biometrics, like fingerprint and facial recognition, to log into our mobile banking app as a secure method of authentication to check it’s really you logging in. • Sometimes we’ll ask you to provide a One Time Passcode (OTP), when you’re paying for something online or logging into Digital banking. This gives us a second layer of security to ensure it’s really you making a payment. • We’ll ask you to input your PIN more often when you pay with contactless. It’s another way for us to keep money safer.

https://personal.rbs.co.uk/personal/fraud-and-security/fraud-control-data.html

Santander

Our Online and Mobile Banking Commitment gives you a peace of mind guarantee that we'll refund money taken from your account as a result of fraud. This guarantee doesn't cover instances where you have acted fraudulently or have not taken reasonable steps to keep your security information safe. To protect you, we use: Fraud detection systems - Our fraud detection systems highlight unusual activity in your accounts, and sometimes we’ll use an automated service to contact you as quickly as possible. Learn more about our automated system in the ‘How we contact you’ section. Additional online security - We may send you a One Time Passcode or ask you to use your mobile app to authorise certain activity. Your OTP and our app act as secure keys to your account, helping to stop anyone but you authorising transactions or making changes to your account. Learn more about OTPs Online Banking security software- We strongly recommend you download the free Rapport security software, to help guard yourself against internet banking identity theft and fraud. It’s designed with Santander in mind, and protects the connection between your computer and Online Banking. Learn more about Rapport. If you think you might have been targeted by fraud or a scam you can contact our fraud team anytime on 0800 9 123 123 or if you're calling from outside the UK +44 1512 648 725.

https://www.santander.co.uk/personal/support/fraud-and-security/our-approach-to-fraud-prevention

Smile

Real-time fraud detection system – We use a realtime fraud prevention system for Faster Payments, Credit and Debit card payments. The systems mean that we can hold or decline a payment if the rules within the system identify a suspicious transaction. Biometric analysis – The fraud systems use behavioural analysis to build a profile of what is normal for customers. This is used in rules to detect suspicious transactions. One-time passwords – The Bank uses one time passcodes through Online Banking for a variety of customer requests. One-time passcodes will be used for strong customer authentication for card payments. Two factor authentications – Used in Online Banking and Mobile Banking. Helpful hints – There are dedicated Fraud and Security pages on the Bank website which provide information on fraud protection. Free anti-virus software – The Bank offers free anti-virus software for Online Banking which is available to all customers.

https://www.smile.co.uk/global/security

Starling Bank

We’re a digital bank, so it’s no great surprise that technology is central to what we do – fraud controls included. Nothing is more important to us than keeping our customers safe. To accomplish this, our expert fraud team has put in place a series of sophisticated, automated controls. Some of these have to remain confidential, but others include: • Identity and verification checks, including video verification and anti-impersonation measures, during our customer onboarding process • In-app card controls, allowing our customers to take control of their card functionality. For example, freezing their card if they think they’ve lost it, or restricting transactions to gambling companies • The use of 3D secure, providing an extra layer of security when you use your debit card online • Introducing contactless payment limits inline with the Payment Services Directive 2 (PSD2) • Real-time fraud prevention systems which monitor all faster payments to safeguard your money, 24/7. Should we notice anything unusual, we might contact you via an in app message. • Helpful in-app prompts during transactions, prompting customers to consider whether the person they are paying is legitimate • Multi-factor authentication, such as one-time passwords • Real-time alerts of transactions/declined transactions

www.starlingbank.com/mobile-banking-security/fraud/banking-fraud-control-comparison-data/

TSB

• Real-time fraud detection Our systems are designed to detect fraudulent payments real time, they will flag suspicious transactions or activity the moment it happens. This offers immediate protection. •Biometric analysis - This ensures that it is really you that is interacting with us. It builds a profile of your behaviour and makes it difficult for fraudsters to mimic. This data is used strictly in compliance with our internet banking terms and conditions, to protect your privacy and information about you. • Device Analysis - We build a profile of the devices that you use to interact with us. If a different device from a strange place tries to log in, we’ll catch it. This data is used strictly in compliance with our internet banking terms and conditions. • Bank name display - Our texts will originate from ‘TSB’ • One-time passwords - We use one-time passwords to verify who we are interacting with. • 2 factor authentication2-factor authentication adds another layer of protection to your account. • Confirmation of PayeeWe’ve joined forces with Mastercard company Vocalink and will voluntarily deliver Confirmation of Payee for its our customers. The new ‘Verify Account Name’ service will help prevent TSB customers sending money to the wrong bank account or falling victim to payment fraud.

https://www.tsb.co.uk/fraud-prevention-centre/how-we-protect-you/

Ulster Bank

• We are investing £100 million over 3 years to combat fraud to ensure we remain up to date with the latest fraud trends. • We use sophisticated technical profiling systems that measure things like: device, payment amount, biometric behaviours, location, and payment risk. All of this helps us to identify where there may be suspicious activity on your account. • Where our systems flag a suspicious payment, we will contact you to check if the payment is genuine. Most concerns can be resolved by phone, but we may also ensure you get the help you need by referring to one of our branches to speak to someone in person. • Our front-line staff are specially trained to question suspicious transactions that may be a scam. They are also trained in aftercare for those who have fallen victim to scams. • When you pay a new contact Anytime or mobile banking, you will be given scam advice and asked to acknowledge this before you make the payment. We also offer a sort code checker so that you can be sure your payment is going to the bank you expect. • We use biometrics, like fingerprint and facial recognition, to log into our mobile banking app as a secure method of authentication to check it’s really you logging in. • Sometimes we’ll ask you to provide a One Time Passcode (OTP), when you’re paying for something online or logging into Anytime banking. This gives us a second layer of security to ensure it’s really you making a payment. • We’ll ask you to input your PIN more often when you pay with contactless. It’s another way for us to keep money safer.

https://digital.ulsterbank.co.uk/personal/security-centre/reporting-fraud.html

3. What do firms do to educate their customers?

Bank

Response

URL

Bank Of Ireland

We reach our customers in several ways: Online & Social Media A wide range of Security and Fraud information is available within our Security Zone area on Bank of Ireland UK website. It’s specifically designed to highlight current scams and types of fraud along with measures you can take to help protect yourself. We have Top Tips and Fraud Alerts on a range of topics including Data Breaches, Phishing, Money Mules, Boiler Room Scams, and CEO fraud. We are supporters of the national Take Five campaign that offers straight forward and impartial advice to help everyone to protect themselves from preventable financial fraud. Educational content is sent within statement emails and our members are provided with fraud prompts on the Internet Bank and Banking App. We regularly post on the Social media platforms material concerning fraud. We also provide general guidance on How to Protect Yourself Online with information about Anti-virus software, operating systems, browsers and firewalls. Our ATMs carry fraud warnings particularly to guard against prying eyes when entering a PIN. Branch All our branches have fraud education material available and staff are trained to ask the right questions to help detect scams when processing payments. Branch colleagues are trained to identify fraud and victims of fraud, and provide bespoke advice including invocation of the Banking protocol. There are frequent communications delivered to branch colleagues raising the awareness of fraud and scams. All Bank of Ireland UK colleagues have to complete annual mandatory training which covers a broad spectrum of fraud education.

https://www.bankofirelanduk.com/help-and-support/security-zone/

Bank of Scotland

Education and Awareness is undertaken across a number of mediums for both our customers and colleagues. Relating this to the latest fraud Modus Operandi [MO] is seen as vitally important by Lloyds Banking Group, to help protect customers from falling victim to fraud. BoS is also a signatory to the Take Five Charter and adheres to the minimum standards. All customer facing colleagues complete annual mandatory training which covers scams and how to spot them, as well as a refresher for the Banking Protocol process to help them best support customers. Furthermore regular communications are issued to front line colleagues as new trends emerge. Our online branded .com websites, have specific fraud/scam awareness pages which are regularly updated and have educational information on various different types of frauds, how to protect yourself and what to do if you become a victim. We also email customers messages relating to fraud prevention and regularly post this information on our social media channels. When a customer is transacting on their online banking, we also provide targeted, in-session, tailored messaging warning customers about common fraud MO’s. Our branch network has an array of collateral available including posters, videos and leaflets. Fraud surgery’s, fronted by Tony Blake (DCPCU) are also held in branches and Bank buildings to educate customers and colleagues about the different types of fraud. Our ATMs and IDMs (Immediate Deposit Machines) contain fraud prevention messages. Externally Lloyds Bank TV advert campaign relating to safe account fraud ran during September 2019 on mainstream TV. At the same time similar messages were broadcast on supporting media. Also as part of the Halifax Ease campaign, we will be highlighting 24/7 fraud monitoring in branches and on bill boards in public sites.

https://www.bankofscotland.co.uk/securityandprivacy/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.html

Barclays

Fraud can be a concerning time for victims, with the uncertainty of what’s going to happen next. Our highly trained Fraud team are open 24/7 and are at the frontline of helping you through this period. If you prefer to look online, our website has useful tips on fraud prevention. • Barclays provides tips via our website to spot common scams which occur over the phone or online. You can also complete a Digitally Safe quiz to brush up on your knowledge. Head over to https://www.barclays.co.uk/digisafe/digitally-safe-quiz/ to complete the quiz. • Our website also provides the most common scams targeting customers. Go to https://www.barclays.co.uk/digisafe/types-of-scams/ to find out more. • Supporter of the national Take Five campaign that offers straight forward and impartial advice to help everyone to protect themselves from preventable financial fraud. This works alongside the Take Five voluntary code which commits us to meet minimum standards. • Barclays collaborates with victim support to offer support too. Any customer extremely upset or distressed as result of falling victim to fraud/scams. Any customer who wants advice on how to protect themselves in future from fraud/scams. • Specialist fraud area provides education centres with fraud awareness roadshows, providing face to face tips on how to identify fraud and demonstrating how to keep yourself safe. • We provide our branches with in-branch collateral which helps identify when a customer could be a victim of a scam, such as the courier scam or a corrupt employee scam. • Social Media Activity keeps our followers aware of how to stay digitally safe with frequent updates from a dedicated team. • Internal knowledge is shared with our specialist areas, keeping our staff up to date with the latest fraud trends to protect you and your account. • Little Book of Big Scams in digital and printed format for customers to utilise.

https://www.barclays.co.uk/digisafe/

Clydesdale & Yorkshire Building Society

We have a holistic and continuous program of education and communication to provide customers with current fraud awareness to enable an understanding of fraud threats and how they can protect themselves from becoming a fraud victim and losing money. The program covers all sectors (Business / commercial and Retail banking) and includes: • Rolling calendar of customer fraud awareness messages via email / letters / statement messages/social media campaigns. • Fraud warning messages to protect customers from scams prior to making a payment to a new beneficiary. • Colleagues trained to identify fraud and scam victims of fraud and provide bespoke advice including invocation of the banking protocol. • Take Five (led by UK Finance) with visibility and practical advice in all channels. • Bespoke support in the form of tailored fraud seminars working alongside external agencies such as police, colleges and universities to increase awareness and resilience across multiple demographics groups. • Regular internal staff communications, training & awareness on hot topics – e.g. Authorised Push Payment Scams & use of The Banking Protocol.

