FAQs
Phishing is a common type of internet fraud. Phishing emails are designed to appear as though they are from a legitimate source, but intend to steal personal information that can be used to access your account.
Do not respond to any email that asks for any information in relation to your internet banking log in details. If you have received a suspicious email, do not respond and call us if you need any further information.
Our Contact Team is available from 8am-6pm Monday-Friday, and 10am-4pm on weekends for fraud-related enquiries only. Alternatively please email us at contact@triodos.co.uk from the registered email address we hold for you and mark it urgent in the subject line.
Was this helpful?
Vishing is where a fraudster uses voice messages or phone calls to try to steal identities, and financial information like your PIN, card details and Digipass code.
The term comes from the combination of ‘phishing’ and ‘voice’. Phishing is where fraudsters use email, regular phone calls and fake websites to dupe people into giving them personal details and financial information.
Vishing is specifically the use of a VOIP service (Voice Over Internet Protocol, or an internet phone service), which enables fraudsters to communicate with their potential victims via automated voice messages and the phone keypad.
Vishers can create fake caller ID profiles so that their phone number seems legitimate, and vishing requests sound urgent, to panic the victim into acting without thinking.
Examples of vishing:
- Your bank account has been compromised
You receive call from what appears to be Triodos Bank’s phone number. When you answer, you hear a recording pretending to be from Triodos, saying that your bank account has been compromised, and you need to call a freephone number to reset your security details. Calling this number, you would hear another automated message asking for your bank account number, Digipass code or other personal details via the phone keypad. - You’re eligible for a loan
You are offered loan or credit terms too good to be true (they probably are), and to receive the money, you just need to pay an upfront fee or provide your security details. - You’re due a refund
You receive a message that says you are due a refund. This is usually someone claiming to be from a trusted organisation. If you opt in – usually by pressing a number on your telephone - you will be redirected to a call centre agent who will attempt to defraud you or steal your information. - Don’t miss this investment opportunity
An automated voice message tells you about an investment opportunity too good to turn down. You’ll be encouraged to transfer money to invest in a company or service that doesn’t exist. - You’ve won a prize
Victims hear an automated voice message about a free offer or prize, and just need to pay postage, redemption or admin fees to claim. There’s often a deadline to hurry people into handing over their card details.
What you can do
If you receive an unexpected phone call with an automated response, hang up, search for the company’s genuine contact details online and check whether the call was legitimate. If it was, the company will be able to help you, and if it was a vishing attempt, letting the company know enables them to take action, and you will have protected yourself from fraud.
If the call relates to an investment opportunity, check the FCA register to see if the investor is regulated, and confirm the company exists by checking Companies House.
How to report a vishing scam
If you think you have been a victim of a vishing attack, call us immediately on 0330 355 0355. Then report to the FCA using their reporting form.
If you have lost money to suspected investment fraud, report it to Action Fraud on 0300 123 2040.
Was this helpful?
As you'd expect from a bank, we take security very seriously - here are some things we do to keep you safe. To help you spot fraud, we’d also like you to know the things we’d never do.
What we do- Provide around the clock debit card transaction monitoring
- We are available 24 hours a day, seven days a week for all calls relating to debit card queries (such as lost or stolen cards)
- Give you the ability to block your card by sending us a text message
- Temporarily block accounts and debit cards if fraudulent activity is suspected
- Log you out of internet banking and the app after a period of inactivity
- Keep you up-to-date with the fraud protection advice
- Use a secure three-stage log in with a digipass for personal current account holders
- As a personal account customer you can receive alerts by text message when online or card transactions are made
- Temporarily suspend your internet banking if left dormant for a long time
- Only contact you via your registered details
We will never contact you out of the blue to ask you:
- for your digipass PIN
- for your card number or PIN
- for your mobile app passcode
- to transfer money out of your account
- to click a link in an email to our internet banking
If in doubt, call us on the number on our website, or delete the email without opening it.
Learn more about how to stay safe online or visit the action fraud website.
Was this helpful?
