We're dedicated to protecting your account and personal details - learn how to stay safe by recognising and reporting fraud
Staying safe
Take five to stop fraud
Take Five is a campaign from Financial Fraud Action UK and the government. It aims to put consumers and businesses back in control to help prevent financial fraud. Watch out for scams like this.
Five steps to stopping fraud
How we protect you
As you'd expect from a bank, we take security very seriously - here are some things we do to keep you safe. To help you spot fraud, we’d also like you to know the things we’d never do.
We're here for you
Victim support
Think you've been a victim of fraud? Report it to us right away - we're here to help. We'll secure your account and look into the incident.
How to report fraud
- Call us as soon as possible
We provide 24-hour support for debit card fraud. Please contact us immediately if:
- You’ve lost your card or suspect it has been stolen
- You’ve noticed an unusual debit card payment
- You think someone else may be able to use your debit card details
For all other fraud issues and queries, we’re available between 8am-6pm on weekdays and 10am-4pm at weekends.
Please call us on 0330 355 0355 as soon as possible. If abroad, call +44 (0)117 9739339.
- We'll take your details
Once you've contacted us:
- We’ll ask you for all relevant information related to the scam, loss or theft and in some cases may ask you to report this to the police.
- We’ll advise you on any next steps, and we may provide you with advice to help keep your account secure whilst we investigate.
- If you find your card after reporting it as lost or stolen do not use it. Destroy your card immediately by cutting through both the magnetic stripe and chip
- Report it to Action Fraud
Once you’ve let us know, you should also report it to Action Fraud – the UK’s national fraud and cyber crime reporting centre:
- Call: 0300 123 2040
- Report it online: actionfraud.police.uk
Thanks for your feedback. We’ll use it to improve our services.
FAQs
As you'd expect from a bank, we take security very seriously - here are some things we do to keep you safe. To help you spot fraud, we’d also like you to know the things we’d never do.
What we do
- Provide around the clock debit card transaction monitoring.
- Provide 24/7 phone support to answer your questions about your debit card.
- Give you the ability to block your card in the Triodos App or Internet Banking.
- Temporarily block accounts and debit cards if fraudulent activity is suspected.
- Automatically log you out of Internet Banking and the app after a period of inactivity.
- Keep you up to date with fraud protection advice.
- Send text alerts when online or card transactions are made.
- Temporarily suspend your Internet Banking if left dormant for a long time.
- Monitor payments to assess whether the payment you are making is likely to have been made as part of a scam.
What we’ll never do
We will never contact you out of the blue to ask you:
- For your mobile app passcode.
- For your digipass PIN.
- For your card number or PIN.
- To transfer money out of your account.
- To click a link in an email to our Internet Banking.
- To download any software onto your PC or mobile phone.
- To authorise or cancel card payments through the app, or approve “refunds”.
If in doubt, call us on the number on our website, or delete the email without opening it.
Learn more about how to stay safe online or visit the action fraud website.
Thanks for your feedback. We’ll use it to improve our services.
Screen scraping happens when you allow a third party to log into your computer while you are using it, so they see what you are doing and can copy the data on the screens you are viewing. This is a way for third parties to be able to get access to your payment data or account overview.
Triodos Bank is not in favour of this practice, as it potentially compromises the integrity of your own computer and your passwords.
Thanks for your feedback. We’ll use it to improve our services.
Phishing is a common type of internet fraud. Phishing emails are designed to appear as though they are from a legitimate source, but intend to steal personal information that can be used to access your account.
Do not respond to any email that asks for any information in relation to your internet banking log in details. If you have received a suspicious email, do not respond and call us if you need any further information.
Our opening hours are published on our help and support page.
Thanks for your feedback. We’ll use it to improve our services.
Money mules are people used to help launder money, often without realising that’s what they’re doing. They help move illegitimate funds (money gained illegally) between accounts so that the money then appears to be legitimate. They may be asked to receive money into their account, then withdraw it and put it into another account, sometimes in another country. Sometimes the money mules are offered compensation or commission.