Co-Operative Financial Services

The Bank continuously updates its website to ensure that key fraud trends are visible to customers and that there is access to support and educational resources. The website contains key links to information around • How we protect you • Common fraud threats • How to protect yourself • Latest fraud alerts. We have also updated our online and mobile payments journey to provide tailored warnings to customers depending upon the type of transfer that they want to make. Our hard copy literature has been updated to include latest fraud and scams awareness with additional specific documentation for business customers. To help protect our customers we have:• An annual education plan, which involves a schedule of deliveries to customers via email, letter, social media or via online channels.• Our branch community are forming partnerships with local law enforcement and other support areas to deliver Fraud Awareness days or events with branch customers.• We utilise industry experts to support us in delivery to colleagues and customers where possible, for example we have worked in partnership with the National Economic Crime Lead and Head of Fraud Prevention (DCPCU)• We have joined forces with local Police Forces to present fraud awareness messages to the wider community including schools and local community groups• We fully support the Take Five campaigns and voluntary code and brand our literature accordingly.• Branch literature has been updated to include vinyl posters on cashier points to caution customers who may have been coached with responses to use when talking to the Bank.• Our Facebook and Twitter pages have regular fraud warnings.• Colleagues have to complete annual mandatory training which covers a broad spectrum of fraud education.• There are frequent communications delivered to colleagues raising the awareness of fraud and scams.• We have utilised external training resource to upskill our frontline colleagues.• We fully support and adhere to Banking Protocol in branches.

https://www.co-operativebank.co.uk/global/security

Danske Bank

We educate our customers in a number of ways using a variety of different mediums; • Annually, we issue a communication to our customers that provides information on the latest techniques used by fraudsters. This also provides advice as to how customers can keep themselves and their financial information safe. • Our website, danskebank.co.uk/keepitsafe contains up-to-date information about common scams and advice on how our customers can keep themselves, their families and their businesses safe from fraud; this is updated regularly. • We proactively issue warnings and advice via our social media channels, these include, Facebook, Twitter, Instagram and LinkedIn. • We are supporters of the national Take Five campaign that offers straight forward and impartial advice to help everyone to protect themselves from preventable financial fraud. • We are members of ScamwiseNI. A partnership with over 30 Northern Ireland organisations involved in informing local communities about the risks of scams and the range of scams that exist. • We have fraud awareness materials available in all of our branches for both our business and our personal customers. • We provide warnings on both our eBanking and Business eBanking/District logon pages. • Where appropriate, we will issue text message and/or e-mail warnings directly to our customers using the contact details that we hold on record. • We offer face to face fraud awareness training to our customers upon request. • We train our customer facing colleagues on the current scams which could pose a risk for our customers to allow them to have better informed conversations and drive customer awareness.

https://danskebank.co.uk/personal/fraud-prevention

First Direct

At first direct we have an ‘always on’ approach to Fraud Prevention communications with our customers and our communication plans include regular slots focussed on customer fraud education. Take Five Campaign - We’re a supporter of the national Take Five campaign that offers straight forward and impartial advice to help everyone protect themselves from preventable financial fraud. This includes the Take Five voluntary code – and our commitment to meet minimum standards Website - You can find fraud prevention content on our website – details of different types of fraud (e.g., phishing, smishing, vishing) and how to recognise and protect yourself from these. You can find these helpful hints and tips on fraud by clicking here. Email Communications - We send regular emails to our customers as a part of our ‘always on’ fraud communications. This includes seasonal fraud email at high-risk times of the year, such as Black Friday and Cyber Monday. If we are seeing increased volumes of a certain type of fraud attack, we’ll send targeted emails to raise customer awareness too. Social Media - We use Social Media to highlight specific types of fraud and how to prevent these. If necessary we’ll also run targeted campaigns to specific groups of fans and followers if we’re seeing increases in certain types of fraud ATM warnings – we display fraud awareness warnings on the screen of HSBC ATM’s when you withdraw cash. Internal information sharing - We regularly share information within our operational teams to help us spot patterns or particular types of fraud taking place. We also run internal fraud prevention events such as cyber awareness week and mandatory training courses, these help everyone stay up to date with fraud patterns and trends so that we can support you, our customers, more effectively.

https://www.firstdirect.com/help/security-centre/ways-we-keep-you-safe/fraud-prevention/

Halifax

Education and Awareness is undertaken across a number of mediums for both our customers and colleagues. Relating this to the latest fraud Modus Operandi [MO] is seen as vitally important by Lloyds Banking Group, to help protect customers from falling victim to fraud. Halifax is also a signatory to the Take Five Charter and adheres to the minimum standards. All customer facing colleagues complete annual mandatory training which covers scams and how to spot them, as well as a refresher for the Banking Protocol process to help them best support customers. Furthermore regular communications are issued to front line colleagues as new trends emerge. Our online branded .com websites, have specific fraud/scam awareness pages which are regularly updated and have educational information on various different types of frauds, how to protect yourself and what to do if you become a victim. We also email customers messages relating to fraud prevention and regularly post this information on our social media channels. When a customer is transacting on their online banking, we also provide targeted, in-session, tailored messaging warning customers about common fraud MO’s. Our branch network has an array of collateral available including posters, videos and leaflets. Fraud surgery’s, fronted by Tony Blake (DCPCU) are also held in branches and Bank buildings to educate customers and colleagues about the different types of fraud. Our ATMs and IDMs (Immediate Deposit Machines) contain fraud prevention messages. Externally Lloyds Bank TV advert campaign relating to safe account fraud ran during September 2019 on mainstream TV. At the same time similar messages were broadcast on supporting media. Also as part of the Halifax Ease campaign, we will be highlighting 24/7 fraud monitoring in branches and on bill boards in public sites.

https://www.halifax.co.uk/aboutonline/security/protecting-yourself-from-fraud/bank-safely-how-we-protect-you/

HSBC Bank

Top Tips on WebsiteWe have a dedicated Fraud and Security Centre on our public website which can be found by navigating to the ‘Help’ tab. The help tab is located beneath the top navigation bar to Login or Register for Online Banking. Advertising Working with Rachel Riley (TV Personality), we’ve developed advertising campaigns to keep you up to date about the most recent scams. Initiatives We are proud to be a founder sponsor of Get Safe Online who help to protect people, finances, devices and businesses from fraud, abuse and other issues encountered online. We are also a supporter of the Take Five campaign, have signed up to their voluntary code and made a commitment to meet their minimum standards. Banking Platforms Using the latest technology, we send tailored and relevant messages to you through online and mobile banking platforms to make you aware of any potential fraud threats. Industry Expert - We have strong connections with the Dedicated Card and Payment Crime Unit (DCPCU), a police section of UK Finance. They have spent time educating our frontline staff on the most recent fraud and scam threats. Community Events - We bring educational presentations to a wide range of people across the UK. This includes sections on ways to stay safe online and around most common fraudulent activity to look out for. Branch Network - We have a Scams Leaflet available for you to take away along with information on Take Five. We have fraud warnings/messages on our ATM’s to let you know of the potential card fraud that can take place when you use an ATM. Social Media On our official Twitter, YouTube and Facebook pages, we post top tips on staying safe and understanding how you can protect your information from being stolen.

https://www.hsbc.co.uk/help/security-centre/

Investec

To ensure Investec clients are able to spot fraud and protect themselves, we work hard to provide information and advice on the latest trends: • We offer helpful tips, including an A-Z of Fraud, which is available on our website. • We use educational campaigns to raise awareness of new and existing scams. • We participate in the national ‘Take Five’ campaign which offers impartial advice to help protect you from financial fraud. • We remind you to be aware of fraud when you enter beneficiary details for a payment online. • We issue internal communications and training and utilise industry experts to inform our colleagues on fraud trends and how to spot them. This enables us to offer even better service our clients.

https://www.investec.com/en_gb/legal/know-fraud/data-transparency-fraud-prevention.html

Lloyds Bank

Education and Awareness is undertaken across a number of mediums for both our customers and colleagues. Relating this to the latest fraud Modus Operandi [MO] is seen as vitally important by Lloyds Banking Group, to help protect customers from falling victim to fraud. LBG is also a signatory to the Take Five Charter and adheres to the minimum standards. All customer facing colleagues complete annual mandatory training which covers scams and how to spot them, as well as a refresher for the Banking Protocol process to help them best support customers. Furthermore regular communications are issued to front line colleagues as new trends emerge. Our online branded .com websites, have specific fraud/scam awareness pages which are regularly updated and have educational information on various different types of frauds, how to protect yourself and what to do if you become a victim. We also email customers messages relating to fraud prevention and regularly post this information on our social media channels. When a customer is transacting on their online banking, we also provide targeted, in-session, tailored messaging warning customers about common fraud MO’s. Our branch network has an array of collateral available including posters, videos and leaflets. Fraud surgery’s, fronted by Tony Blake (DCPCU) are also held in branches and Bank buildings to educate customers and colleagues about the different types of fraud. Our ATMs and IDMs (Immediate Deposit Machines) contain fraud prevention messages. Externally Lloyds Bank TV advert campaign relating to safe account fraud ran during September 2019 on mainstream TV. At the same time similar messages were broadcast on supporting media. Also as part of the Halifax Ease campaign, we will be highlighting 24/7 fraud monitoring in branches and on bill boards in public sites.

https://www.lloydsbank.com/help-guidance/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.asp

M&S Bank

Top Tips on Website: We have a dedicated Security Centre on our public website, which can be found under the ‘Help & explore’ banner. On this page, you will find information on different parts of fraud safety such as: • Protecting yourself • Device protection • Common scams • Keeping your cards safe • Keeping your passwords strong and safe • Identity theft - We publish a Financial Fraud leaflet which gives some industry facts and figures around fraud as well as giving information on how to stay safe from some common attacks. Initiatives - We are a supporter of the national Take Five campaign, that offers straight forward and impartial advice to help you protect yourself from preventable financial fraud. M&S Bank has signed up to the Take Five voluntary code and has made a commitment to meet their minimum standards. Social Media On our official Twitter, YouTube and Facebook pages, we post top tips on staying safe and understanding how you can protect your information from being stolen. Branch Network In our branches, we have our Scams Leaflet available for you to take away along with information on Take Five. We have periodic fraud warnings on our ATM’s to let you know of the potential card fraud that can take place when you use an ATM. These include fraud messages about how to stay secure.

https://bank.marksandspencer.com/security/useful-information/

Metro Bank

• Our Be Your Own Hero fraud awareness campaign explains how to protect yourself and what to watch out for. • We’re an active member and supporter of the Take 5 campaign, which offers free advice to help everyone protect themselves. • We have information on our website – visit the fraud and security pages. • We set up expert-led sessions and community events to inform store colleagues and customers on how to spot fraud. • We post fraud awareness messages on our social media channels. • Our colleagues complete several mandatory training sessions on fraud each year.

Nationwide Building Society

Nationwide aims to:- Enable our members to protect themselves against fraud and scams.- Provide relevant and up to date fraud education material, throughout a journey with Nationwide, via whichever business channel.- Provide bespoke aftercare, should one of our members experience fraud or fall victim to a scam. Online & Social Media - A wide range of Security and Fraud information is available within our Security Centre, specifically designed to highlight current scams, types of fraud and measures to help protect yourself. We have regular Fraud messaging on our website including ‘Hot Topic’ articles, discussing the latest Fraud trends, as well as specific Fraud Awareness support and Online Security support giving our members information on staying safe. Educational content is regularly sent within statement emails and our members are provided with fraud prompts on the Internet Bank and Banking App. We regularly post fraud educational material on the Social media platforms (Facebook and Twitter). We provide general guidance on How to Protect Yourself Online with information about Anti-virus software, operating systems, browsers and firewalls. Branch and In Person - All our branches have fraud education material available including, a handy Pocket Guide – How to spot a scam that is available to view online, via email, or to take away. Our Branches regularly host events where members are invited to receive extra education, discuss fraud issues and ask any questions. For members that attend our Member Talkbacks and the Annual General Meeting (AGM), fraud discussions and presentations, held with our senior fraud specialist, are a dedicated slot within the agenda. Our employees undertake regular training on their responsibilities in remaining vigilant to protecting our members. They also receive frequent updates featuring fraud and scam trends and information brought to life through a variety of media such as short films and podcasts.