Money mules are people used to help launder money, often without realising that’s what they’re doing. They help move illegitimate funds (money gained illegally) between accounts so that the money then appears to be legitimate. They may be asked to receive money into their account, then withdraw it and put it into another account, sometimes in another country. Sometimes the money mules are offered compensation or commission.
Even if money mules don’t know the money they’re transferring is fraudulent, they are still committing fraud and money laundering, and could be sentenced to time in prison or to pay a fine.
Money mules are often recruited into this activity through false job adverts, or social media posts that promote quick money-making opportunities. Sometimes they are duped by fake social media profiles that pretend to want a romantic relationship with the victim to gain their trust and affection before asking this favour or blackmailing them. This is also known as romance fraud.
Never move money between accounts you don’t know and trust, especially because someone else has asked you to, or if you don’t know where that money has come from. If you are suspicious of money laundering, call us immediately on 0330 355 0355.
Was this helpful?
Do not respond to any email that asks you for information about your internet banking log in details. If you have received a suspicious email, do not respond and call our Contact Team as soon as you can during our opening hours on 0330 355 0355 to check if it is a genuine email.
Our Contact Team is available 8am-6pm Monday-Friday, and 10am-4pm on weekends for fraud related enquiries only.
Alternatively please email us at contact@triodos.co.uk from the registered email address we hold for you and mark it urgent in the subject line.
Was this helpful?
Identity fraud happens when someone steals and uses your personal information to buy products or services. They get hold of this information in many ways - taking post from your bin, looking for information about you online, or contacting you directly, pretending to be from a real organisation.
There are several things you can do – offline and online - to protect your personal information. Here are a few tips.
Protect yourself offline:
- Shred your post
Shred or cut up your post before putting it in the bin, so your name and address cannot be stolen. - Redirect your post
If you move house, ask Royal Mail to redirect your post for at least a year. - Be tidy
Don’t leave things like bills or personal documents lying around for others to see. Even on your work desk. - Know your bank
This sounds like an odd one, but knowing how your bank will and won’t contact you can help you spot fraudulent emails, texts or calls claiming to be from your bank. If a bank statement or new bank card doesn’t arrive, tell your bank or card company immediately.
Protect yourself online:
- Create complex passwords
Create strong passwords and different passwords for every online account you have (email, online banking, social media, retail websites etc). Avoid using personal information in passwords, like names of family, school, pets, cars. This will reduce the likelihood that someone could guess or hack your password and access other platforms you use. You might find a password management tool useful. - Use anti-virus software
Protect your internet-connected devices with up-to-date security software, and make sure you install all official software updates and security fixes on your devices. - Connect with those you know
Don’t accept invitations from people you don’t know on social media sites. - Be wifi wise
Public wifi connections and Hotspots can be hacked and used to see what you’re doing online. Whilst it’s fine to use public wifi for browsing, never use it for buying something, logging in, online banking, filling in forms – or anything else that requires your personal or card data. - Be private
Double-check that your social media profiles are private so that you’re only sharing information with people you know. - Think before you post
Before you post anything on social media, forums or online platforms, make sure you’re not revealing any personal information – even pictures of your car registration can be used to get your address from DVLA records.
Was this helpful?
If the text is from a sender you know, or from a shortcode (five to eight digits long):
- Reply ‘STOP’. You shouldn’t be charged for this, and it will let the sender know you don’t want to receive their text messages.
- If you’re unhappy about receiving the text or continue to receive them after asking the sender to stop, you can complain to the Information Commissioners Office (ICO) on 0303 123 1113 or online.
If the spoof text message (sometimes known as smishing) is from an unknown sender, or from an organisation you’re not familiar with:
- Do not reply or click on a link in the text. Responding confirms your number is active and could result in you receiving more messages or calls.
- Report the spam text to your network operator. Simply forward the text to 7726. An easy way to remember ‘7726’ is that they’re the numbers on your phone keypad that spell out the word ‘SPAM’. You may get an automated response thanking you for the report and giving you further instructions if needed, like forwarding on the number the spam text message was sent from. You won’t be charged for forwarding spam texts to 7726.
