If you authorise a payment from your account, you will be responsible for it. Where you tell us a payment from your account was not authorised by you, you can ask us for a refund. However, you must notify us as soon as possible and no later than 13 months after the debit date. After this time we will not be able to issue a refund.

Phishing is a common type of internet fraud. Phishing emails are designed to appear as though they are from a legitimate source, but intend to steal personal information that can be used to access your account.

Do not respond to any email that asks for any information in relation to your internet banking log in details. If you have received a suspicious email, do not respond and call us if you need any further information.

Our opening hours are published on our help and support page. 

Identity fraud happens when someone steals and uses your personal information to buy products or services. They get hold of this information in many ways - taking post from your bin, looking for information about you online, or contacting you directly, pretending to be from a real organisation.

There are several things you can do – offline and online - to protect your personal information. Here are a few tips.

Protect yourself offline:

1. Shred your post
   Shred or cut up your post before putting it in the bin, so your name and address cannot be stolen.
2. Redirect your post
   If you move house, ask Royal Mail to redirect your post for at least a year.
3. Be tidy
   Don’t leave things like bills or personal documents lying around for others to see. Even on your work desk.
4. Know your bank
   This sounds like an odd one, but knowing how your bank will and won’t contact you can help you spot fraudulent emails, texts or calls claiming to be from your bank. If a bank statement or new bank card doesn’t arrive, tell your bank or card company immediately.

Protect yourself online:

1. Create complex passwords
   Create strong passwords and different passwords for every online account you have (email, online banking, social media, retail websites etc). Avoid using personal information in passwords, like names of family, school, pets, cars. This will reduce the likelihood that someone could guess or hack your password and access other platforms you use. You might find a password management tool useful.
2. Use anti-virus software
   Protect your internet-connected devices with up-to-date security software, and make sure you install all official software updates and security fixes on your devices.
3. Connect with those you know
   Don’t accept invitations from people you don’t know on social media sites.
4. Be wifi wise
   Public wifi connections and Hotspots can be hacked and used to see what you’re doing online. Whilst it’s fine to use public wifi for browsing, never use it for buying something, logging in, online banking, filling in forms – or anything else that requires your personal or card data.
5. Be private
   Double-check that your social media profiles are private so that you’re only sharing information with people you know.
6. Think before you post
   Before you post anything on social media, forums or online platforms, make sure you’re not revealing any personal information – even pictures of your car registration can be used to get your address from DVLA records.

Investment fraud comes in many forms, but is typically when someone poses as an investment service provider, Financial Advisor or fund manager to convince you to transfer large sums of money into a company or service that doesn’t actually exist.

They can create convincing-looking websites and adverts, and send you emails, texts and automated voice messages offering investments that sound too good to be true. They often are.

Before you transfer any money:

• Always check the FCA's ScamSmart webpage for advice on being a ScamSmart investor
• Always check the FCA register to see if the investor is regulated and what they are regulated to do
• Always confirm the company exists by checking Companies House
• Always call the company on the number on their FCA register listing to confirm the correct payment details.

Genuine financial services will never:

• Cold call you
• Put pressure on you to invest
• Ask you to transfer immediately to lock in a deal or take advantage of a time-limited offer or special discount

As a general rule, if it sounds to good to be true, it probably is. Beware of promises of high returns and guaranteed returns with no risk.

>More fraud advice

Useful resources

• Money Advice Service - advice for choosing a financial advisor
• Age UK – Investment Scams

1. Contact us immediately on 0330 355 0355 (or if abroad on +44 (0)1179 739339) if:

• You’ve lost your card or suspect it has been stolen
• You’ve lost any of your security details or think they have been stolen
• You think someone else may be able to use your card or security details

For card related queries, we're available 24/7. For other fraud related queries, we're available 8am-6pm Mon-Fri (9am-6pm Thu), and 10am-4pm weekends.

2. Once you've contacted us:

• We'll ask you for all information you have about the loss or theft and may require you to report it to the police
• If you find your card after reporting it as lost or stolen do not use it. Destroy your card immediately by cutting through both the magnetic stripe and chip

3. Once you’ve let us know, you can also report it to Action Fraud – the UK’s national fraud and cyber crime reporting centre:

• Call: 0300 123 2040
• Report it online: actionfraud.police.uk

If you authorised a card payment or any other payment from your account, you will be responsible for it. If your card or security details are used to make a payment or transfer without your permission, we will refund the full amount (minus £35 where applicable) of the payment as soon as is operationally possible. This includes repayment of any interest or charges incurred as a result of the payment. However, you must notify us as soon as possible and no later than 13 months after the debit date. After this time we will not be able to issue a refund.

You may have to pay up to £35 if:

• Your card is used after being lost or stolen
• You fail to keep your security details safe

You may be responsible for money taken from your account up until the point you report it to us, if you:

• Don’t keep your card or security details secure
• Don’t tell us as soon as possible that your card is lost or stolen
• Share your card, digipass or security details with a third party
• You were aware that your account had been compromised at the time that the payment was made and you failed to tell us.

You will not be responsible if you’re unable to notify us because our phone lines are unexpectedly unavailable or closed, as long as you call us when our lines open the next day.

Identity theft is when someone steals your personal details. They might go through your post or rubbish to find bank and credit card statements. Or they might use social media sites, forums and other online platforms to steal your personal information.