Natwest

• As we continue to do all we can behind the scenes to tackle fraud, it is most powerful when we work together with our customers. • We provide scam alerts when you pay someone new through online banking and our app, to help you stop & consider if the payment you are about to make could be to a scammer. • Fraud, scams and security advice is shared on our Security Centre and is regularly updated to reflect current trends. • We provide on-going support for ‘Take 5 – to stop fraud’, the UK Finance education and awareness initiative, and share their messaging across our communications channels • We lead the MoneySense schools education programme, which includes sessions on Fraud and Money Mules to help young people understand fraud and how to avoid it. • We created the ‘Friends Against Scams’ colleague education programme in collaboration with National Trading Standards. Our customer facing staff are trained in Friends Against Scams and we also convey this training to customers • We have a team of over 100 Community Bankers working to provide education advice and support often in conjunction with organisations like Age UK to deliver ‘Friends Against Scams’ education to businesses and local community groups • We're the only UK bank with a team of dedicated Customer Protection Managers, supporting and educating you to keep you safe and secure • Our colleague support guides are continually refreshed to ensure our staff are asking you the right questions at the point of processing a payment to help detect scams • We actively communicate with you on our various social media platforms, educating you about common fraud types and scams tactics- including responding to the latest scam trends- with advice about how to spot and avoid these. • Educational materials, including posters and leaflets, are available to customers in branches.

https://personal.natwest.com/personal/fraud-and-security/fraud-control-data.html

Royal Bank Of Scotland

• As we continue to do all we can behind the scenes to tackle fraud, it is most powerful when we work together with our customers. • We provide scam alerts when you pay someone new through online banking and our app, to help you stop & consider if the payment you are about to make could be to a scammer. • Fraud, scams and security advice is shared on our Security Centre and is regularly updated to reflect current trends. • We provide on-going support for ‘Take 5 – to stop fraud’, the UK Finance education and awareness initiative, and share their messaging across our communications channels • We lead the MoneySense schools education programme, which includes sessions on Fraud and Money Mules to help young people understand fraud and how to avoid it. • We created the ‘Friends Against Scams’ colleague education programme in collaboration with National Trading Standards. Our customer facing staff are trained in Friends Against Scams and we also convey this training to customers • We have a team of over 100 Community Bankers working to provide education advice and support often in conjunction with organisations like Age UK to deliver ‘Friends Against Scams’ education to businesses and local community groups • We're the only UK bank with a team of dedicated Customer Protection Managers, supporting and educating you to keep you safe and secure • Our colleague support guides are continually refreshed to ensure our staff are asking you the right questions at the point of processing a payment to help detect scams • We actively communicate with you on our various social media platforms, educating you about common fraud types and scams tactics- including responding to the latest scam trends- with advice about how to spot and avoid these. • Educational materials, including posters and leaflets, are available to customers in branches.

https://personal.rbs.co.uk/personal/fraud-and-security/fraud-control-data.html

Santander

To protect you from fraud: • Our latest fraud updates page contains the latest techniques we see being used by criminals. • Our recent ads with Kurupt FM aim to raise awareness of common fraud and scams. • Branch-based scam avoidance schools are held for you to come along to. • We’re part of the government-backed Take Five which encourages you to take a moment to stop and think when you make a bank transaction. • Our fraud and security support section contains articles to help you, including ‘spotting fraud and scams’ and ‘our top security tips’.

https://www.santander.co.uk/personal/support/fraud-and-security/our-approach-to-fraud-prevention

Smile

The Bank continuously updates its website to ensure that key fraud trends are visible to customers and that there is access to support and educational resources. The website contains key links to information around • How we protect you • Common fraud threats • How to protect yourself • Latest fraud alerts - We have also updated our online and mobile payments journey to provide tailored warnings to customers depending upon the type of transfer that they want to make. Our hard copy literature has been updated to include latest fraud and scams awareness with additional specific documentation for business customers. To help protect our customers we have:• An annual education plan, which involves a schedule of deliveries to customers via email, letter, social media or via online channels.• Our branch community are forming partnerships with local law enforcement and other support areas to deliver Fraud Awareness days or events with branch customers.• We utilise industry experts to support us in delivery to colleagues and customers where possible, for example we have worked in partnership with the National Economic Crime Lead and Head of Fraud Prevention (DCPCU)• We have joined forces with local Police Forces to present fraud awareness messages to the wider community including schools and local community groups• We fully support the Take Five campaigns and voluntary code and brand our literature accordingly.• Branch literature has been updated to include vinyl posters on cashier points to caution customers who may have been coached with responses to use when talking to the Bank.• Our Facebook and Twitter pages have regular fraud warnings.• Colleagues have to complete annual mandatory training which covers a broad spectrum of fraud education.• There are frequent communications delivered to colleagues raising the awareness of fraud and scams.• We have utilised external training resource to upskill our frontline colleagues.• We fully support and adhere to Banking Protocol in branches.

https://www.smile.co.uk/global/security

Starling Bank

We’re on a mission to protect our customers from fraud and to help them protect themselves. We have produced a dedicated series of blog posts and social media content, informing customers how to stay safe from fraudsters and what to look out for. Some of the ways we do this include:• top tips on avoiding fraud on our website. We regularly update this when we become aware of new scams and tactics fraudsters employ to defraud people of their hard earned money. These can be found here • supporting the National Take Five Campaign, the government-backed fraud awareness campaign • regular financial crime blog posts, including seasonal updates at higher risk times of the year, such as around Black Friday and Cyber Monday • regular customer emails containing key links to information around how we protect you, common threats, and how to protect yourself • occasionally we might utilise in-app messaging to contact customers, or make them aware of an issue they might be impacted by. For example, if we think a customer’s debit card might have been compromised, we will assess the risk to them, and inform them of any decisions made/changes to their account • social media activity to raise awareness of different scam types, across all our social media channels, plus we share fraud prevention messaging from Take Five or Action Fraud. • staff training on hot topics, such as Authorised Push Payment scams and internal communications to assist customers and non-customers signposting to helpful websites • helpful in-app prompts during transactions, prompting customers to consider whether the person they are paying is legitimate

https://www.starlingbank.com/mobile-banking-security/fraud/banking-fraud-control-comparison-data/

TSB

• Top Tips on website. We have a dedicated Fraud Prevention Centre hosted on our homepage. The site is regularly updated with scams and information on how customers can protect themselves and how we protect our customers. • We are active supporters of the national Take Five campaign that offers straight forward and impartial advice to help everyone to protect themselves from preventable financial fraud. • We have signed up to the Take Five voluntary code • Messages on banking platforms. We have implemented a warning system onto our banking platforms to advise customers of the dangers of fraud at key points during the customer journey. • We have utilised industry experts to inform staff and customers around how to spot fraud. • We regularly host fraud awareness community events. Led by fraud experts as well as our local branch partners. •In branch collateral on how to keep your account safe • ATM warnings • Social Media Activity that involves general awareness and education messaging as well as targeted messaging following any attacks we see. • Staff (both in branch and head office sites) are regularly trained via mandatory training and ad hoc awareness training on how to spot fraud and prevent our customers from becoming victims • When banking online, all your data is transferred securely and encrypted.

https://www.tsb.co.uk/fraud-prevention-centre/how-we-protect-you/

Ulster Bank

• We provide scam alerts when you pay someone new through online banking and our app, to help you stop & consider if the payment you are about to make could be to a scammer. • Fraud, scams and security advice is shared on our Security Centre and is regularly updated to reflect current trends. • We provide on-going support for ‘Take 5 – to stop fraud’, the UK Finance education and awareness initiative, and share their messaging across our communications channels • We lead the MoneySense schools education programme, which includes sessions on Fraud and Money Mules to help young people understand fraud and how to avoid it. • We created the ‘Friends Against Scams’ colleague education programme in collaboration with National Trading Standards. Our customer facing staff are trained in Friends Against Scams and we also convey this training to customers• We have a team of over 100 Community Bankers working to provide education advice and support often in conjunction with organisations like Age UK to deliver ‘Friends Against Scams’ education to businesses and local community groups • We're the only UK bank with a team of dedicated Customer Protection Managers, supporting and educating you to keep you safe and secure • Our colleague support guides are continually refreshed to ensure our staff are asking you the right questions at the point of processing a payment to help detect scams • As we continue to do all we can behind the scenes to tackle fraud, it is most powerful when we work together with our customers. • We actively communicate with you on our various social media platforms, educating you about common fraud types and scams tactics- including responding to the latest scam trends- with advice about how to spot and avoid these. • Educational materials, including posters and leaflets, are available to customers in branches.

https://digital.ulsterbank.co.uk/personal/security-centre/reporting-fraud.html

4. How do firms contact their customers?

Bank

Response

URL

Bank Of Ireland

We will contact our customers using email, phone calls, text messages and by letter. Customers should always take the necessary precaution to ensure they are talking to who they think they are. We also utilise various security controls and offer guidance for identifying malicious contact on our website. Examples of the controls / guidance we offer include; One-time passcodes - When we need to verify who you are, we’ll send a unique code to the mobile you gave us when you opened your account. The text will state exactly what the code is for, like creating a new payee. You shouldn’t tell anyone what this code is other than a Bank ABC colleague. If someone asks for the code but for a different reason than is stated in the text message, you shouldn’t answer them. If you get a one-time passcode message you’re not expecting, give us a call on 0345 309 8099Text Alerts - If we notice something suspicious or need to get in touch with you, we may send you an alert either by email or text message. While we may ask you to reply to messages, we’ll never: • Include a link to a log in page • Ask for your complete security number, password, or card number• Ask you for answers to your security questions. If you’re not sure whether a text or email is genuine, give us a call on 0345 309 8099.

https://www.bankofirelanduk.com/help-and-support/security-zone/

Bank of Scotland

We will contact customers using phone calls, text messages and onscreen notifications. Customers are encouraged to always take the necessary precaution to ensure they are talking to who they think they are. We also utilise various security prevention and detection controls, which can trigger manual and automatic customer contact, examples include: One-time passcodes - When we need to verify who you are, we’ll send a unique code to the mobile we have registered for you. The text will state exactly what the code is for, and you shouldn’t tell anyone what this code is other than the bank. • New Beneficiary Recipient – When you set up a new beneficiary we will send confirmation to the mobile number we have registered for you. The text will state the date and time this was added to your account, and what to do if this wasn’t you. While we may ask you to reply to messages, we’ll never: • Include a link to the log in pages of our own websites. • Ask for your complete security number, password, or card number. • Ask you for answers to your security questions. We offer guidance for identifying both scam calls and messages on our website, however if you’re not sure whether a call, text or email is genuine, you can contact us on the following numbers: 03457 213141- Bank of Scotland.

https://www.bankofscotland.co.uk/securityandprivacy/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.html

Barclays

We contact you using phone calls, text messages or by letter. You should always take the necessary precaution to ensure who you are talking to is genuine, but if you are suspicious of who’s calling, a dedicated telephone number checker is found on the Barclays Website to verify it’s a Barclays number calling – head over to https://www.barclays.co.uk/digisafe/phone-number-checker/ to find out more.One-time passcodes - When we contact you, we will attempt to verify who you are, we’ll send a unique code to the mobile you gave us to verify your identity. The text will state exactly what the code is for, like creating a new payee or verifying an online secure transaction. You shouldn’t tell anyone what this code is other than one of our colleagues. If someone asks for the code but for a different reason than is stated in the text message, you shouldn’t answer them. If you get a one-time passcode message you’re not expecting, call our customer service team on 0800 400 100.Text Alerts - If we notice something suspicious or need to get in touch with you, we may send you an alert either by email or text message. If it’s a text, it’ll be from Barclays. While we may ask you to reply to messages, we’ll never:• Include a link to a login page. • Ask for your complete security number, password, or card number. • Ask you for answers to your security questions. Barclays Mobile App notifications - When you download our app, we will keep you updated with push notifications and reminders of the current fraud trends to keep you protected while online. If you’re not sure whether a text or email is genuine, give us a call on 0800 400 100 or (+44)2476 842 099.If you need to update your telephone number, contact the team using 0800 400 100 or simply log into your Barclays account online or via the app.

https://www.barclays.co.uk/digisafe/

Clydesdale & Yorkshire Building Society

We contact our customers using email, phone and SMS. We authenticate customers using various security controls e.g. one time pass code, commensurate with the nature/risk of the activity being undertaken.