Was this helpful?
Was this helpful?
If you receive a call from Triodos, we’ll be happy for you to question who we are and call us back on the number published on our website, just to make sure. If you can, call us back from a different phone, as an extra safety precaution. Fraudsters can clone numbers, so it may look like the number we use to call you.
We will never call you to ask you to transfer money or for your Digipass codes, and we will never ask you to download software onto your device. If someone calls pretending to be from Triodos, and they ask you to do these things, hang up immediately and report it to us on 0330 355 0355.
Was this helpful?
Our primary feature regarding the digipass device is that of security. Our current providers VASCO have confirmed that the digipass can be recycled and if you wish to return your digipass to us if you no longer require it we will recycle it securely on your behalf.
Was this helpful?
You have various options for contacting Triodos to ask questions or request information. One of which is a secure messaging service which is accessed by logging in to your internet banking. You can send us a secure message and you will also receive secure messages from Triodos from time to time. When we do send you a message you will receive an e mail advising you to log in to internet banking to read it. Secure messages are responded to within our contact team opening hours of 8am - 6pm Monday to Friday, if your request is urgent please call us on 0330 335 0335.
Was this helpful?
The digipass plastic is recyclable and in line with our sustainability commitment so please send in broken, old, damaged digi passes using the freepost address - Freepost TRIODOS BANK - and we will recycle it securely for you.
Was this helpful?
- Contact us immediately on 0330 355 0355 (or if abroad on +44 (0)1179 739339) if:
- You’ve lost your card or suspect it has been stolen
- You’ve lost any of your security details or think they have been stolen
- You think someone else may be able to use your card or security details
For card related queries, we're available 24/7. For other fraud related queries, we're available 8am-6pm Mon-Fri, and 10am-4pm weekends.
2. Once you've contacted us:
- We'll ask you for all information you have about the loss or theft and may require you to report it to the police
- If you find your card after reporting it as lost or stolen do not use it. Destroy your card immediately by cutting through both the magnetic stripe and chip
3. Once you’ve let us know, you can also report it to Action Fraud – the UK’s national fraud and cyber crime reporting centre:
- Call: 0300 123 2040
- Report it online: actionfraud.police.uk
Was this helpful?
Identity theft is when someone steals your personal details. They might go through your post or rubbish to find bank and credit card statements. Or they might use social media sites, forums and other online platforms to steal your personal information.
Identity fraud is when someone uses your stolen identity to buy products or services, like credit cards, loans or mobile phone contracts.
You might not know your identity has been stolen until you get a bill, invoice or delivery for something you didn’t buy. Or until you receive a letter from debt collectors for debts that aren’t yours.
There are ways you can protect yourself, however. Read our How-to guide on how to protect yourself from identity theft and identity fraud.
Was this helpful?
Investment fraud comes in many forms, but is typically when someone poses as an investment service provider, Financial Advisor or fund manager to convince you to transfer large sums of money into a company or service that doesn’t actually exist.
They can create convincing-looking websites and adverts, and send you emails, texts and automated voice messages offering investments that sound too good to be true. They often are.
Before you transfer any money:
- Always check the FCA register to see if the investor is regulated and what they are regulated to do
- Always confirm the company exists by checking Companies House
- Always call the company on the number on their FCA register listing to confirm the correct payment details.
Watch FCA’s video about their register and safe investing
Genuine financial services will never:
- Cold call you
- Put pressure on you to invest
- Ask you to transfer immediately to lock in a deal or take advantage of a time-limited offer or special discount
As a general rule, if it sounds to good to be true, it probably is. Beware of promises of high returns and guaranteed returns with no risk.
Useful resources
Was this helpful?
If you authorised a card payment or any other payment from your account, you will be responsible for it. If your card or security details are used to make a payment or transfer without your permission, we will refund the full amount (minus £35 where applicable) of the payment as soon as is operationally possible. This includes repayment of any interest or charges incurred as a result of the payment. However, you must notify us as soon as possible and no later than 13 months after the debit date. After this time we will not be able to issue a refund.