Even if money mules don’t know the money they’re transferring is fraudulent, they are still committing fraud and money laundering, and could be sentenced to time in prison or to pay a fine.
Money mules are often recruited into this activity through false job adverts, or social media posts that promote quick money-making opportunities. Sometimes they are duped by fake social media profiles that pretend to want a romantic relationship with the victim to gain their trust and affection before asking this favour or blackmailing them. This is also known as romance fraud.
Never move money between accounts you don’t know and trust, especially because someone else has asked you to, or if you don’t know where that money has come from. If you are suspicious of money laundering, call us immediately on 0330 355 0355.
Thanks for your feedback. We’ll use it to improve our services.
Vishing is where a fraudster uses voice messages or phone calls to try to steal identities, and financial information like your PIN, card details and Digipass code.
The term comes from the combination of ‘phishing’ and ‘voice’. Phishing is where fraudsters use email, regular phone calls and fake websites to dupe people into giving them personal details and financial information.
Vishing is specifically the use of a VOIP service (Voice Over Internet Protocol, or an internet phone service), which enables fraudsters to communicate with their potential victims via automated voice messages and the phone keypad.
Vishers can create fake caller ID profiles so that their phone number seems legitimate, and vishing requests sound urgent, to panic the victim into acting without thinking.
Examples of vishing:
- Your bank account has been compromised
You receive call from what appears to be Triodos Bank’s phone number. When you answer, you hear a recording pretending to be from Triodos, saying that your bank account has been compromised, and you need to call a freephone number to reset your security details. Calling this number, you would hear another automated message asking for your bank account number, Digipass code or other personal details via the phone keypad. - You’re eligible for a loan
You are offered loan or credit terms too good to be true (they probably are), and to receive the money, you just need to pay an upfront fee or provide your security details. - You’re due a refund
You receive a message that says you are due a refund. This is usually someone claiming to be from a trusted organisation. If you opt in – usually by pressing a number on your telephone - you will be redirected to a call centre agent who will attempt to defraud you or steal your information. - Don’t miss this investment opportunity
An automated voice message tells you about an investment opportunity too good to turn down. You’ll be encouraged to transfer money to invest in a company or service that doesn’t exist. - You’ve won a prize
Victims hear an automated voice message about a free offer or prize, and just need to pay postage, redemption or admin fees to claim. There’s often a deadline to hurry people into handing over their card details.
What you can do
If you receive an unexpected phone call with an automated response, hang up, search for the company’s genuine contact details online and check whether the call was legitimate. If it was, the company will be able to help you, and if it was a vishing attempt, letting the company know enables them to take action, and you will have protected yourself from fraud.
If the call relates to an investment opportunity, check the FCA register to see if the investor is regulated, and confirm the company exists by checking Companies House.
How to report a vishing scam
If you think you have been a victim of a vishing attack, call us immediately on 0330 355 0355. Then report to the FCA using their reporting form.
If you have lost money to suspected investment fraud, report it to Action Fraud on 0300 123 2040.
Thanks for your feedback. We’ll use it to improve our services.
You can place a block on your card and order a replacement in the Triodos Mobile Banking App by going to More > Cards, or in Internet Banking by going to Self-Service > Cards.
Blocking your card will also block your card being used with Apple Pay.
If you need more support, please call us on 0330 355 0355 (or +44 (0)1179 739339 if calling from abroad) to speak to our 24/7 card services department. We do not have a facility to offer emergency cash in the instance where your card has been lost or stolen. A new debit card should arrive at your home address within five working days.
Thanks for your feedback. We’ll use it to improve our services.
Do not respond to any email that asks you for information about your internet banking log in details. If you have received a suspicious email, do not respond and call our Contact Team as soon as you can during our opening hours on 0330 355 0355 to check if it is a genuine email.
Our opening hours are published on our help and support page.
Thanks for your feedback. We’ll use it to improve our services.
If your card or security details are used to make a payment or transfer without your permission, we will refund the full amount (minus £35 where applicable) of the payment as soon as is operationally possible. This includes repayment of any interest or charges incurred as a result of the payment. However, you must notify us as soon as possible and no later than 13 months after the debit date. After this time we will not be able to issue a refund.