Co-Operative Financial Services

When fraud is suspected we will contact our customers using email, phone calls and text messages. Customers should always take the necessary precaution to ensure they are talking to who they think they are. We also utilise various security controls and offer guidance for identifying malicious contact on our website. Examples of the controls / guidance we offer include; *One-time passcodes - When we need to verify who you are, we’ll send a unique code to the mobile you have registered with us. The text will state exactly what the code is for, like creating a new payee. You shouldn’t tell anyone what this even somebody claiming to be from the Bank. If someone asks for the code but for a different reason than is stated in the text message, you shouldn’t answer them. If you get a one-time passcode message you’re not expecting, give us a call on +44(0)3457 212 212. Text Alerts - If we notice something suspicious or need to get in touch with you, we may send you an alert by text message. Email Alerts - If we notice something suspicious or need to get in touch with you, we may send you an alert by email. Phone call Alerts - If we notice something.

https://www.co-operativebank.co.uk/global/security

Danske Bank

We will contact our customers using email, phone calls, text messages, secure mail from within our online channels and by letter. Customers should always take precautions to ensure they are talking to who they think they are. Fraudsters can ‘spoof’ genuine phone numbers, so never rely on this a verification that you are speaking to a member of Bank staff. Fraudsters often ‘spoof’ the number from the back of your debit card in an effort to make their call appear more legitimate. Text Alerts - If we need to get in touch with our customer, we may send them an alert either by secure mail to their eBanking or Business eBanking/District system or by text message. If it’s a text, it’ll be from the sender “Danske Bank”, however be aware fraudsters can make a message appear within the same conversation as a genuine message so care is required when they receive any message from us. If a customer is not sure whether a communication they receive from us, or purporting to be from us is genuine, they can give us a call on 0345 6031 534 (outside the UK: 0044289049219).Transaction Screening – We may contact our customers to discuss a payment created via our online channels. The purpose of this call will be to establish if this is a genuine transaction and some details relevant to the transaction. Whilst we will ask you some security questions to identify that we are speaking with the account holder, we will NEVER ask for your password or unique codes from your eSafeID device or codes sent to you by text message. We will also NEVER ask you to download any software when you are on a call with us nor will we ever ask for remote access to your computer, mobile device or tablet.

https://danskebank.co.uk/personal/fraud-prevention

First Direct

One-time passcodes - When we need to verify who you are when you need to swap your digital secure key from an old phone to a new phone we’ll send a unique code to the most up to date mobile number we have for you. The text will say exactly what the code is for, like creating a new payee. This code should only ever be typed into your digital banking and never shared with anyone, including us. If you get a one-time passcode message you’re not expecting, give us a call on 03456 100 100Text Alerts - If we notice something suspicious or need to get in touch with you, we may send you an alert either by email or text message. Check our Security Centre to find out more about fraud text alerts While we may ask you to reply to messages, we’ll never: •Ask you for self-generated codes from your secure key • Include a link to a log in page • Ask for your complete security number, password, or card number • Ask you for answers to your security questions. If you’re not sure whether a text or email is genuine, Stop. Don't click on any links. Don't open any attachments. Just forward the email to [email protected] and we'll investigate it. Alternatively, you can give us a call on 03456 100 100Or if you’re abroad, please call us on +44 113 234 5678.

https://www.firstdirect.com/help/security-centre/ways-we-keep-you-safe/fraud-prevention/

Halifax

We will contact customers using phone calls, text messages and onscreen notifications. Customers are encouraged to always take the necessary precaution to ensure they are talking to who they think they are. We also utilise various security prevention and detection controls, which can trigger manual and automatic customer contact, examples include: One-time passcodes - When we need to verify who you are, we’ll send a unique code to the mobile we have registered for you. The text will state exactly what the code is for, and you shouldn’t tell anyone what this code is other than the bank. • New Beneficiary Recipient – When you set up a new beneficiary we will send confirmation to the mobile number we have registered for you. The text will state the date and time this was added to your account, and what to do if this wasn’t you. While we may ask you to reply to messages, we’ll never: • Include a link to the log in pages of our own websites. • Ask for your complete security number, password, or card number. • Ask you for answers to your security questions. We offer guidance for identifying both scam calls and messages on our website, however if you’re not sure whether a call, text or email is genuine, you can contact us on the following numbers: • 03457 203040 – Halifax.

https://www.halifax.co.uk/aboutonline/security/protecting-yourself-from-fraud/bank-safely-how-we-protect-you/

HSBC Bank

One-time passcodes - When we need to verify who you are – like when you need to swap your digital secure key from an old phone to a new phone or you pay for something online with your card – we’ll send a unique code to the most up to date mobile number we have for you. The text will say exactly what the code is for, like creating a new payee. This code should only ever be typed into your digital banking and never shared with anyone, including us. If you get a one-time passcode message you’re not expecting, give us a call on 03456 002 290.Text Alerts - If we notice something suspicious or need to get in touch with you, we may send you an alert either by email or text message. Check our text messages page to see what our regular text messages look like and also see some messages commonly sent by fraudsters. While we may ask you to reply to messages, we’ll never: • Ask you for self-generated codes from your secure key • Include a link to a log in page • Ask for your complete security number, password, or card number • Ask you for answers to your security questions. If you’re not sure whether a text or email is genuine, Stop. Don't click on any links. Don't open any attachments. Just forward the email to [email protected] and we'll investigate it or call us on the numbers below.

https://www.hsbc.co.uk/help/security-centre/

Investec

We contact our clients using phone calls, text messages, and emails. All clients should take care to ensure they are talking to a genuine member of staff. Investec will never: • Ask for your PIN • Request personal details or other sensitive information via email • Request you click on a link to access your account. Instead, we may interact with you in the following ways: One-time passcodes - When we need to verify who you are, we’ll send a unique code to the mobile phone number you gave us. The text will state exactly what the code is for, like creating a new beneficiary. These one-time passcodes should never be shared, and should only be used for the transaction they are intended for. Transaction SMS notifications – We send transaction notifications when you spend on your card as well as when a payment is made from your online bank account. This ensures you know what’s happening on your account when there is unusual spending. Email notifications – If suspicious activity is identified on your account and we can’t reach you through other means, we may email you requesting that you make contact. If you are unsure whether a call or email is genuine, do not hesitate to stop all communication (hang up or don’t respond to the email), and call us using a number from a trustworthy source or the 24/7 global client service centre.

https://www.investec.com/en_gb/legal/know-fraud/data-transparency-fraud-prevention.html

Lloyds Bank

We will contact customers using phone calls, text messages and onscreen notifications. Customers are encouraged to always take the necessary precaution to ensure they are talking to who they think they are. We also utilise various security prevention and detection controls, which can trigger manual and automatic customer contact, examples include: One-time passcodes - When we need to verify who you are, we’ll send a unique code to the mobile we have registered for you. The text will state exactly what the code is for, and you shouldn’t tell anyone what this code is other than the bank. • New Beneficiary Recipient – When you set up a new beneficiary we will send confirmation to the mobile number we have registered for you. The text will state the date and time this was added to your account, and what to do if this wasn’t you. While we may ask you to reply to messages, we’ll never: • Include a link to the log in pages of our own websites. • Ask for your complete security number, password, or card number. • Ask you for answers to your security questions. We offer guidance for identifying both scam calls and messages on our website, however if you’re not sure whether a call, text or email is genuine, you can contact us on the following numbers: 03453 000000 – Lloyds.

https://www.lloydsbank.com/help-guidance/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.asp

M&S Bank

Fraudsters will pretend to be someone they are not – like your Bank – and may spoof the number they are calling from to appear on your device as ‘M&S Bank’ or one of our contact numbers. We would never ask you for your security details, passwords or codes generated by your M&S Pass, to transfer money to a ‘safe account’ or to take any action bound by time pressure. On our website, we offer guidance for our customers to identify malicious contact. If you’re not sure it is your Bank calling, emailing or texting, stop. Just give us a call on the contact numbers you can find on our public website and on the back of your card. We also utilise various security controls including: One-time passcodes - this service provides a more secure online shopping experience for Visa and MasterCard® users. When making online purchases at a participating 3D Secure merchant you will receive a 6-digit passcode for some purchases, via text message to your registered mobile number, that needs to be entered to complete the transaction. Phone contact - If we notice something suspicious or need to get in touch with you, we may send you an alert by call or text message. While we may ask you to reply to messages, we’ll never: • Include a link to a log in page • Ask for your complete security number, password, or card number • Ask you for answers to your security questions.

https://bank.marksandspencer.com/security/useful-information/

Metro Bank

We get in touch with our customers in a number of different ways, including email, phone and text. We give them the following messages: Always take care if you’re contacted by anyone saying they’re from Metro Bank. If you’re not sure, disconnect the call and call the number on the back of your card (0345 08 08 500). We use one-time passcodes to verify a customer’s identity or a payment they have requested. We may send a unique code to the mobile number you’ve given us. The message will state exactly what the code is for, like creating a new payee. You shouldn’t tell anyone what the code is, other than to a Metro Bank colleague or entering it into the banking platform you’re on. If you get a one-time passcode you’re not expecting, or if someone asks for the code for a different reason than it says in the text message, don’t give it to them. Call us straightaway on 0345 08 08 500.Remember, although we may sometimes ask you to reply to text messages or send you e-mails with links, we will never: • Include a link to a log-in page • Ask for your complete security number, password or card number • Ask you for answers to your security questions • Ask you to transfer money to a ‘safe account’ If you’re not sure whether a SMS or email is genuine, please call us on 0345 08 08 500.Never post any personal or banking information on social media.

Nationwide Building Society

Nationwide use a variety of methods to contact members about potential fraudulent activity, including phone calls, text messages, emails and letters. If a member is ever in doubt that they are talking to Nationwide, they should hang up and call back on the number found on our website or on the back of their payment card. Fraudsters can be very convincing but knowing what to look for can help keep personal details and money safe. Our key messages: Remember, Nationwide will never ask you to:• log directly into the Internet Bank via an email, text or social media message,• answer security questions by email, text or direct message,• use, re-enable or re-sync your card reader over the phone,• update your information, directly from a link in an email, direct message or text,• transfer your money to a safe account for protection or “security purposes”,• Share with anyone any security codes, one time passcodes, card generate codes or PINs. And we'll always: • include the last four digits of your card number if we email, text or message you querying a suspicious transaction on your card,• include your postcode in any letters or emails, so you know it is Nationwide contacting you. Further information is available online related to our Automated Customer Contact and Card reader and text message codes including some helpful FAQ’s.

