Strong Customer Authentication (SCA) is a European-wide regulation that says all banks need to provide an extra level of security for their customers.
This means more protection for you when you’re shopping and banking online, and will require extra checks to prove it is really you. This will help keep you safer from digital fraud.
In line with new regulations, you’ll see additional security checks when using Online Banking and when using your cards online to confirm it is you.
We’ve already made changes to Online Banking and our Metro Bank App.
From October 2021 you may have to authenticate some of your online transactions by logging into Online Banking or the Metro Bank App.
Passwords are the usual way of proving you are who you say you are, but they can be guessed or stolen by fraudsters. So we're adding another layer of security to check it really is you.
Your one-time passcode (OTP) is a secure key to your account, helping to stop anyone but you authorising transactions, making changes to your account or making purchases with your card.
We’ll send a text message with an OTP to the UK phone number saved on your account. Each OTP will be unique to a single transaction, and you’ll need to enter the code into your Online Banking, Metro Bank app or as part of an online purchase, so that we know it is you.
If you use Commercial Online Banking or Business Online Plus, you’ll need to use your security device to generate an OTP or use the Metro Bank Authenticator App
Please always review the full text message when you receive your OTP, and check it has the correct details for your transaction.
You will not be charged for receiving an OTP.
We will use OTPs for certain types of transactions where we need increased security, such as paying somebody for the first time, paying or transferring large amounts, ordering a new card, or changing your address.
If you receive an OTP you haven’t requested, it may be due to fraud. Don't share it with anyone on the phone, in person or online, and call us immediately on 0345 0808 500.
If someone phones unexpectedly and tells you to expect an OTP and to read it to them, it will be fraud – call us immediately on 0345 0808 500.
Here are some examples that fraudsters may use to try and persuade you to give them your OTP:
Visit the Fraud and Security section of our website for more details on identifying scams.
This may have been requested by a third party provider (TPP). To find out why the TPP is accessing your account and to stop the OTPs being sent, you need to contact them. You can then withdraw your permission for them to access your account. You can also get in touch with us to reset your login details for additional security.
If you don’t think you’ve ever given consent for a TPP to access your account, or are receiving OTPs other than those you have not requested, it may be fraud. To protect your security, it is important to reset all of your login details as soon as you can – just give us a call on 0345 08 08 500 or visit one of our stores.
If you change your mobile number, you need to let us know. To do this, call us anytime on 0345 0808 500 or visit your local store.
To make sure you're ready for these extra security checks, there are a few things you should do:
Check that we have your correct mobile phone number by looking at the 'personal details' section of your Online Banking. You can find this by clicking the settings icon next to your name to open the 'User Profile' section.
You’ll need to use your security device or your Metro Bank Authenticator App to log in, make payments and some changes to your account. You may also need these to authorise card transactions when you use your card online.
If you don’t have a security device, please contact your Relationship Manager or email email@example.com or visit a store to request one.
To get your security device up and running:
When you see COMPLETE, your PIN is set up.
For Business Online Plus and Commercial Online Banking customers, you will need to use your security device to generate an eight-digit security code to make a payment through Online Banking or when you are using your card online.
To log in, create a new payee, change user rights or authenticate an online card transaction:
To make payments in Online Banking:
If you have entered your PIN incorrectly too many times, you’ll need to call us on 0345 0808 508 and have your 12-digit customer number to hand.
If you’ve entered OTPs too many times without using them, Online Banking will no longer accept any OTPs your device generates. You’ll need to call us on 0345 0808 508 and have your 12-digit customer number to hand.
It’s an app you can use instead of your security device to prove it’s you when logging in or making changes on your Business Online Plus and Commercial Online Banking. You can use the app to:
The app is only available to those with a UK mobile number.
Yes, you need to have:
* Not currently compatible with Huawei P40 or LG 5 devices.
Once you’ve logged into Online Banking and downloaded the app, you’ll need to follow the instructions on the screen to register it.
You’ll need to have phone network signal or an internet connection.
Note: If you have downloaded the app and are having trouble scanning your QR code, close your app and try again.
If your phone has network signal, and you have allowed push notifications:
If you haven’t allowed push notifications, or for authorising online card payments:
Yes, but you must have your face or fingerprint ID enabled in the app to use it this way.
To log in, and make changes and payments:
Note: if you’re authenticating offline because you don’t have network signal, it’s likely that when you have internet, expired push notifications will come through on your device – you can ignore these. If you tap on the push notifications, you shouldn’t be asked for approval again.
To log in, and make changes and payments:
If you haven’t received a push notification, you can get one manually by following the steps under ‘How do I use my Metro Bank Authenticator App?’
You can re-register for the app through your Online Banking. Please delete the app from your device before you start the re-registration process.
If you haven’t trusted your browser, log into Online Banking where you will be asked to use your Authenticator App. If you aren’t able to access it, click on the link on the right-hand side to re-register.
If you have trusted your browser, log in to Online Banking and try to do something which needs your Authenticator App (this could be making a change or a payment). Click on the link on the right-hand side when the pop-up appears and follow the re-registration steps.
Please call us on 0345 08 08 508 or visit the Fraud and Security section on our website.
No, you can only use one or the other. Once you successfully register for the app, you won’t be able to use your security device.
No, you can only use it on one device.
Yes, please get in touch with your Relationship Manager, call us on 0345 0808 508, or visit your local store to have your app de-registered. If you haven’t got your old security device, we’ll send you a new one. You won’t be able to use your security device until a colleague has confirmed that your app has been de-registered.
If you enter any of your security details incorrectly you may be locked out of your Online Banking to keep your accounts safe.
Please call us on 0345 0808 508 or visit your local store so we can help.
No, the App is completely free to download and use.
It depends on the device you’re using, but you’ll usually find it in the ‘Settings’ section. Here are the steps for Apple iOS and Android:
For Apple iOS: