How do I report my card lost or stolen?

It’s best to cut your card into pieces, making sure to cut through the chip and magnetic strip and put the card in with your normal waste, rather than your recycling. If possible, don’t put all the pieces of the card in the same bin or with any related documentation such as receipts or statements.

You can withdraw up to £300 per day in the UK per cardholder from ATMs accepting Visa. You can amend this to up to £500 per day in the Triodos app under More > Cards > Card daily limits > Cash withdrawals. You can amend this in Internet Banking under Self Service > Cards > Daily cash withdrawal limit.

You can use any cash machines displaying the Visa logo.

To make things easier you can find your nearest cash machine here.

Remember, you can also request cash back when shopping with participating retailers.

The card is made from recycled PVC, we chose this material because it has the lowest CO2 footprint and the lowest environmental impact compared to other plastics. It doesn’t break easily and is sustainable and durable.

Using recycled PVC eliminates the use of land, plant protection products and fertilizers in comparison to the environmental impact of bioplastics.

Money mules are people used to help launder money, often without realising that’s what they’re doing. They help move illegitimate funds (money gained illegally) between accounts so that the money then appears to be legitimate. They may be asked to receive money into their account, then withdraw it and put it into another account, sometimes in another country. Sometimes the money mules are offered compensation or commission.

Even if money mules don’t know the money they’re transferring is fraudulent, they are still committing fraud and money laundering, and could be sentenced to time in prison or to pay a fine.

Money mules are often recruited into this activity through false job adverts, or social media posts that promote quick money-making opportunities. Sometimes they are duped by fake social media profiles that pretend to want a romantic relationship with the victim to gain their trust and affection before asking this favour or blackmailing them. This is also known as romance fraud.

Never move money between accounts you don’t know and trust, especially because someone else has asked you to, or if you don’t know where that money has come from. If you are suspicious of money laundering, call us immediately on 0330 355 0355.

During set up, Triodos will share your billing address with Google. The processing of this data is subject to the Triodos privacy statement.

Google will then collect further information about you when you use Google Pay. This includes your phone number, transaction details, and contact and shipping information for online transactions. Your personal data may be shared with third parties to facilitate payments. Triodos are not responsible for the security of Google Pay or any third-party providers.

You can read Google’s privacy policy on their website.

You can also view and change your privacy preferences for Google Pay via: myactivity.google.com/product/gpay/controls

If you don't want to share this data with Google, you can always choose not to use Google Pay and make contactless payments with your debit card.

Vishing is where a fraudster uses voice messages or phone calls to try to steal identities, and financial information like your PIN, card details and Digipass code.

The term comes from the combination of ‘phishing’ and ‘voice’. Phishing is where fraudsters use email, regular phone calls and fake websites to dupe people into giving them personal details and financial information.

Vishing is specifically the use of a VOIP service (Voice Over Internet Protocol, or an internet phone service), which enables fraudsters to communicate with their potential victims via automated voice messages and the phone keypad.

Vishers can create fake caller ID profiles so that their phone number seems legitimate, and vishing requests sound urgent, to panic the victim into acting without thinking.

Examples of vishing:

• Your bank account has been compromised
  You receive call from what appears to be Triodos Bank’s phone number. When you answer, you hear a recording pretending to be from Triodos, saying that your bank account has been compromised, and you need to call a freephone number to reset your security details. Calling this number, you would hear another automated message asking for your bank account number, Digipass code or other personal details via the phone keypad.
• You’re eligible for a loan
  You are offered loan or credit terms too good to be true (they probably are), and to receive the money, you just need to pay an upfront fee or provide your security details.
• You’re due a refund
  You receive a message that says you are due a refund. This is usually someone claiming to be from a trusted organisation. If you opt in – usually by pressing a number on your telephone - you will be redirected to a call centre agent who will attempt to defraud you or steal your information.
• Don’t miss this investment opportunity
  An automated voice message tells you about an investment opportunity too good to turn down. You’ll be encouraged to transfer money to invest in a company or service that doesn’t exist.
• You’ve won a prize
  Victims hear an automated voice message about a free offer or prize, and just need to pay postage, redemption or admin fees to claim. There’s often a deadline to hurry people into handing over their card details.

What you can do

If you receive an unexpected phone call with an automated response, hang up, search for the company’s genuine contact details online and check whether the call was legitimate. If it was, the company will be able to help you, and if it was a vishing attempt, letting the company know enables them to take action, and you will have protected yourself from fraud.