Natwest

• We will send you a text when you create or update a payee using Online or mobile banking, with some details of the update • We will text or email you when you have updated your personal information, like your address, and advise us how to contact us if this isn’t right. • Sometimes we will send you updates via email, which might be about your account or about new products that might interest you. We will never send you a link to a login page for your Online banking • If we send you a text message, we will never include a link to login pages • Where we are concerned about a payment being made on your account, we may contact you either by text message or a phone call (using your most up to date mobile number) to alert you to any suspicions we have. This may require you to respond and confirm whether the transaction was genuine or not. • We advise customers if they have any suspicions, or if the call doesn’t feel right, to call us back from an independently verified phone number (such as the number on the back of your bank card) • We will never contact you and ask you to disclose your Online banking PIN or password. • We will never ask you to disclose card reader codes, app passcodes or activation codes. • Never transfer money from your account, either online or in branch, after being instructed to do so, even if that person claims to work for the bank.

https://personal.natwest.com/personal/fraud-and-security/fraud-control-data.html

Royal Bank Of Scotland

• We will send you a text when you create or update a payee using Online or mobile banking, with some details of the update • We will text or email you when you have updated your personal information, like your address, and advise us how to contact us if this isn’t right. • Sometimes we will send you updates via email, which might be about your account or about new products that might interest you. We will never send you a link to a login page for your Online banking• If we send you a text message, we will never include a link to login pages • Where we are concerned about a payment being made on your account, we may contact you either by text message or a phone call (using your most up to date mobile number) to alert you to any suspicions we have. This may require you to respond and confirm whether the transaction was genuine or not. • We advise customers if they have any suspicions, or if the call doesn’t feel right, to call us back from an independently verified phone number (such as the number on the back of your bank card) • We will never contact you and ask you to disclose your Online banking PIN or password. • We will never ask you to disclose card reader codes, app passcodes or activation codes. • Never transfer money from your account, either online or in branch, after being instructed to do so, even if that person claims to work for the bank.

https://personal.rbs.co.uk/personal/fraud-and-security/fraud-control-data.html

Santander

Online and Mobile Banking is designed to help make sure that you pay the right person and not a fraudster. Bank name - When you enter the sort code for the account you’re paying, we’ll show you the name of the bank it’s going to so that you can check it’s the right bank. Payment purpose - We’ll ask you to choose a reason for the payment. This lets us show you a message to help protect you from scams. For example, if you choose ‘House or large purchase’ we’ll show you a specific message asking you to check the bank details personally with your payee, to protect you against scammers who intercept emails and replace the payment details in them. Pay at a later time - You’ll be given the choice to make your payment straight away or to send it at a later date. Waiting to make the payment gives you time to change your mind, which is helpful protection as fraudsters are known to pressurise their victims and push them into making payments quickly. Confirmation to proceed - We’ll ask you to take a moment to check that:with the payment - the information you’ve given us is correct- you’ve read the messages we’ve shown you before you confirm you want to go ahead with the payment. If you use Telephone Banking or our branches to make payments, we’ve similar checks to help protect you.

https://www.santander.co.uk/personal/support/fraud-and-security/our-approach-to-fraud-prevention

Smile

When fraud is suspected we will contact our customers using email, phone calls and text messages. Customers should always take the necessary precaution to ensure they are talking to who they think they are. We also utilise various security controls and offer guidance for identifying malicious contact on our website. Examples of the controls / guidance we offer include; *One-time passcodes - When we need to verify who you are, we’ll send a unique code to the mobile you have registered with us. The text will state exactly what the code is for, like creating a new payee. You shouldn’t tell anyone what this even somebody claiming to be from the Bank. If someone asks for the code but for a different reason than is stated in the text message, you shouldn’t answer them. If you get a one-time passcode message you’re not expecting, give us a call on +44(0)3457 212 212. Text Alerts - If we notice something suspicious or need to get in touch with you, we may send you an alert by text message. Email Alerts - If we notice something suspicious or need to get in touch with you, we may send you an alert by email. Phone call Alerts - If we notice something.

https://www.smile.co.uk/global/security

Starling Bank

We contact our customers in a number of different ways: • in-app messaging • phone calls • effective in-app warnings • email • one-time passcodes for 3DS via SMSWhenWhen our fraud prevention systems find something we think is unusual, we will take action immediately and endeavour to contact customers within 24 hours of noticing potentially high-risk behaviour on their accounts, or if we require any additional information. We also aim to reply to customer queries regarding account status within 24 working hours. By acting quickly, we’re helping to ensure accounts are as safe as possible. We always advise customers take the necessary precautions to ensure they are talking to who they think they are - we will never phone customers requesting any of the following:• security information • one-time passcodes via SMS • ask you to transfer money to a ‘safe account’ If customers are unsure whether a message is genuine, they can call us immediately on the number on the back of their debit card.

https://www.starlingbank.com/mobile-banking-security/fraud/banking-fraud-control-comparison-data/

TSB

We will contact our customers using phone calls and text messages. Customers should always take the necessary precaution to ensure they are talking to who they think they are. Text Alerts - If we notice something suspicious or need to get in touch with you, we may send you an alert either by text message or an automated call. If it’s a text, it’ll be from “TSB”, While we may ask you to reply to messages, we’ll never: • Include a link to a log in page • Ask for your complete security number, password, or card number • Ask you for answers to your security questions. If you’re not sure whether a text or call is genuine, please give us a call on 0345 835 7998 One-time passcodes - When we need to verify who you are, we’ll send a unique code to the mobile you have provided us with. The text will state exactly what the code is for, like creating a new payee or resetting your password. You should never disclose what this code is. If you get a one-time passcode message you’re not expecting, please call us on 0800 096 8669 Calls – we might also call you. This could include an automated call. While we may ask you to verify your identity, we’ll never: • Ask for your PIN • Ask for your complete security number or card number.

https://www.tsb.co.uk/fraud-prevention-centre/how-we-protect-you/

Ulster Bank

• We will send you a text when you create or update a payee using Online or mobile banking, with some details of the update • We will text or email you when you have updated your personal information, like your address, and advise us how to contact us if this isn’t right. • Sometimes we will send you updates via email, which might be about your account or about new products that might interest you. We will never send you a link to a login page for your Online banking • If we send you a text message, we will never include a link to login pages • Where we are concerned about a payment being made on your account, we may contact you either by text message or a phone call (using your most up to date mobile number) to alert you to any suspicions we have. This may require you to respond and confirm whether the transaction was genuine or not. • We advise customers if they have any suspicions, or if the call doesn’t feel right, to call us back from an independently verified phone number (such as the number on the back of your bank card) • We will never contact you and ask you to disclose your Online banking PIN or password. • We will never ask you to disclose card reader codes, app passcodes or activation codes. • Never transfer money from your account, either online or in branch, after being instructed to do so, even if that person claims to work for the bank.

https://digital.ulsterbank.co.uk/personal/security-centre/reporting-fraud.html

5. How and when can firm customers contact them?

Member

Response

URL

Bank

Bank Of Ireland

If you believe you are a victim or fraud, or you require any fraud prevention advice customers can contact us 24 hours a day on the following numbers: Lost/stolen debit cards or concerns over account securityUK0800 121 7790*Abroad +44 345 1610020 Lost/stolen credit cards UK 0800 121 7790* ROI 1890 706 706 Outside ROI +353 567 757 007 Compromised 365 Digital and Phone Banking Security Credentials 0800 121 7790* Compromised Business On Line (BOL) or FXPay Security Credentials 0800 032 1288*

https://www.bankofirelanduk.com/help-and-support/security-zone/

Bank Of Ireland

Bank of Scotland

In the UK: If you are a victim or fraud, or require any fraud prevention advice we offer a 24/7 service to all our customers, who can contact us on: • 03457 21 31 41 - Bank of Scotland • Outside of the UK: • +44(0)131 337 4218 - Bank of Scotland Customers requiring additional support: If you have a hearing or speech impairment, you can contact us 24/7 using the Next Generation Text (BGT) Service. If you’re Deaf and a BSL user, you can use the SignVideo service.

https://www.bankofscotland.co.uk/securityandprivacy/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.html

Bank of Scotland

Barclays

How do I report fraud on one of my accounts? Contact us straightaway if you think there’s been fraud on your account or card. You’ll need to call one of the numbers below, depending on the type of fraud you think took place. If you’re unsure if the numbers below are safe to call us on, you can run them through our telephone number checker. Type of fraud - Barclaycard: 0800 151 0900* (0333 200 9090* might cost less if you’re calling from a mobile)General: 0345 050 4585*Online: 0345 600 2323*+ (+44 247 684 2063*+ outside the UK or from a mobile)Barclays Mobile Banking: 0333 200 1014* Pingit: 0333 200 1012* Debit Card: 0800 3891 652* (+44 160 452 9410* outside the UK or from a mobile)If you’ve received a suspicious email, please forward it to [email protected], then delete it straightaway.

https://www.barclays.co.uk/digisafe/

Barclays

Clydesdale & Yorkshire Building Society

In the UK: If you believe you are a victim or fraud, or you require any fraud prevention advice customers can contact us 24/7, 365 days a year. We offer Customer Service through our branch, store & lounge network and through our Contact Centre. Outside of mainstream opening hours we can still progress block lost/stolen cards. Outside of the UK: Outside of the UK: If you believe you are a victim or fraud, or you require any fraud prevention advice customers can contact us 24/7, 365 days a year.

Clydesdale & Yorkshire Building Society

Co-Operative Financial Services

If customers see any suspicious activity or transactions that they don’t recognise we ask them to call us on+44(0)3457 212 212 or for credit cards +44(0)345 600 6000.

https://www.co-operativebank.co.uk/global/security

Co-Operative Financial Services

Danske Bank

If you believe you are a victim of fraud you can contact us, 24 hours a day on 0800 032 4386. If you are calling from outside the UK please call, 0044800 032 4386. If you have a general question or would like some fraud prevention advice, please contact us on 0345 6002 882. Lines are open Monday – Friday 8am -8pm and Saturday & Sunday 9am -5pm.You can also report fraud via your local branch, using the secure mail function within eBanking, Mobile Bank, Business eBanking/District or on our website danskebank.co.uk by choosing the ‘report fraud’ link at the bottom of the page.

https://danskebank.co.uk/personal/fraud-prevention

Danske Bank

First Direct

In the UK: We offer an around the clock service to all our customers. You can contact us on: 03456 100 100 Outside of the UK: contact us on: +44 113 234 5678. If you believe there has been a fraudulent bank transfer or bill payment that you did not authorise please call us on 03456 100 100 (Lines are open 24/7). If you have authorised a bank transfer or bill payment and now believe you have been the victim of a scam, please call us on 03456 100 100 (Lines are open 24/7).

https://www.firstdirect.com/help/security-centre/ways-we-keep-you-safe/fraud-prevention/

First Direct

Halifax

In the UK: If you are a victim or fraud, or require any fraud prevention advice we offer a 24/7 service to all our customers, who can contact us on: • 03457 203040 - Halifax • Outside of the UK: • +44(0)113 242 1984- Halifax Customers requiring additional support: If you have a hearing or speech impairment, you can contact us 24/7 using the Next Generation Text (BGT) Service. If you’re Deaf and a BSL user, you can use the SignVideo service.

https://www.halifax.co.uk/aboutonline/security/protecting-yourself-from-fraud/bank-safely-how-we-protect-you/

Halifax

HSBC Bank

In the UK: We offer an around the clock service to all our customers who can contact us on: Premier customers: 03457 707 070, All other customers: 03457 404 404 Outside of the UK: For all customers: +44 1226 261 010. If you believe there has been a fraudulent bank transfer or bill payment that you did not authorise please call us on 03456 100 135 (Monday to Friday, 9am - 6pm). If you have authorised a bank transfer or bill payment and now believe you have been the victim of a scam, please call us on 03455 873523 (24/7).

https://www.hsbc.co.uk/help/security-centre/

HSBC Bank

Investec

If you suspect fraud on your account, contact us immediately on one of these numbers: UK: 0330 123 1966/ +44 20 7597 4044A dedicated member of staff will be able to help you 24 hours a day.

https://www.investec.com/en_gb/legal/know-fraud/data-transparency-fraud-prevention.html

Investec

Lloyds Bank

In the UK: If you are a victim or fraud, or require any fraud prevention advice we offer a 24/7 service to all our customers, who can contact us on: • 03453 000000 – Lloyds • Outside of the UK: • +44(0)173 328 6348– Lloyds Customers requiring additional support: If you have a hearing or speech impairment, you can contact us 24/7 using the Next Generation Text (BGT) Service. If you’re Deaf and a BSL user, you can use the SignVideo service.

https://www.lloydsbank.com/help-guidance/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.asp

Lloyds Bank

M&S Bank

In the UK: If you do think you have been the victim of fraud, act quickly. If you have an M&S Bank account call 0345 900 0900. And notify any other credit providers straightaway. Outside of the UK: If you do think you have been the victim of fraud, act quickly. If you have an M&S Bank account, call +44(0)1244 879 080. And notify any other credit providers straightaway.

https://bank.marksandspencer.com/security/useful-information/

M&S Bank

Metro Bank

In the UK: If they believe they are a victim of fraud or need advice, they can call us 24/7 on 0345 08 08 500 or visit us in store. Outside of the UK: If they believe they are a victim of fraud or they need advice, call us 24/7 on 0044 203 402 8312 or visit us in store.