Identity fraud is when someone uses your stolen identity to buy products or services, like credit cards, loans or mobile phone contracts.

You might not know your identity has been stolen until you get a bill, invoice or delivery for something you didn’t buy. Or until you receive a letter from debt collectors for debts that aren’t yours.

There are ways you can protect yourself, however. Read our How-to guide on how to protect yourself from identity theft and identity fraud.

Fraud can affect anyone, and you can help protect your friends, family and neighbours by telling them about different types of scams to help them be savvy about fraud.

You can also help by looking out for signs that could mean they are being targeted by fraudsters:

• lots of junk mail – postal or email
• unexpected or suspicious calls, texts or emails
• visits from strangers
• lots of deliveries for things they don’t seem to need
• an unexpected change in financial circumstances, or money troubles
• uncomfortable talking about money
• unnecessary work to their house or garden
• a new friendship that seems out of place somehow

If you think someone is being targeted by fraudsters or has fallen victim already, speak to them about it and reassure them that they aren’t to blame – fraudsters use various tactics to trick people into giving them money or private information, and anyone could be taken in. Many people can feel ashamed or embarrassed by falling victim to fraud, so it’s important for them to know there’s support available.

Help them to report it to Action Fraud. If they bank with Triodos, report it to us immediately by calling 0330 355 0355.

They could also talk to Victim Support - a charity that provides practical and emotional support to people affected by crime.

For more information, download a factsheet from Independent Age: Scamwise: Spotting, avoiding and reporting scams.

Our card department provides 24 hour transaction monitoring on the Triodos Debit Card and will block a transaction or a card if required. In this event they will send a text message asking you to call them. The will ask standard identity questions around your personal details and investigate the transaction with you. They will not ask for the card PIN, three-digit CVV code on the back of the card or any information regarding your digipass.

If the text is from a sender you know, or from a shortcode (five to eight digits long):

• Reply ‘STOP’. You shouldn’t be charged for this, and it will let the sender know you don’t want to receive their text messages.
• If you’re unhappy about receiving the text or continue to receive them after asking the sender to stop, you can complain to the Information Commissioners Office (ICO) on 0303 123 1113 or online.

If the spoof text message (sometimes known as smishing) is from an unknown sender, or from an organisation you’re not familiar with:

• Do not reply or click on a link in the text. Responding confirms your number is active and could result in you receiving more messages or calls.
• Report the spam text to your network operator. Simply forward the text to 7726. An easy way to remember ‘7726’ is that they’re the numbers on your phone keypad that spell out the word ‘SPAM’. You may get an automated response thanking you for the report and giving you further instructions if needed, like forwarding on the number the spam text message was sent from. You won’t be charged for forwarding spam texts to 7726.
  

If you receive a call from Triodos, we’ll be happy for you to question who we are and call us back on the number published on our website, just to make sure. If you can, call us back from a different phone, as an extra safety precaution. Fraudsters can clone numbers, so it may look like the number we use to call you.

We will never call you to ask you to transfer money or for your Digipass codes, and we will never ask you to download software onto your device. If someone calls pretending to be from Triodos, and they ask you to do these things, hang up immediately and report it to us on 0330 355 0355.

• Use a different, strong password for every social media account you have – ideally with special characters, numbers and lower and upper case letters.
• Don’t create passwords that contain personal information - fraudsters scan social media accounts for personal details and try to guess passwords and steal identities.
• Some fake accounts are created to capture personal information, so don’t give personal information to anyone you don’t know and trust.
• Don’t click on links if they’re not from a trusted website - some links can put a virus on your device.
• Always log off to prevent someone else accessing your account.
• Be mindful of what you share and post on company social media channels whose services you use. Social media is great for contacting companies directly to solve problems or give feedback. If you mention or message your bank, phone network or utility provider on social media, be aware that this information is public and fraudsters can use it to convince you they’re calling from these companies.
  
  

Screen scraping happens when you allow a third party to log into your computer while you are using it, so they see what you are doing and can copy the data on the screens you are viewing. This is a way for third parties to be able to get access to your payment data or account overview.

Triodos Bank is not in favour of this practice, as it potentially compromises the integrity of your own computer and your passwords.

It’s important to keep your codes and PINs secret and your digipass safe. Here are some precautions you can take:

1. Destroy any PIN notification immediately after receiving it from us
2. Never write your PIN or security details in a way that might be understood by someone else or record them on any item or in any place that might be accessed by someone else
3. Take all reasonable care to ensure that no-one sees your PIN, password or security word when you use them.
4. Avoid a PIN that is easy to guess
5. Never share your digipass
6. Keep your digipass in a safe place

We will never contact you to ask you to reveal your internet banking PIN or password and we will never send you any emails asking for your security information.

Triodos does not offer interest on balances held in your Current Account however we do have a range of savings options such as ISAs and online savings accounts.

Contact us immediately on 0330 355 0355 (or +44 (0)1179 739339 if calling from abroad) if you think you've lost any of your security details or if you think they have been stolen or may be known by someone else.

You can request a password reset letter on our website at any time. This will cancel the old password to prevent access to your account by internet banking using the old password.

In order to safeguard your personal information and money we require a three stage login process for internet banking, one of which involves the use of a digipass. This is similar to the card reader facility at some other banks and is used along with other systems to ensure your finances are kept safe. We constantly review our security measures and publish guidance on steps that can be taken to prevent fraud such as the Take 5 campaign through FFA UK.