If the call relates to an investment opportunity, check the FCA register to see if the investor is regulated, and confirm the company exists by checking Companies House.

How to report a vishing scam

If you think you have been a victim of a vishing attack, call us immediately on 0330 355 0355. Then report to the FCA using their reporting form.

If you have lost money to suspected investment fraud, report it to Action Fraud on 0300 123 2040.

To activate your card, use your PIN to withdraw money from an ATM or when making a payment. You will need to do this before you make any contactless or online payments.

Your PIN is viewable in the Triodos Mobile Banking App under More > Cards. If you have never used the Triodos App, your PIN will be sent in the post separately.

Your card will need to be activated before you can add it to a digital wallet (e.g. Apple Wallet or Google Wallet).

Don't have the Triodos App? Download via the App Store or Google Play to manage your money on the go, easily and securely. To download the app, you'll need a compatible smartphone or tablet - running Android 7.0 or higher, or Apple iOS 15 or higher.

Do not respond to any email that asks you for information about your internet banking log in details. If you have received a suspicious email, do not respond and call our Contact Team as soon as you can during our opening hours on 0330 355 0355 to check if it is a genuine email.

Our opening hours are published on our help and support page.

If your card or security details are used to make a payment or transfer without your permission, we will refund the full amount (minus £35 where applicable) of the payment as soon as is operationally possible. This includes repayment of any interest or charges incurred as a result of the payment. However, you must notify us as soon as possible and no later than 13 months after the debit date. After this time we will not be able to issue a refund.

You may have to pay up to £35 if:

• Your card is used after being lost or stolen
• You fail to keep your security details safe

You may be responsible for money taken from your account up until the point you report it to us, if you:

• Don’t keep your card or security details secure
• Don’t tell us as soon as possible that your card is lost or stolen
• Share your card, digipass or security details with a third party
• You were aware that your account had been compromised at the time that the payment was made and you failed to tell us.

You will not be responsible if you’re unable to notify us because our phone lines are unexpectedly unavailable or closed, as long as you call us when our lines open the next day.

For card related fraud, block your card in the Triodos Mobile Banking App or in Internet Banking. Then, please call us on 0330 355 0355 (or +44 (0)1179 739339 if calling from abroad) to speak to our 24/7 card services department.

For all other fraud issues and queries, we’re available between 8am-6pm on weekdays. At weekends, e-mail [email protected] 10am-4pm.

We’ll ask you for all relevant information related to the scam, loss or theft and in some cases may ask you to report this to the police.

We’ll advise you on any next steps, and we may provide you with advice to help keep your account secure whilst we investigate.

Where Fraud is confirmed you should also report it to Action Fraud – the UK’s national fraud and cyber crime reporting centre:

• Call: 0300 123 2040
• Report it online: actionfraud.police.uk

Yes, Confirmation of Payee (CoP) is an account name-checking service that has been introduced to combat fraud and misdirected payments. Triodos is part of the UK industry-wide scheme for incoming and outbound payments, and a CoP check will be performed every time you send money from your Triodos account. We encourage you still continue to check payment details in line with our guidance, and regularly review our website for information on how to prevent fraud.

Identity fraud happens when someone steals and uses your personal information to buy products or services. They get hold of this information in many ways - taking post from your bin, looking for information about you online, or contacting you directly, pretending to be from a real organisation.

There are several things you can do – offline and online - to protect your personal information. Here are a few tips.

Protect yourself offline:

1. Shred your post
   Shred or cut up your post before putting it in the bin, so your name and address cannot be stolen.
2. Redirect your post
   If you move house, ask Royal Mail to redirect your post for at least a year.
3. Be tidy
   Don’t leave things like bills or personal documents lying around for others to see. Even on your work desk.
4. Know your bank
   This sounds like an odd one, but knowing how your bank will and won’t contact you can help you spot fraudulent emails, texts or calls claiming to be from your bank. If a bank statement or new bank card doesn’t arrive, tell your bank or card company immediately.