You may have to pay up to £35 if:
- Your card is used after being lost or stolen
- You fail to keep your security details safe
You may be responsible for money taken from your account up until the point you report it to us, if you:
- Don’t keep your card or security details secure
- Don’t tell us as soon as possible that your card is lost or stolen
- Share your card, digipass or security details with a third party
- You were aware that your account had been compromised at the time that the payment was made and you failed to tell us.
You will not be responsible if you’re unable to notify us because our phone lines are unexpectedly unavailable or closed, as long as you call us when our lines open the next day.
Thanks for your feedback. We’ll use it to improve our services.
For card related fraud, block your card in the Triodos Mobile Banking App or in Internet Banking. Then, please call us on 0330 355 0355 (or +44 (0)1179 739339 if calling from abroad) to speak to our 24/7 card services department.
For other fraud issues and queries, we're available 8am-6pm Mon-Fri (9am-6pm Thu), and 10am-4pm weekends.
We’ll ask you for all relevant information related to the scam, loss or theft and in some cases may ask you to report this to the police.
We’ll advise you on any next steps, and we may provide you with advice to help keep your account secure whilst we investigate.
Where Fraud is confirmed you should also report it to Action Fraud – the UK’s national fraud and cyber crime reporting centre:
- Call: 0300 123 2040
- Report it online: actionfraud.police.uk
Thanks for your feedback. We’ll use it to improve our services.
Identity fraud happens when someone steals and uses your personal information to buy products or services. They get hold of this information in many ways - taking post from your bin, looking for information about you online, or contacting you directly, pretending to be from a real organisation.
There are several things you can do – offline and online - to protect your personal information. Here are a few tips.
Protect yourself offline:
- Shred your post
Shred or cut up your post before putting it in the bin, so your name and address cannot be stolen. - Redirect your post
If you move house, ask Royal Mail to redirect your post for at least a year. - Be tidy
Don’t leave things like bills or personal documents lying around for others to see. Even on your work desk. - Know your bank
This sounds like an odd one, but knowing how your bank will and won’t contact you can help you spot fraudulent emails, texts or calls claiming to be from your bank. If a bank statement or new bank card doesn’t arrive, tell your bank or card company immediately.
Protect yourself online:
- Create complex passwords
Create strong passwords and different passwords for every online account you have (email, online banking, social media, retail websites etc). Avoid using personal information in passwords, like names of family, school, pets, cars. This will reduce the likelihood that someone could guess or hack your password and access other platforms you use. You might find a password management tool useful. - Use anti-virus software
Protect your internet-connected devices with up-to-date security software, and make sure you install all official software updates and security fixes on your devices. - Connect with those you know
Don’t accept invitations from people you don’t know on social media sites. - Be wifi wise
Public wifi connections and Hotspots can be hacked and used to see what you’re doing online. Whilst it’s fine to use public wifi for browsing, never use it for buying something, logging in, online banking, filling in forms – or anything else that requires your personal or card data. - Be private
Double-check that your social media profiles are private so that you’re only sharing information with people you know. - Think before you post
Before you post anything on social media, forums or online platforms, make sure you’re not revealing any personal information – even pictures of your car registration can be used to get your address from DVLA records.
Thanks for your feedback. We’ll use it to improve our services.
This is when a fraudster sends a text message that looks like it has been sent by your bank or other trusted provider, like PayPal or a utilities company, to say there's a problem with your account. They may ask you to call a phone number or click a link to trick you into giving away your personal details.
Thanks for your feedback. We’ll use it to improve our services.
If the text is from a sender you know, or from a shortcode (five to eight digits long):
- Reply ‘STOP’. You shouldn’t be charged for this, and it will let the sender know you don’t want to receive their text messages.
- If you’re unhappy about receiving the text or continue to receive them after asking the sender to stop, you can complain to the Information Commissioners Office (ICO) on 0303 123 1113 or online.
If the spoof text message (sometimes known as smishing) is from an unknown sender, or from an organisation you’re not familiar with:
- Do not reply or click on a link in the text. Responding confirms your number is active and could result in you receiving more messages or calls.