Metro Bank

Nationwide Building Society

Current account fraud enquiries0800 464 30 51 (UK)+44 1793 65 67 89 (Abroad)Useful information Monday to Friday: 8am - 8pm Saturday: 8am - 6pm Sunday: 10am - 3pm Outside of these hours, please call: 0800 30 20 11Credit card fraud enquiries0800 055 66 11 (UK)+44 2476 43 89 97 (Abroad)Useful information Monday to Friday: 8am - 8pm Saturday: 8am - 8pm Sunday: 9am - 5pm Outside of these hours, please call: 0800 055 66 22 You can also send Nationwide a message through Online Banking or webchat. Please do not put any personal details on Facebook or Twitter. Help us stop fraud. Report suspicious emails, texts and messages by emailing: [email protected]

Nationwide Building Society

Natwest

• You can access a full list of contact numbers- including international numbers- for our dedicated fraud and scams teams on our website. • Report fraud on a Personal Bank Account: 0800 161 5149 (Monday to Friday 8am-8pm, Saturday 8am-6pm, Sunday 9am-5pm). Outside these hours: 0800 032 5963.• Report fraud on a Personal Credit Card: 0800 161 5153 • Report a scam: 0345 989 0002.

https://personal.natwest.com/personal/fraud-and-security/fraud-control-data.html

Natwest

Royal Bank Of Scotland

• You can access a full list of contact numbers- including international numbers- for our dedicated fraud and scams teams on our website. • Report fraud on a Personal Bank Account: 0800 161 5149 (Monday to Friday 8am-8pm, Saturday 8am-6pm, Sunday 9am-5pm). Outside these hours: 0800 032 5963. • Report fraud on a Personal Credit Card: 0800 161 5153 • Report a scam: 0345 989 0002.

https://personal.rbs.co.uk/personal/fraud-and-security/fraud-control-data.html

Royal Bank Of Scotland

Santander

Our automated system When our fraud detection systems find something that could be unusual happening in your account, the fastest way for us to get in touch with you is through the automated system. You may receive a phone call or text. Phone call The call will ask for some security details so that we know we’ve reached the right person. • You'll be asked to confirm your name and then your date of birth. • We'll then read out the transactions we want you to confirm. • If you confirm you recognise the transactions, you can continue banking as normal. If any payments were declined, you'll need to make them again. • If you don't recognise one or more of the transactions, you can speak with one of our team who will help you further. Remember, we'll never ask for details such as your card PIN, Online Banking passwords and One Time Passcodes (OTP). If you're asked to share these, hang up and call us anytime on 0800 9 123 123.Interactive text message - You'll receive 2 messages. The introductory message lets you know we need to confirm some transactions with you, the second will give details of the transactions we want you to confirm. • You'll be asked to reply to the message with ‘Y’ to confirm you recognise all the transactions, or 'N' to confirm you don't recognise one or more of the transactions. • If you reply 'Y', you can continue banking as normal. If any payments were declined you'll need to make them again. • If you reply 'N', we'll call you back as soon as possible between 8am and 10pm or we'll give you a number to call us on which is always available. If we can’t contact you - We’ll leave a message asking you to call back as soon as possible. To protect your money and keep your accounts safe we may need to stop or hold your account or payment until we can speak to you. Check your details. If the number we have for you isn’t up to date we won’t be able to contact you about fraud and scams. You can check and change the details we have for you in Online and Telephone Banking and in any branch.

https://www.santander.co.uk/personal/support/fraud-and-security/our-approach-to-fraud-prevention

Santander

Smile

If customers see any suspicious activity or transactions that they don’t recognise we ask them to call us on +44(0)3457 212 212 or for credit cards +44(0)345 600 6000.

https://www.smile.co.uk/global/security

Smile

Starling Bank

If customers believe they have been a victim of fraud, our UK-based customer service team is available 24/7 via any of the following methods:• By phone on 0800 0234 617 or, if you're calling from abroad use +44 (0) 207 930 4450• Customers are welcome to chat with us via our website• In-app messaging • Email - [email protected] have fraud specialists working hard to make sure that investigations are conducted and queries are responded to as soon as possible. Our customer service agents are 100% human and we don’t use chat bots.

https://www.starlingbank.com/mobile-banking-security/fraud/banking-fraud-control-comparison-data/

Starling Bank

TSB

In the UK: If you believe you are a victim or fraud, or you require any fraud prevention advice we offer an around the clock protection to all our customers who can contact us on 0345 835 7998 Outside of the UK: If you believe you are a victim or fraud, or you require any fraud prevention advice we offer an around the clock protection to all our customers who can contact us using 0345 835 7998.

https://www.tsb.co.uk/fraud-prevention-centre/how-we-protect-you/

TSB

Ulster Bank

• You can access a full list of contact numbers- including international numbers- for our dedicated fraud and scams teams on our website. • Report fraud on a Personal Bank Account: 0800 161 5149 (Monday to Friday 8am-8pm, Saturday 8am-6pm, Sunday 9am-5pm). Outside these hours: 0800 032 5963. • Report fraud on a Personal Credit Card: 0800 161 5153 • Report a scam: 0345 989 0002.

https://digital.ulsterbank.co.uk/personal/security-centre/reporting-fraud.html

Ulster Bank

6. Industry initiatives/ collaboration

Bank

Response

URL

Bank Of Ireland

• We are members of UK Finance and take an active part in all Industry Fraud initiatives • We are members of CIFAS – The UK Fraud Prevention Service • We contribute to the funding of the DCPCU. The DCPCU is a national police unit formed between the City of London Police, the Metropolitan Police Service, UK Finance and the Home Office. • We share fraud intelligence with the rest of the banking industry and law enforcement to protect our customers. • We support the Take Five Campaign to provide our customers with up to date advice on fraud prevention. • We are a participant of the Banking Protocol which helps our customers from being targeted by fraudsters and rouge traders. • We work with other banks to quickly recover fraudulent funds for our customers.

https://www.bankofirelanduk.com/help-and-support/security-zone/

Bank of Scotland

We are members of UK Finance and take an active part in all Industry fraud & financial crime initiatives. • We are active members of CIFAS. • We contribute to the funding of the Dedicated Card and Payment Crime Unit (DCPCU) who work to identify and target the organised criminal gangs. • We share fraud intelligence to protect our customers, working with the National Crime Agency and other law enforcement and intelligence agencies. • We have signed up to the Take Five Voluntary Code to provide our customers with up to date advice. • We champion and participate in the Banking Protocol. • We collaborate with other banks to quickly recover fraudulent funds for our customers and have signed up to Contingent Reimbursement Model (CRM), which sets out the circumstances when payment service providers are responsible for reimbursing APP scam victims.• We are signed up to implement confirmation of payee. • We have partnered with City of London Police, investing £1.5 million in the force’s Economic Crime Directorate.? We have partnered with Trading Standards to support their Friends Against Scams campaign. • We work in collaboration with the Regulator and ICO to ensure a collective response to fraud & financial crime.

https://www.bankofscotland.co.uk/securityandprivacy/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.html

Barclays

• We contribute to the funding of the DCPCU (Dedicated Card and Payment Crime Unit). This is a unique proactive police unit fully sponsored by the cards and banking industries, with an ongoing brief to investigate, target and, where appropriate, arrest and seek successful prosecution of offenders responsible for card, cheque and payment fraud crimes. • We are members of UK Finance and take an active part in all Industry Fraud initiatives. • We are members of CIFAS and National Hunter - CIFAS (Credit Industry Fraud Avoidance System) is a widely used non-profit association which represents both the private and public sectors and is specialised in the prevention of fraud. Membership to CIFAS is open to any organisation that has the ability to identify fraud and share fraud data with other members through the use of the CIFAS National Database. To find out more, visit CIFAS.org.uk. Hunter is a tool we use that is able to provide accurate fraud protection for both the business and customer, aiding in the prevention of deception and Identify theft. For more information, visit nhunter.co.uk. • We share fraud intelligence with law enforcement and other organisations, to protect you and your account. • We have signed up to the Take Five Voluntary to provide you with up to date advice on fraud prevention. • We are a participant of the Banking Protocol which helps you from being targeted by fraudsters and rouge traders. The Banking Protocol enables bank branch staff to contact police if they suspect you are in the process of being scammed, with an immediate priority response to the branch. • We work with other banks to quickly recover fraudulent funds for you. • Signed up to CRM - Contingent Reimbursement Model brought changes in May 2019 in how bank dealt with the victims of scams. Barclays were one of the founding banks of the Contingent Reimbursement Model. As part of this we contribute to a centralised pot which helps victims of fraud across all banks. • We collaborate with Victim Support to offer support, counsell

https://www.barclays.co.uk/digisafe/

Clydesdale & Yorkshire Building Society

We are active members and work with the following industry bodies to share data, intelligence and drive initiatives to detect and prevent fraud: • UK Finance • CIFAS –to detect and prevent fraud • Mortgage Fraud forums • We contribute to the funding and work in tandem with DCPCU.• We share fraud intelligence to protect our customers formally and informally with peer banks and work together to recover funds where our customers are victims of fraud • Take Five Voluntary code to provide our customers with up to date advice on fraud prevention. • We are a participant of the Banking Protocol which helps our customers from being targeted by fraudsters and rouge traders.

Co-Operative Financial Services

• We are members of UK Finance and take an active part in all Industry Fraud initiatives. • We are members of CIFAS – The UK Fraud Prevention Service. • We contribute to the funding of the DCPCU• We share fraud intelligence to protect our customers. • We have signed up to the Take Five Voluntary Code to provide our customers with up to date advice on fraud prevention. • We are a participant of the Banking Protocol which helps our customers from being targeted by fraudsters and rouge traders. • We work with other banks to quickly recover fraudulent funds for our customers. • We are a signatory of the Continuous Reimbursement Model voluntary code. • We have implemented confirmation of payee.

https://www.co-operativebank.co.uk/global/security

Danske Bank

• We are members of UK Finance and take an active part in all Industry Fraud initiatives, for example Take Five • We are members of CIFAS – The UK Fraud Prevention Service • We are members of ScamwiseNI. A partnership with over 30 Northern Ireland organisations involved in informing local communities about the risks of scams and the range of scams that exist • We share fraud intelligence with relevant agencies to help protect our customers • We are a participant of the Banking Protocol which helps our customers from being targeted by fraudsters and rogue traders. • We work with other banks to quickly recover fraudulent funds for our customers using industry recognised best practice standards. • We subscribe to the Mule Insights Tactical Solution (MITS) and provide data to and extract data from this system in an effort to reduce the number of mule accounts in the UK. • We collaborate with local & national law enforcement agencies throughout their investigations. • We contribute to the funding of the Dedicated Card and Payment Crime Unit • We have a network of contacts amongst peers in other financial institutions across the UK.

https://danskebank.co.uk/personal/fraud-prevention

First Direct

• We are members of UK Finance and take an active part in Industry Fraud initiatives. • We are members of CIFAS – The UK Fraud Prevention Service. • We contribute to the funding of the Dedicated Card and Payment Crime Unit who focus on card, cheque and payment fraud crimes. • We share fraud intelligence with UK Finance and Law Enforcement to protect our customers. • We have signed up to Take Five to provide our customers with up to date advice on fraud prevention. • We are a participant of the Banking Protocol which helps to prevent our customers falling victim to fraudsters and rogue traders by working with Law Enforcement. • We work with other banks to quickly recover fraudulent money for our customers. • We are pleased to be among the first banks to sign up to the Contingent Reimbursement Model Code as part of our commitment to protecting our customers from fraud. • We are a founder sponsor of Get Safe Online providing our customers with advice on how to protect yourself against fraud and identity theft. • We are members of the National Fraud Database.