You may have to pay up to £35 if:
- Your card is used after being lost or stolen
- You fail to keep your security details safe
You may be responsible for money taken from your account up until the point you report it to us, if you:
- Don’t keep your card or security details secure
- Don’t tell us as soon as possible that your card is lost or stolen
- Share your card, digipass or security details with a third party
- You were aware that your account had been compromised at the time that the payment was made and you failed to tell us.
You will not be responsible if you’re unable to notify us because our phone lines are unexpectedly unavailable or closed, as long as you call us when our lines open the next day.
Was this helpful?
If you need a new digipass because the battery is low (when it displays 5%) please let us know and we will send out a replacement. You should receive this within 5 business days.
We will replace your digipass free of charge when the battery level is 5% or less. In our experience when it proactively displays “Low Battery” it will still have quite a long battery life left. You can find out the amount of battery left on your digipass by following these instructions:
If you have the older style navy blue digipass:
- Turn it on by pressing the red power button
- Press the letter “T” button five times until the display shows “TEST BATT?”
- Press the “=” sign
The display will tell you what percent of battery you have left.
If you have the green digipass:
- Turn it on by pressing the OK button on the lower right of the digipass
- Press the “>” button four times until you see “5. Info” on the screen
- Press OK
- Press the “>” button three times until it states “4. Battery level” on the screen
- Press OK
The display will tell you what percent of battery you have left.
Was this helpful?
Please contact us by sending a secure message in internet banking or call us on 0330 355 0355
Was this helpful?
It’s important to keep your codes and PINs secret and your digipass safe. Here are some precautions you can take:
- Destroy any PIN notification immediately after receiving it from us
- Never write your PIN or security details in a way that might be understood by someone else or record them on any item or in any place that might be accessed by someone else
- Take all reasonable care to ensure that no-one sees your PIN, password or security word when you use them.
- Avoid a PIN that is easy to guess
- Never share your digipass
- Keep your digipass in a safe place
We will never contact you to ask you to reveal your internet banking PIN or password and we will never send you any emails asking for your security information.
Was this helpful?
If you no longer require your digipass please return to us using the freepost address - Freepost TRIODOS BANK - and we will recycle it securely for you.
Was this helpful?
Simply go to our website www.triodos.co.uk and in the top right-hand corner you'll see a link for "Login to internet banking".
All you need is your digipass, digipass PIN (which you set yourself), and details regarding the security word you set up when applying for the account.
Was this helpful?
In order to safeguard your personal information and money we require a three stage login process for internet banking, one of which involves the use of a digipass. This is similar to the card reader facility at some other banks and is used along with other systems to ensure your finances are kept safe. We constantly review our security measures and publish guidance on steps that can be taken to prevent fraud such as the Take 5 campaign through FFA UK.
Was this helpful?
We do not charge for digipass or issuing replacements for personal customers. Please ensure that you keep the digipass in a safe place to avoid unnecessary re-issue. Please return any old/unrequired digi passes to us at or freepost address - Freepost TRIODOS BANK - and we will recycle securely on your behalf.
Was this helpful?
We've produced a short online video to show you how to set up your digipass and activate your online banking. Watch the video on Youtube now, or follow the steps below:
You will need your digipass, digipass PIN and need to know your security word as you will be asked to input these characters
When you first use your digipass you will be prompted to change your Digipass PIN to something memorable. You can do this by following these simple steps:
Switch the digipass on by pressing “OK”
- Press button “1” on the digipass
- Enter the four-digit digipass PIN we sent you and press “OK”
- You will now be prompted to enter your own new digipass PIN, which for your security must meet the following criteria:
- It must be four digits long
- It must be different to the PIN we sent to you
- It must not be a sequence of numbers, such as “1234”
- It must not be a sequence of identical numbers, such as “2222”
- It must not be easily obtained or guessed, such as using you date of birth
Please note, if your choice of digipass PIN isn’t considered secure enough the message “Weak PIN” will be displayed on the digipass. If this happens press “OK” and you will be prompted to enter a different, more secure, PIN.