- Report the spam text to your network operator. Simply forward the text to 7726. An easy way to remember ‘7726’ is that they’re the numbers on your phone keypad that spell out the word ‘SPAM’. You may get an automated response thanking you for the report and giving you further instructions if needed, like forwarding on the number the spam text message was sent from. You won’t be charged for forwarding spam texts to 7726.
Related
Thanks for your feedback. We’ll use it to improve our services.
Bank impersonation fraud is when a fraudster impersonates someone from the bank in order to trick a victim into making payments to a fraudulent account.
What a fraudster might do:
- A fraudster usually calls their victim, though may use email or another contact method. It’s likely they already know information about the victim, including their name and who they bank with.
- While impersonating the bank staff member, the fraudster might tell the victim their account is under threat and they need to make payments to a “safe account” or set up payments in order to “block the funds”.
- The fraudster might ask for details from the Digipass so they can access the account and make payments to the fraudulent account themselves.
- The fraudster might ask the victim to download screen sharing software so they can view or control the victim’s computer. This can make it easier to take control of the account.
- In any scenario, the fraudster will foster a feeling of panic in order to get the victim to comply with their requests as quickly as possible.
- Fraudsters might also impersonate other well-known, trusted companies such as Microsoft, Apple, BT or HMRC.
What Triodos Bank will never do
- We’ll never call you to tell you to log into internet banking or to make a payment to a “safe account”. If we believe your account to be under threat, we can block the account ourselves and do not need you to do anything from your end.
- We’ll never ask you for your full Digipass number or your Digipass PIN.
- We’ll never ask you to download any software onto your PC or mobile phone.
What you can do to protect yourself
- Never give out your personal details to someone who has called you unexpectedly.
- Never download any software onto your PC or mobile phone when asked by someone over the phone or by email – even if you think you are speaking to a trusted organisation.
- Never give anyone your Digipass number or your Digipass PIN. Triodos will never ask for this information.
- Do not let someone else use your Digipass – even a colleague or family member. Your Digipass is assigned to you as an individual and must only be used by yourself. If you leave your place of work, please let us know and we can arrange for your Digipass to be cancelled.
- If you are unsure about someone who has called you claiming to be from the bank or another company, hang up and call back on the company’s published telephone number.
Thanks for your feedback. We’ll use it to improve our services.
Contact us immediately on 0330 355 0355 (or +44 (0)1179 739339 if calling from abroad) if you think you've lost any of your security details or if you think they have been stolen or may be known by someone else.
You can request a password reset letter on our website at any time. This will cancel the old password to prevent access to your account by internet banking using the old password.
Thanks for your feedback. We’ll use it to improve our services.
In order to safeguard your personal information and money we require a three stage login process for internet banking, one of which involves the use of a digipass. This is similar to the card reader facility at some other banks and is used along with other systems to ensure your finances are kept safe. We constantly review our security measures and publish guidance on steps that can be taken to prevent fraud such as the Take 5 campaign through FFA UK.
Thanks for your feedback. We’ll use it to improve our services.
We’ll investigate all fraud claims and we will let you know the next steps when you report the fraud to us, including any timescales for reimbursement. We may ask for additional information or documents to help us assess your claim, and we will ask for your consent to share information with the other banks involved.
Every claim will be assessed on a case-by-case basis. As part of the process, we will consider the evidence presented by you, any service providers involved and – where relevant – a third party, such as the police.
Thanks for your feedback. We’ll use it to improve our services.
If you receive a call from Triodos, we’ll be happy for you to question who we are and call us back on the number published on our website, just to make sure. If you can, call us back from a different phone, as an extra safety precaution. Fraudsters can clone numbers, so it may look like the number we use to call you.
We will never call you to ask you to transfer money or for your Digipass codes, and we will never ask you to download software onto your device. If someone calls pretending to be from Triodos, and they ask you to do these things, hang up immediately and report it to us on 0330 355 0355.
Thanks for your feedback. We’ll use it to improve our services.
Identity theft is when someone steals your personal details. They might go through your post or rubbish to find bank and credit card statements. Or they might use social media sites, forums and other online platforms to steal your personal information.
Identity fraud is when someone uses your stolen identity to buy products or services, like credit cards, loans or mobile phone contracts.
You might not know your identity has been stolen until you get a bill, invoice or delivery for something you didn’t buy. Or until you receive a letter from debt collectors for debts that aren’t yours.
There are ways you can protect yourself, however. Read our How-to guide on how to protect yourself from identity theft and identity fraud.
Thanks for your feedback. We’ll use it to improve our services.
Investment fraud comes in many forms, but is typically when someone poses as an investment service provider, Financial Advisor or fund manager to convince you to transfer large sums of money into a company or service that doesn’t actually exist.
They can create convincing-looking websites and adverts, and send you emails, texts and automated voice messages offering investments that sound too good to be true. They often are.
Before you transfer any money:
- Always check the FCA's ScamSmart webpage for advice on being a ScamSmart investor
- Always check the FCA register to see if the investor is regulated and what they are regulated to do
- Always confirm the company exists by checking Companies House
- Always call the company on the number on their FCA register listing to confirm the correct payment details.
Genuine financial services will never:
- Cold call you
- Put pressure on you to invest
- Ask you to transfer immediately to lock in a deal or take advantage of a time-limited offer or special discount
As a general rule, if it sounds to good to be true, it probably is. Beware of promises of high returns and guaranteed returns with no risk.
Useful resources
Thanks for your feedback. We’ll use it to improve our services.
Our card department provides 24 hour transaction monitoring on the Triodos Debit Card and will block a transaction or a card if required. In this event we will send a text message asking you to call us. We will not ask for the card PIN, three-digit CVV code on the back of the card or any information regarding your digipass.
Thanks for your feedback. We’ll use it to improve our services.
When you open an account with us, we need to obtain sufficient proof of your identity and address. We do this to satisfy our legal obligations and protect you, the public and Triodos Bank against fraud and misuse of the banking system. To help us verify your identity, we may use the details you provide to do electronic searches about you at credit reference agencies. They will supply us information from databases, including information from the Electoral Register and fraud prevention agencies.
Thanks for your feedback. We’ll use it to improve our services.
If you think someone is being targeted by fraudsters or has fallen victim already, speak to them about it and reassure them that they aren’t to blame – fraudsters use various tactics to trick people into giving them money or private information, and anyone could be taken in. Many people can feel ashamed or embarrassed by falling victim to fraud, so it’s important for them to know there’s support available.
Help them to report it to Action Fraud. If they bank with Triodos, report it to us immediately by calling 0330 355 0355.
They could also talk to Victim Support - a charity that provides practical and emotional support to people affected by crime.
For more information, download a factsheet from Independent Age: Scamwise: Spotting, avoiding and reporting scams.
Thanks for your feedback. We’ll use it to improve our services.
We undertake monitoring on customer accounts and transactions to identify suspicious activity that could potentially be fraudulent. If we identify suspicious activity on any of your accounts, we will contact you to verify whether it is genuine. We may delay or decline transactions, or block your account until we can confirm the authenticity of requests received. When we contact you, we will ask you security questions but these will not include any information about your internet banking log in details. If you receive a call claiming to be someone from Triodos Bank and you are suspicious call us back on 0330 355 0355 and our Contact Team will be able to confirm if it was a genuine call.
Thanks for your feedback. We’ll use it to improve our services.
Fraud can affect anyone, and you can help protect your friends, family and neighbours by telling them about different types of scams to help them be savvy about fraud.
You can also help by looking out for signs that could mean they are being targeted by fraudsters:
- lots of junk mail – postal or email
- unexpected or suspicious calls, texts or emails
- visits from strangers
- lots of deliveries for things they don’t seem to need
- an unexpected change in financial circumstances, or money troubles
- uncomfortable talking about money
- unnecessary work to their house or garden
- a new friendship that seems out of place somehow
Thanks for your feedback. We’ll use it to improve our services.