Protect yourself online:

1. Create complex passwords
   Create strong passwords and different passwords for every online account you have (email, online banking, social media, retail websites etc). Avoid using personal information in passwords, like names of family, school, pets, cars. This will reduce the likelihood that someone could guess or hack your password and access other platforms you use. You might find a password management tool useful.
2. Use anti-virus software
   Protect your internet-connected devices with up-to-date security software, and make sure you install all official software updates and security fixes on your devices.
3. Connect with those you know
   Don’t accept invitations from people you don’t know on social media sites.
4. Be wifi wise
   Public wifi connections and Hotspots can be hacked and used to see what you’re doing online. Whilst it’s fine to use public wifi for browsing, never use it for buying something, logging in, online banking, filling in forms – or anything else that requires your personal or card data.
5. Be private
   Double-check that your social media profiles are private so that you’re only sharing information with people you know.
6. Think before you post
   Before you post anything on social media, forums or online platforms, make sure you’re not revealing any personal information – even pictures of your car registration can be used to get your address from DVLA records.

If the text is from a sender you know, or from a shortcode (five to eight digits long):

• Reply ‘STOP’. You shouldn’t be charged for this, and it will let the sender know you don’t want to receive their text messages.
• If you’re unhappy about receiving the text or continue to receive them after asking the sender to stop, you can complain to the Information Commissioners Office (ICO) on 0303 123 1113 or online.

If the spoof text message (sometimes known as smishing) is from an unknown sender, or from an organisation you’re not familiar with:

• Do not reply or click on a link in the text. Responding confirms your number is active and could result in you receiving more messages or calls.
• Report the spam text to your network operator. Simply forward the text to 7726. An easy way to remember ‘7726’ is that they’re the numbers on your phone keypad that spell out the word ‘SPAM’. You may get an automated response thanking you for the report and giving you further instructions if needed, like forwarding on the number the spam text message was sent from. You won’t be charged for forwarding spam texts to 7726.
  

Bank impersonation fraud is when a fraudster impersonates someone from the bank in order to trick a victim into making payments to a fraudulent account.

What a fraudster might do:

• A fraudster usually calls their victim, though may use email or another contact method. It’s likely they already know information about the victim, including their name and who they bank with.
• While impersonating the bank staff member, the fraudster might tell the victim their account is under threat and they need to make payments to a “safe account” or set up payments in order to “block the funds”.
• The fraudster might ask for details from the Digipass so they can access the account and make payments to the fraudulent account themselves.
• The fraudster might ask the victim to download screen sharing software so they can view or control the victim’s computer. This can make it easier to take control of the account.
• In any scenario, the fraudster will foster a feeling of panic in order to get the victim to comply with their requests as quickly as possible.
• Fraudsters might also impersonate other well-known, trusted companies such as Microsoft, Apple, BT or HMRC.

What Triodos Bank will never do

• We’ll never call you to tell you to log into internet banking or to make a payment to a “safe account”. If we believe your account to be under threat, we can block the account ourselves and do not need you to do anything from your end.
• We’ll never ask you for your full Digipass number or your Digipass PIN.
• We’ll never ask you to download any software onto your PC or mobile phone.

What you can do to protect yourself

• Never give out your personal details to someone who has called you unexpectedly.
• Never download any software onto your PC or mobile phone when asked by someone over the phone or by email – even if you think you are speaking to a trusted organisation.
• Never give anyone your Digipass number or your Digipass PIN. Triodos will never ask for this information.
• Do not let someone else use your Digipass – even a colleague or family member. Your Digipass is assigned to you as an individual and must only be used by yourself. If you leave your place of work, please let us know and we can arrange for your Digipass to be cancelled.
• If you are unsure about someone who has called you claiming to be from the bank or another company, hang up and call back on the company’s published telephone number.

Secure banking is our top priority. When you set up Google Pay, your card information is encrypted by Google and a unique virtual card number is created. This is the number shared with the retailer when you buy something, instead of your actual card number. Your card number is never stored on your mobile device or on Google's servers.

You can find more information in Google's terms and privacy statement.

Contact us immediately on 0330 355 0355 (or +44 (0)1179 739339 if calling from abroad) if you think you've lost any of your security details or if you think they have been stolen or may be known by someone else.

You can request a password reset letter on our website at any time. This will cancel the old password to prevent access to your account by internet banking using the old password.

We do not offer a facility for emergency cash if you have lost your debit card or it has been stolen. However, you can still access your mobile app or internet banking to make payments from your account.

In order to safeguard your personal information and money we require a three stage login process for internet banking, one of which involves the use of a digipass. This is similar to the card reader facility at some other banks and is used along with other systems to ensure your finances are kept safe. We constantly review our security measures and publish guidance on steps that can be taken to prevent fraud such as the Take 5 campaign through FFA UK.