https://www.firstdirect.com/help/security-centre/ways-we-keep-you-safe/fraud-prevention/

Halifax

We are members of UK Finance and take an active part in all Industry fraud & financial crime initiatives. • We are active members of CIFAS. • We contribute to the funding of the Dedicated Card and Payment Crime Unit (DCPCU) who work to identify and target the organised criminal gangs. • We share fraud intelligence to protect our customers, working with the National Crime Agency and other law enforcement and intelligence agencies. • We have signed up to the Take Five Voluntary Code to provide our customers with up to date advice. • We champion and participate in the Banking Protocol.• We collaborate with other banks to quickly recover fraudulent funds for our customers and have signed up to Contingent Reimbursement Model (CRM), which sets out the circumstances when payment service providers are responsible for reimbursing APP scam victims. • We are signed up to implement confirmation of payee. • We have partnered with City of London Police, investing £1.5 million in the force’s Economic Crime Directorate. • We have partnered with Trading Standards to support their Friends Against Scams campaign. • We work in collaboration with the Regulator and ICO to ensure a collective response to fraud & financial crime.

https://www.firstdirect.com/help/security-centre/ways-we-keep-you-safe/fraud-prevention/

HSBC Bank

• We are members of UK Finance and take an active part in Industry Fraud initiatives. • We are members of CIFAS – The UK Fraud Prevention Service. • We contribute to the funding of the Dedicated Card and Payment Crime Unit who focus on card, cheque and payment fraud crimes. • We share fraud intelligence with UK Finance and Law Enforcement to protect our customers. • We have signed up to Take Five to provide our customers with up to date advice on fraud prevention. • We are a participant of the Banking Protocol which helps to prevent our customers falling victim to fraudsters and rogue traders by working with Law Enforcement. • We work with other banks to quickly recover fraudulent money for our customers. • We are pleased to be among the first banks to sign up to the Contingent Reimbursement Model Code as part of our commitment to protecting our customers from fraud. • We are a founder sponsor of Get Safe Online providing our customers with advice on how to protect yourself against fraud and identity theft. • We are members of the National Fraud Database.

https://www.hsbc.co.uk/help/security-centre/

Investec

Investec is committed to protecting our staff and clients, in line with industry standards. To do this, we: • Are members of UK Finance and take an active part in several Industry Fraud initiatives. • Are members of CIFAS – The UK Fraud Prevention Service. • Contribute to the funding of the City of London Police’s Dedicated Card and Payment Crime Unit (DCPCU). In return, they share information about current threats and related law enforcement action. • Share fraud intelligence with other firms to protect our customers. • Benchmark ourselves against other banks to ensure our controls meet industry standards. • Have implemented the Authorised Push Payment (APP) Fraud industry best practice standards. This means that if you are a victim of a scam, we will cooperate with other banks to recover funds where possible. • Attend industry conferences to maintain fraud knowledge, maintain awareness of horizon fraud threats and new technologies to help protect against them.

https://www.investec.com/en_gb/legal/know-fraud/data-transparency-fraud-prevention.html

Lloyds Bank

We are members of UK Finance and take an active part in all Industry fraud & financial crime initiatives. • We are active members of CIFAS. • We contribute to the funding of the Dedicated Card and Payment Crime Unit (DCPCU) who work to identify and target the organised criminal gangs. • We share fraud intelligence to protect our customers, working with the National Crime Agency and other law enforcement and intelligence agencies. • We have signed up to the Take Five Voluntary Code to provide our customers with up to date advice. • We champion and participate in the Banking Protocol. • We collaborate with other banks to quickly recover fraudulent funds for our customers and have signed up to Contingent Reimbursement Model (CRM), which sets out the circumstances when payment service providers are responsible for reimbursing APP scam victims. • We are signed up to implement confirmation of payee. • We have partnered with City of London Police, investing £1.5 million in the force’s Economic Crime Directorate. • We have partnered with Trading Standards to support their Friends Against Scams campaign. • We work in collaboration with the Regulator and ICO to ensure a collective response to fraud & financial crime.

https://www.lloydsbank.com/help-guidance/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.asp

M&S Bank

• We are members of UK Finance and take an active part in all industry fraud initiatives. • We are members of CIFAS – The UK Fraud Prevention Service. • We have signed up to the Take Five Voluntary to provide our customers with up to date advice on fraud prevention. • We share fraud intelligence with UK Finance and Law Enforcement to protect our customers • We are a participant of the Banking Protocol which can help our customers if they are targeted by fraudsters and rouge traders. • We are pleased to be among the first banks to sign up to the Contingent Reimbursement Model Code as part of our commitment to protecting our customers from fraud.

https://bank.marksandspencer.com/security/useful-information/

Metro Bank

• We are a founding member of the Authorised Push Payment (APP) Scams Voluntary code, which commits us to detecting, preventing and responding to APP scams. • We are members of UK Finance and take an active role in all fraud prevention plans. • We are members of CIFAS and other fraud bureaus. • We contribute to the funding of the Dedicated Card and Payment Crime Unit. The DCPCU is a national police unit formed between the City of London Police, the Metropolitan Police Service, UK Finance and the Home Office. • We share fraud intelligence with the rest of the banking industry and law enforcement to protect our customers. • We’re an active member and supporter of the Take 5 campaign, which offers free advice to help everyone protect themselves. • We are part of the Banking Protocol, which identifies customers who may be more vulnerable from being targeted by fraudsters, and intervenes. • We work with other banks to quickly recover stolen funds for our customers.

Nationwide Building Society

• We attend Industry forums and meetings with key bodies that help prevent fraud, including UK Finance, The Financial Conduct Authority (FCA) and other financial institutions. • We are a member of CIFAS, sharing information with other financial providers in the fight against fraud. • Proud industry campaign supporters of;- Take Five - providing simple and easy to follow fraud prevention advice- Financial Conduct Authority (FCA) Scam Smart. • We actively participate in a scheme called the Banking Protocol, where we alert law enforcement to cases where we believe a member may be the victim of a scam, or in danger from financial abuse, aiming to ensure members receive additional protection, support and are safeguarded against becoming the victim, or repeat victim of a fraud or scam.• We have signed up to a voluntary industry code, the Contingent Reimbursement Model (CRM), setting out rules and guidance for the UK banking industry to help prevent customers falling victim to scams and ensure fair and transparent treatment and outcomes for those that have unfortunately lost money. • We communicate with other financial institutions and via established industry mechanisms, maximise recovery of fraudulently transferred funds for our members, or for the customers of other financial institutions.

Natwest

• We are one of 7 funding founders and signatories of the industry initiative, the Voluntary APP Scam Code. The Code aims to provide greater protection to customers from scams through customer education, doing more to prevent these scams and by committing to reimburse customers in certain circumstances. • We actively work with other payment service providers, industry bodies, law enforcement, payment schemes, and regulators to tackle fraud and scams. We also work with these organisations to share intelligence in criminal investigations. • We cooperate with national police forces using the Banking Protocol to protect customers. It provides support from police forces to those who have been targeted by fraudsters. It is currently used in branch and we are looking to introduce it to our telephony service. • We adhere to industry Best Practice Standards which were introduced in January 2017 and provided a framework for banks to manage APP scams, and rapidly share intelligence regarding beneficiary mule accounts. • We contribute funding and support to the Dedicated Card and Payment Crime Unit– a unique law enforcement unit which disrupts organised financial fraud. • We plan to introduce Confirmation of Payee in 2020 to help clarify who is receiving the money from payments you make.

https://personal.natwest.com/personal/fraud-and-security/fraud-control-data.html

Royal Bank Of Scotland

• We are one of 7 funding founders and signatories of the industry initiative, the Voluntary APP Scam Code. The Code aims to provide greater protection to customers from scams through customer education, doing more to prevent these scams and by committing to reimburse customers in certain circumstances. • We actively work with other payment service providers, industry bodies, law enforcement, payment schemes, and regulators to tackle fraud and scams. We also work with these organisations to share intelligence in criminal investigations. • We cooperate with national police forces using the Banking Protocol to protect customers. It provides support from police forces to those who have been targeted by fraudsters. It is currently used in branch and we are looking to introduce it to our telephony service. • We adhere to industry Best Practice Standards which were introduced in January 2017 and provided a framework for banks to manage APP scams, and rapidly share intelligence regarding beneficiary mule accounts. • We contribute funding and support to the Dedicated Card and Payment Crime Unit– a unique law enforcement unit which disrupts organised financial fraud. • We plan to introduce Confirmation of Payee in 2020 to help clarify who is receiving the money from payments you make.

https://personal.rbs.co.uk/personal/fraud-and-security/fraud-control-data.html

Santander

We’re involved in a number of initiatives to fight fraud with other financial providers and agencies. • We’re members of UK Finance and take an active part in industry fraud initiatives like Take Five, share intelligence to protect our customers and work with other banks to quickly recover stolen funds. • We also help fund the Dedicated Card and Payment Crime Unit (DCPCU), a police unit formed as a partnership between the City of London Police, the Metropolitan Police Service, the UK banking industry trade association UK Finance and the Home Office. • By being part of the Banking Protocol initiative between the police, banking institutions and trading standards, we’ve trained our branch staff to help identify if a customer is about to fall victim to a scam. • We’re a member of Cifas, the UK’s fraud prevention service, and work with them to protect our customers and reduce instances of fraud and financial crime. • We’ve signed up to a voluntary code from the Lending Standards Board to protect customers from authorised push payment scams. As well as agreeing in some circumstances to reimburse victims of these type of scams, we hope to reduce the number of scams as we promise to protect customers with procedures to detect, prevent and respond to the scams, and take more measures to prevent accounts being used to launder the proceeds.

https://www.santander.co.uk/personal/support/fraud-and-security/our-approach-to-fraud-prevention

Smile

• We are members of UK Finance and take an active part in all Industry Fraud initiatives • We are members of CIFAS – The UK Fraud Prevention Service • We contribute to the funding of the DCPCU • We share fraud intelligence to protect our customers • We have signed up to the Take Five Voluntary Code to provide our customers with up to date advice on fraud prevention. • We are a participant of the Banking Protocol which helps our customers from being targeted by fraudsters and rouge traders. • We work with other banks to quickly recover fraudulent funds for our customers. • We are a signatory of the Continuous Reimbursement Model voluntary code. • We have implemented confirmation of payee.

https://www.smile.co.uk/global/security

Starling Bank

Here are the initiatives and collaborations we’re members of: • UK Finance - we take an active part in all Industry Fraud initiatives • CIFAS, the UK’s largest cross-sector fraud-sharing platform • FinTech Financial Crime Exchange, a network of FinTechs who collaborate on best practices in financial crime risk management • SIRA, a comprehensive fraud prevention and detection database. We collaborate with: • law enforcement bodies • the TakeFive initiative • other financial institutions, sharing intelligence with the rest of the industry to protect customers • the Confirmation of Payee initiative, a tool that will help further protect customers from Authorised Push Payment scams. We help to fund:• the Dedicated Card and Payment Crime Unit (via membership of other bodies)We are a signatory of or have committed to: • the APP Scams Voluntary Code - which commits us to combatting and responding to APP scams

https://www.starlingbank.com/mobile-banking-security/fraud/banking-fraud-control-comparison-data/