It’s important to keep your codes and PINs secret and your digipass safe. Here are some precautions you can take:
- Destroy any PIN notification immediately after receiving it from us
- Never write your PIN or security details in a way that might be understood by someone else or record them on any item or in any place that might be accessed by someone else
- Take all reasonable care to ensure that no-one sees your PIN, password or security word when you use them.
- Avoid a PIN that is easy to guess
- Never share your digipass
- Keep your digipass in a safe place
We will never contact you to ask you to reveal your internet banking PIN or password and we will never send you any emails asking for your security information.
Thanks for your feedback. We’ll use it to improve our services.
We recommend you check that you have the necessary secure (SSL) connection with Triodos Bank.
How to check your secure connection with Microsoft Internet Explorer:
- In the address line, HTTPS should appear instead of HTTP. The "S" stands for secure
- Select "Properties" from the "File" menu
- Next to "Connection" it says SSL x.y, where x.y = version number
- Select "Certificates" for information about the certificate assigned to Triodos Bank (or double-click on the padlock in the browser status bar).
Thanks for your feedback. We’ll use it to improve our services.
To prevent unauthorised access and viruses being downloaded onto your computer, you should use a firewall and anti-virus software.
A personal firewall is software that protects your computer against abuse from hackers and warns you if someone tries to gain access to your computer.
This type of protection is very important for computers that have a permanent internet connection, e.g. with an (A)DSL (broadband) or cable connection.
Here are some tips for using your firewall and anti-virus software effectively:
- Make sure you always install the most recent updates
- Make sure the anti-virus software is always activated, even when you are not connected to the internet
- Make sure you set up the anti-virus software to scan your entire computer regularly
- If an active anti-virus programme or firewall causes problems with Triodos internet banking, please check the settings of the anti-virus software and the firewall Internet banking security
- Only install software of known origin and integrity
Do not save encrypted pages on your hard drive. It is standard practice not to save encrypted pages in your browser. This ensures that other users of the same computer cannot access these pages when you are finished with them. You can check and if necessary change the security setting for your browser. With Microsoft Explorer proceed as follows:
- select "Internet Options" in the "Tools" menu
- go to the "Advanced" tab
- under "Security", activate the "Do not save encrypted pages to disk" option.
Thanks for your feedback. We’ll use it to improve our services.
- Use a different, strong password for every social media account you have – ideally with special characters, numbers and lower and upper case letters.
- Don’t create passwords that contain personal information - fraudsters scan social media accounts for personal details and try to guess passwords and steal identities.
- Some fake accounts are created to capture personal information, so don’t give personal information to anyone you don’t know and trust.
- Don’t click on links if they’re not from a trusted website - some links can put a virus on your device.
- Always log off to prevent someone else accessing your account.
- Be mindful of what you share and post on company social media channels whose services you use. Social media is great for contacting companies directly to solve problems or give feedback. If you mention or message your bank, phone network or utility provider on social media, be aware that this information is public and fraudsters can use it to convince you they’re calling from these companies.
Thanks for your feedback. We’ll use it to improve our services.
Authorised push payment (APP) fraud happens when you are tricked by a criminal into sending money by bank payment to an account that they control and which you do not.
New rules effective from 07 October 2024 introduce requirements for all banks to reimburse victims of APP fraud.
Every claim will be assessed on a case-by-case basis. As part of the process, we will consider the evidence presented by you, any service providers involved and – where relevant – a third party, such as the police. For more information about what is covered for reimbursement and what is not please see ‘When is a fraudulent authorised push payment (APP) payment covered?’
We may not reimburse money lost in an APP fraud if you have not taken certain steps before and after you make the payment. These steps are known as the Consumer Standard of Caution, and are as follows:
- You need to follow any warnings from us, such as an alert that the payment you are making is fraud or could be fraud. You also need to follow any instructions from the police or the National Crime Agency.
- You must report the fraud as soon as you can, and no more than 13 months after the last fraudulent payment was made.
- We may ask you for additional information about your claim. You need to make sure you respond to these requests.
- Once you have made a claim, we may ask you to report the details of the fraud to the police.
Thanks for your feedback. We’ll use it to improve our services.