When your PIN has been changed, an eight-digit code will be displayed
To login, continue to the Triodos homepage.
Turn the digipass over and input the digipass number from the back into the ‘digipass number’ - do not include hyphens - and then press NEXT.
There is an option to tick the ‘remember my number on this computer’ checkbox so you don’t have to input this every time.
Click on green NEXT box on the bottom right of the screen.
Follow the steps on the login page to complete login.
- Turn on the Digipass by pressing OK and then press 1
- Enter Your Digipass PIN and press OK. You will see a One Time Passcode or OTP, on the Display
- Enter your OTP
- Enter you the characters shown for you unique security word
You should now have accessed your internet banking and the home screen as shown below will be displayed.
Was this helpful?
Our card department provides 24 hour transaction monitoring on the Triodos Debit Card and will block a transaction or a card if required. In this event they will send a text message asking you to call them. The will ask standard identity questions around your personal details and investigate the transaction with you. They will not ask for the card PIN, three-digit CVV code on the back of the card or any information regarding your digipass.
Was this helpful?
Once you have applied for an account online, and it has been opened (or once you've applied for internet banking access for an existing account) we'll send your username by email. For security reasons your unique password will be sent separately by post. With this information you can then log in and start using Triodos internet banking. If you forget your password or username, simply call us on 0330 355 0355.
Was this helpful?
If you think someone is being targeted by fraudsters or has fallen victim already, speak to them about it and reassure them that they aren’t to blame – fraudsters use various tactics to trick people into giving them money or private information, and anyone could be taken in. Many people can feel ashamed or embarrassed by falling victim to fraud, so it’s important for them to know there’s support available.
Help them to report it to Action Fraud. If they bank with Triodos, report it to us immediately by calling 0330 355 0355.
They could also talk to Victim Support - a charity that provides practical and emotional support to people affected by crime.
For more information, download a factsheet from Independent Age: Scamwise: Spotting, avoiding and reporting scams.
Was this helpful?
If you lose your connection after authorising a normal payment it will still be processed as normal - use the transaction history option to check the status of your payments. If the payment is not shown on one of these pages then it is still awaiting authorisation. If you lose your connection before authorisation they try logging back in and check the status of your payments. If you are unsure then please call the helpdesk. If you lose your connection after making an international payment, faster payment or urgent payment, please contact the helpdesk (call on 0330 355 0355 or alternatively you can email: internetbanking@triodos.co.uk) who will confirm if the payment has been successfully authorised or not.
Was this helpful?
When you open an account with us, we need to obtain sufficient proof of your identity and address. We do this to satisfy our legal obligations and protect you, the public and Triodos Bank against fraud and misuse of the banking system. To help us verify your identity, we may use the details you provide to do electronic searches about you at credit reference agencies. They will supply us information from databases, including information from the Electoral Register and fraud prevention agencies.
Was this helpful?
The digipass is our current method of logging into Internet Banking, we feel this provides a strong level of security. We are looking at future improvements that we can make to our online banking including mobile app features and or login process.
Was this helpful?
If you authorise a payment from your account, you will be responsible for it. Where you tell us a payment from your account was not authorised by you, you can ask us for a refund. However, you must notify us as soon as possible and no later than 13 months after the debit date. After this time we will not be able to issue a refund.
Was this helpful?
Your digipass requires the use of a 4 digit PIN. When the PIN is entered incorrectly multiple times, it will become locked and will provide you with a lock code. If you receive a lock code on your digipass, please call us with your account number, security details, and digipass to hand. We will be able to help you unlock your digipass and log into internet banking. Our phone number is 0330 355 0355 (or +44 (0)1179 739339 if calling from abroad) and phone lines are open Monday to Friday, 8.00am - 6.00pm.
Was this helpful?
A security word is a word chosen by you to help us verify your identity when you phone us or at any other time when we need to validate that it is you asking us for information or to do something on your account(s) . The security word is a memorable word chosen by you and can be anything you want. You will have provided this either as part of an online or paper application, on a form you’ve sent us by post or you may have set or changed it when you were logged into your internet banking. For example it could be a memorable name or place or something that means something to you. For additional security we do not provide any guidance on what this word should be.
Was this helpful?
If you are a personal customer and you only hold savings accounts with Triodos - you will have been provided with a username and password for logging into internet banking. If you came to a page which asked for a Digipass number, you were on the ‘Business Banking’ login page. When on the Internet Banking login page, if you click on the ‘Personal Banking’ tab located next to the ‘Business Banking’ tab, you will be asked for your username and password.
If you do not know your internet banking username or password you can reset your internet banking login details.
If you hold a personal current account with Triodos and you havent received a digipass or have lost your digipass please contact us on 0330 355 0355.
If you are a business customer and have requested a Digipass that hasn’t arrived or you have lost a digipass please contact us.
Was this helpful?
If we are unable to match the information you have entered on our password reset page with the information we hold on record you will need to call our Customer Contact Team on 0330 355 0355 or (+44) 0117 973 9339. We will be able to send a new password to you by post, this will be sent to your registered address. When calling us please have your account number and security details at hand.
If you are trying to log into internet banking for a business account you do not need a username and password but will have a Digipass and PIN. There are separate log in screens for business and personal customers so please ensure that you have clicked on the Business tab after you have clicked the Internet Banking login button.
Our friendly, Bristol-based contact team is here for you 8am-6pm Monday to Friday (except on bank holidays when we are closed).
Was this helpful?
If you hold savings accounts only with Triodos you will use a username and password to log into your Internet Banking. If we are unable to match the information you have entered on our username reminder request page with the information we hold on record you will need to contact us. We will be able to send a username reminder email to your registered email address. When calling us, please have your account number and security details at hand.
Was this helpful?
Fraud can affect anyone, and you can help protect your friends, family and neighbours by telling them about different types of scams to help them be savvy about fraud.
You can also help by looking out for signs that could mean they are being targeted by fraudsters:
- lots of junk mail – postal or email
- unexpected or suspicious calls, texts or emails
- visits from strangers
- lots of deliveries for things they don’t seem to need
- an unexpected change in financial circumstances, or money troubles
- uncomfortable talking about money
- unnecessary work to their house or garden
- a new friendship that seems out of place somehow
Was this helpful?
- Use a different, strong password for every social media account you have – ideally with special characters, numbers and lower and upper case letters.
- Don’t create passwords that contain personal information - fraudsters scan social media accounts for personal details and try to guess passwords and steal identities.
- Some fake accounts are created to capture personal information, so don’t give personal information to anyone you don’t know and trust.
- Don’t click on links if they’re not from a trusted website - some links can put a virus on your device.
- Always log off to prevent someone else accessing your account.
- Be mindful of what you share and post on company social media channels whose services you use. Social media is great for contacting companies directly to solve problems or give feedback. If you mention or message your bank, phone network or utility provider on social media, be aware that this information is public and fraudsters can use it to convince you they’re calling from these companies.
Was this helpful?
You can change your security word by logging into internet banking, if you are having difficulty accessing your account through internet banking please contact us
Was this helpful?
To help keep your information as safe and secure as possible, if you do not enter any information for 15 minutes, we will close your session. If a message tells you that your session has timed out, simply log in again to continue.
Was this helpful?
For customers who have savings accounts only with Triodos and are trying to access internet banking - When you log into internet banking for the first time, after changing your username and password, you should see a message asking you to log out and back in again. If you do not see this message please log out using the green link in the top right hand corner then log back in again using the new login details you chose.
If you still experience problems please contact us.
Was this helpful?
On the home page you will see a list of all the accounts that you currently manage online. Details of closed accounts are displayed in red. Clicking on one will take you directly to the transaction history for that account.
Was this helpful?
When you input the sort code and account number to set up your nominated account we will check that the details are valid. If we can identify that the sort code or account number are invalid you will receive an error message on the screen.
If this happens please review the account details you have entered to confirm they are correct.