Skip to main content

Strong Customer Authentication

Changes to Online Banking

We're developing our Online Banking and Mobile app which will change how you bank. This is in line with new regulations which affect all banks. We started making these changes in July 2020 and will continue working on them until the end of the year.

  • What is Strong Customer Authentication?

    From 14 March 2020, a new EU regulation meant that all banks needed to provide an extra level of security for their customers – it's called 'Strong Customer Authentication'.

    This means more protection for you when you’re shopping and banking online, and will require extra checks to prove it is really you. This will help keep you safer from digital fraud.

  • What is changing?

    In line with new regulations, you’ll see additional security checks to confirm it is you when you:

    • log in to Online Banking,
    • make certain payments or
    • make some changes to your account, such as setting up a payee
  • When are these changes happening?

    We’ve already made changes to the way you log in to Online Banking. You may have seen a change to the way you log in to mobile banking, if not this will be coming soon as well as changes to how you make payments.

    Changes to Commercial Online Banking and Business Online Plus will happen by the end of this year.

  • Will it change how I log in to Online Banking?

    We're using different ways to make sure it's you trying to log in.

    Online Banking and mobile app customers will need a one-time passcode (OTP) to log in. We’ll send this by SMS to the phone number registered to your account.

    It’s really important that we have your up to date mobile number to make sure you get the code. To check the number we have, go to the 'personal details' section of your Online Banking, or ‘my details’ in your mobile app. If you need to change your details, you can call us anytime on 0345 0808 500 or visit your local store.

    Business Online Plus and Commercial Online Banking customers will need to use their security device to generate an eight-digit security passcode – you’ll find more details in the section below.

  • Why is it needed to make online banking more secure?

    Passwords are the usual way of proving you are who you say you are. But, passwords can be guessed or stolen by fraudsters. So we're adding another layer of security to check it really is you.

  • What are you doing to make it more secure?

    There are different ways you can prove it’s you:

    • ‘Something you know’ – this is a piece of secret information that only you know, like your password or passcode
    • ‘Something you have’ – this is a device you own, such as your mobile phone if you’re a personal customer or your security device if you’re a business customer
    • ‘Something you are’ – this is something that is unique to you, such as your fingerprints or face ID

    You’ll need to provide two of these to prove it’s you. This is known as 'two-factor authentication' or ‘2FA’.

  • What are one-time passcodes (OTPs)?

    These are codes which you need for login and are sometimes used to authorise some transactions or account changes made on Online Banking, or some card purchases.

    Your OTP is a secure key to your account, helping to stop anyone but you authorising transactions, making changes to your account or making purchases with your card.

    We’ll send an SMS OTP to the phone number registered to your account. If you use Commercial Online Banking or Business Online Plus, you’ll need to use your security device to generate an OTP. Each OTP will be unique to a single transaction, and you’ll need to enter the code into your online banking, mobile app or as part of an online purchase, so that we know it is you.

    Please always review the full SMS message when you receive your OTP, and check it has the correct details for your transaction.

    You will not be charged for receiving an OTP.

  • When will I need to use an OTP?

    Most transactions won't need you to enter an OTP.

    We will use OTPs for certain types of transactions only where we need increased security, such as paying somebody new, paying or transferring large amounts, ordering a new card, changing your address or making some online card purchases.

  • What should I do if I receive an unexpected OTP?

    If you receive an OTP you haven’t requested it will be due to fraud. Don't share it with anyone on the phone, in person or online, and call us immediately on 0345 0808 500.

    If someone phones unexpectedly and tells you to expect an OTP and to read it to them, it will be fraud – call us immediately on 0345 0808 500.

    Here are some examples that fraudsters may use to try and persuade you to give them your OTP:

    • they need to send you a refund
    • they need to secure your account
    • they need to stop a payment

    Visit the Fraud and Security section of our website for more details on identifying scams.

  • I keep receiving one-time passcodes that I haven’t requested – what should I do?

    One-time passcodes (OTPs) are sometimes used as additional security checks for logging in to Online Banking and authorising transactions or account changes. In line with new regulations, we’re using OTPs so we can make sure it’s you.

    If you’ve shared your login details with somebody else in the past, for example to use Open Banking or accounting software, it may be them (who are known as Third Party Providers – TPPs) trying to log in on your behalf, which is generating the OTPs. For your security, we currently have to send you an OTP every time the TPP tries to log-in.

    To find out why the TPP is accessing your account and to stop the OTPs being sent, you need to contact them.   You can then withdraw your permission for them to access your account. You can also get in touch with us to reset your log in details for additional security.

    If you don’t think you’ve ever given consent for a TPP to access your account, or are receiving OTPs other than logins which you have not requested, it may be fraud. To protect your security, it is important to reset all of your log in details as soon as you can – just give us a call on 0345 08 08 500 or visit one of our stores.

  • What happens if I change my mobile number?

    If you change your mobile number, you need to let us know. To do this, call us anytime on 0345 0808 500 or visit your local store.

  • Why are you adding these additional checks?

    The extra layer of security makes it harder for fraudsters to target your accounts. All banks will have to provide these extra checks.

  • Do I need to do anything?

    To make sure you're ready for these extra security checks, there are a few things you should do:

    • Make sure you have your mobile phone with you when log in to Online Banking
    • Check that we have your correct mobile phone number so that we can send you one-time passcodes. To check the number we have, go to the 'personal details' section of your Online Banking, or ‘my details’ in your mobile app. If you need to change your details, you’ll need to call us anytime on 0345 0808 500 or visit your local store.
    • When you log in, a pop-up message will appear asking you to ‘trust’ the device you’re using. If the device you are using is secure and not accessible to anyone else, you can choose to do this and it will improve your Online Banking journey.
    • Check any biometric data (like faces and fingerprints) which are stored on your device as these will be able to log in to your Mobile app and make changes on your account.
  • How can I verify myself?

    To verify yourself when you log in, make payments or pay for things online. You can:

    • Have a text message with a one-time passcode (OTP) sent to the mobile you have registered with us.
    • Use a device you have told us is trusted

    Business and Commercial customers, you will also be able to use your security device.

Commercial Online Banking and Business Online Plus customers

  • What else do I need to do if I am a Business or Commercial Banking customer?

    Check that we have your correct mobile phone number by looking at the 'personal details' section of your Online Banking. You can find this by clicking the settings icon next to your name to open the 'User Profile' section.

    You’ll need to use your new security device, to log in and also to make payments. We sent new security devices to existing Online Banking customers between July and September 2020. Customers who registered for Online Banking after 28 September 2020 will automatically be sent a security device.

    For existing customers, the new security devices were sent to your business address, or if you’re not based in the UK, to the address you asked us to use.

    If you don’t have a security device, please email or visit a store to request one.

  • When do I need to start using my new security device?

    You should start using your new device immediately for payments.

    We’ll let you know through a message in Online Banking when it’s time to start using it for login and making changes to your account.

  • How do I use my security device?

    For Business Online Plus and Commercial Online Banking customers, you will need to use your security device to generate an eight-digit security code to make a payment.

    Here’s how:

    • Turn your device on by pressing OK
    • Enter your six-digit PIN you chose when you set up your device and press OK
    • When ‘Select App’ appears on the device, enter ‘1’
    • Enter the eight-digit security code the device generates into the ‘Code’ field on screen

    A confirmation message will show up if you’ve entered the passcode correctly.

  • What do I do if I’m locked out of my security device?

    If you have entered your PIN incorrectly five times, you’ll need to call us on 0345 0808 508. You’ll need to have your 12 digit customer number to hand when you call us.