TSB

• We are members of UK Finance and have signed up to the Take Five Voluntary Code providing our customers with up to date advice on fraud prevention. • We are members of CIFAS – The UK Fraud Prevention Service • We regularly share intelligence to protect our customers, both with other banks, law enforcement and government agencies are able quickly recover fraudulent funds for our customers. • We are an active participant of the Banking Protocol • We are committed to the successful implementation confirmation of payee • We contribute to the funding of the DCPCU • We’ve supported the Metropolitan Police Service and Thames Valley Police with funding to target known fraudsters, as well as devising new, innovative, ways to fight this crime. • We’ve purchased equipment for the fraud team at Hertfordshire Constabulary – supporting them with the tools they need to identify, arrest and prosecute fraudsters. And we support numerous other police forces across the UK with training and intelligence sharing. • We also partner with the independent charity Crimestoppers to help us reach out to new communities and ensure that together we are keeping them safe.

https://www.tsb.co.uk/fraud-prevention-centre/how-we-protect-you/

Ulster Bank

• We are one of 7 funding founders and signatories of the industry initiative, the Voluntary APP Scam Code. The Code aims to provide greater protection to customers from scams through customer education, doing more to prevent these scams and by committing to reimburse customers in certain circumstances. • We actively work with other payment service providers, industry bodies, law enforcement, payment schemes, and regulators to tackle fraud and scams. We also work with these organisations to share intelligence in criminal investigations. • We cooperate with national police forces using the Banking Protocol to protect customers. It provides support from police forces to those who have been targeted by fraudsters. It is currently used in branch and we are looking to introduce it to our telephony service. • We adhere to industry Best Practice Standards which were introduced in January 2017 and provided a framework for banks to manage APP scams, and rapidly share intelligence regarding beneficiary mule accounts. • We contribute funding and support to the Dedicated Card and Payment Crime Unit– a unique law enforcement unit which disrupts organised financial fraud. • We plan to introduce Confirmation of Payee in 2020 to help clarify who is receiving the money from payments you make.

https://digital.ulsterbank.co.uk/personal/security-centre/reporting-fraud.html

7. Summary

Bank

Response

URL

Bank Of Ireland

We are the Partnership Bank. We provide simple, flexible, financial services to UK customers both directly and through partnerships with well-known UK brands. Technology is making it quicker and easier to stay on top of your finances wherever and whenever you want. As more of our customers choose to use new ways of banking such as phone, tablet or computer, we’re committed to keeping their accounts and information secure.

https://www.bankofirelanduk.com/help-and-support/security-zone/

Bank of Scotland

Helping keep our customers’ money safe is a top priority and we have sophisticated, multi-layered defences to help protect our customers from criminals. We continually strengthening our defences using new technology, analysing data in real-time to stop fraud happening in the first place. If we do spot suspicious activity on a customer’s account, we will contact them immediately. In addition, we have dedicated resources online, printed material available in our branches and all our colleagues in branch and over the phone are trained to be able to assist our customers with any fraud prevention related questions.

https://www.bankofscotland.co.uk/securityandprivacy/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.html

Barclays

Customer - We will protect our customers from fraud, to make it as easy as possible to use our services and when needed, to keep our customers fully informed. We have dedicated teams that are accessible 24/7 should customers need advice or help. We will get customers back up and running as quickly as possible. Fraud Prevention - We will deliver flexible world-class fraud capabilities to prevent fraud. We will use the latest fraud technology to deliver the right outcomes. OUR AMBITION - SHIELDING OUR CUSTOMERS & PROTECTING THEIR ASSETS FROM FRAUDSTERS.

https://www.barclays.co.uk/digisafe/

Clydesdale & Yorkshire Building Society

Clydesdale, Yorkshire Banks and Virgin Money dedicates substantial resources to protect customers from financial & data loss as a result of fraud. Our controls apply to all products and are constantly evolving in line with the fraud risks faced by our customers we aim to prevent and detect fraud whilst allowing customers to open and operate accounts without unnecessary friction. Educating customers through industry initiatives, in all channels including our Branch, Store & Lounge network and providing bespoke support and aftercare as required enable customers to also protect themselves against fraud and scams.

Co-Operative Financial Services

We are committed to provide fraud protection and prevention for our customers and to continue to educate them and raise awareness of the kinds of scams and frauds that they may be targeted with. Providing support to customers who have fallen victim to fraudsters is of paramount importance to us and we will continue to work with the wider industry on initiatives such as The Banking Protocol and Contingent Reimbursement Model, as we strive to do as much as we can to help our affected customers.

https://www.co-operativebank.co.uk/global/security

Danske Bank

The fight against fraud is an ever-evolving landscape. We continue to invest in our people and our platforms to ensure that we are at the forefront of this battle. We have a responsibility to the society that we serve to ensure that we remain a safe and secure place to bank and we take this responsibility very seriously. We continually improve our prevention and detection capabilities and keep our customers informed so that they can keep their personal and sensitive financial information safe and secure. Items such as PINs, passwords, and one-time passwords can be the keys to your bank account, so you should treat these with care and NEVER share them with another person, not even if they claim to be from the Bank or another seemingly legitimate organisation.

https://danskebank.co.uk/personal/fraud-prevention

First Direct

Fraudsters are criminals and can pretend to be someone they are not – like first direct or the Police – to find out information about their victims. You should always make sure that the person you are talking to is who you think they are. We will never ask you for security information like your digital or physical secure key codes. When we contact you about fraud, we will use email, phone calls and text messages and if you aren’t sure, contact us. We will continue to work alongside others in the industry to best protect our customers against this ever-changing threat.

https://www.firstdirect.com/help/security-centre/ways-we-keep-you-safe/fraud-prevention/

Halifax

Helping keep our customers’ money safe is a top priority and we have sophisticated, multi-layered defences to help protect our customers from criminals. We continually strengthening our defences using new technology, analysing data in real-time to stop fraud happening in the first place. If we do spot suspicious activity on a customer’s account, we will contact them immediately. In addition, we have dedicated resources online, printed material available in our branches and all our colleagues in branch and over the phone are trained to be able to assist our customers with any fraud prevention related questions.

https://www.halifax.co.uk/aboutonline/security/protecting-yourself-from-fraud/bank-safely-how-we-protect-you/

HSBC Bank

Fraudsters are criminals and can pretend to be someone they are not – like HSBC or the Police – to find out information about their victims. You should always make sure that the person you are talking to is who they think they are. We will never ask you for your security information like your digital or physical secure key codes. When we contact you about fraud, we will use email, phone calls and text messages and if you aren’t sure, contact us. We will continue to work alongside others in the industry to best protect our customers against this ever-changing threat.

https://www.hsbc.co.uk/help/security-centre/

Investec

Investec is dedicated to delivering exceptional client experience, and protecting you from fraud is an integral part of this. Our team of fraud experts work with various systems and technology to help protect clients from becoming victims of fraud. We will help you understand and identify fraud threats and learn how to protect yourself from becoming a victim. If we believe you may have become a victim of fraud we will act immediately to protect your account, and contact you at the earliest opportunity to help you.

https://www.investec.com/en_gb/legal/know-fraud/data-transparency-fraud-prevention.html

Lloyds Bank

Helping keep our customers’ money safe is a top priority and we have sophisticated, multi-layered defences to help protect our customers from criminals. We continually strengthening our defences using new technology, analysing data in real-time to stop fraud happening in the first place. If we do spot suspicious activity on a customer’s account, we will contact them immediately. In addition, we have dedicated resources online, printed material available in our branches and all our colleagues in branch and over the phone are trained to be able to assist our customers with any fraud prevention related questions.

https://www.lloydsbank.com/help-guidance/protecting-yourself-from-fraud/bank-safely-how-we-protect-you.asp

M&S Bank

Scammers are criminals who use a range of techniques to find and use information about their victims. We work alongside others in the industry to identify and address the ever-changing techniques used by fraudsters and to protect our customers.

https://bank.marksandspencer.com/security/useful-information/

Metro Bank

Our aim is to find the right balance between working to prevent fraud and still giving our customers a brilliant banking experience. We are committed to doing all we can to protect everyone who banks with us, as well as providing useful tools and advice to help them protect themselves. Our proactive and holistic approach to keeping our accounts safe and reliable has earned us a number of awards: • #1 for Personal Current Accounts in the Competition and Market Authority’s (CMA) Service Quality Survey • #2 for Business Current Accounts in the CMA Service Quality Survey • Current Account rated Five Stars, Moneyfacts Annual Star Rating for PCAs 2019 • Business Bank Account of the Year, British Small Business Awards 2018 • Best All Round Personal Finance Provider, Moneynet Personal Finance Awards 2019 • Best Current Account Provider for Branch Service, Moneywise Customer Service Awards

Nationwide Building Society

Keeping our members money safe and secure is one of the most critical promises we make. We continually seek to minimise fraud by; • Maintaining the balance between security and fast and reliable access. • Using a range of key controls, including round the clock monitoring of transactions and activity, sometimes blocking or suspending transactions and contacting our members to confirm activity.

Natwest

Fraud and scam prevention, detection, and remediation is at the heart of what we do, and we are investing more time and money than ever before to educate and protect you and your money. If you are ever concerned about fraud or scams, you can contact our dedicated fraud and scams teams by calling us on the number on the back of your bank card. Tackling the challenge of fraud is something we know we cannot do alone. We are continually working with our customers, law enforcement, and other industry banks to stay one step ahead of the criminals.

https://personal.natwest.com/personal/fraud-and-security/fraud-control-data.html

Royal Bank Of Scotland

Fraud and scam prevention, detection, and remediation is at the heart of what we do, and we are investing more time and money than ever before to educate and protect you and your money. If you are ever concerned about fraud or scams, you can contact our dedicated fraud and scams teams by calling us on the number on the back of your bank card. Tackling the challenge of fraud is something we know we cannot do alone. We are continually working with our customers, law enforcement, and other industry banks to stay one step ahead of the criminals.

https://personal.rbs.co.uk/personal/fraud-and-security/fraud-control-data.html

Santander

Our priority is to protect you from falling victim to fraud or a scam. Our Fraud Team is both passionate and dedicated to keeping you safe. We’re the first bank to implement the use of effective scam awareness messages when making payments using Online Banking. We’ll continue to be a safe place for you to keep your money as we continue to develop new ways to protect you from fraud.

https://www.santander.co.uk/personal/support/fraud-and-security/our-approach-to-fraud-prevention

Smile

We are committed to provide fraud protection and prevention for our customers and to continue to educate them and raise awareness of the kinds of scams and frauds that they may be targeted with. Providing support to customers who have fallen victim to fraudsters is of paramount importance to us and we will continue to work with the wider industry on initiatives such as The Banking Protocol and Contingent Reimbursement Model, as we strive to do as much as we can to help our affected customers.

https://www.smile.co.uk/global/security

Starling Bank

We want to protect and educate our customers – the more power they have, the less power fraudsters have. We work hard to combat fraud, and our team works 24/7. We make a point of contacting those affected by financial crime within 24hrs, ensuring they are always up to date. Starling builds smart money-management tools to help our customers feel more in control of their finances and more engaged with managing their bank account – this empowerment is a big part of helping them stay safe. That’s why we have been voted Best British Bank twice and are a Which? Recommended Provider.

https://www.starlingbank.com/mobile-banking-security/fraud/banking-fraud-control-comparison-data/

TSB

Fraud is a crime. It is the fastest growing crime in the UK, with the proceeds impacting individuals and local communities in the UK and abroad. Fraud is not a victimless crime – it’s a tool of organised gangs, who use the funds that they steal to bring drugs, violence and other crimes to our streets. Tackling fraud is not only a financial imperative, it’s a moral one. And that’s why TSB is committed to making a difference.

https://www.tsb.co.uk/fraud-prevention-centre/how-we-protect-you/

Ulster Bank

Fraud and scam prevention, detection, and remediation is at the heart of what we do, and we are investing more time and money than ever before to educate and protect you and your money. If you are ever concerned about fraud or scams, you can contact our dedicated fraud and scams teams by calling us on the number on the back of your bank card. Tackling the challenge of fraud is something we know we cannot do alone. We are continually working with our customers, law enforcement, and other industry banks to stay one step ahead of the criminals.

https://digital.ulsterbank.co.uk/personal/security-centre/reporting-fraud.html