Stay safe from fraud

We’ve joined Stop Scams UK (159)

We’re part of the Stop Scams UK initiative. It’s a collaboration between banks and telephone companies, to provide customers with a safe number to call if they think they are being scammed. If you get a call, SMS or email that seems like it might be pretending to be Metro Bank, asking you for personal information or login details – or telling you to transfer money – please stop, hang up, and call 159.

One-time passcodes

When we need to verify who you are, we’ll send a text message with a unique code to your mobile number.

The text will state exactly what the code is for, like creating a new payee or authorising a payment for a purchase you have just made online. You shouldn’t tell anyone what this code is, other than a Metro Bank colleague. If someone asks for the code for a different reason than is stated in the text message, you shouldn’t answer.

If you get a one-time passcode message you’re not expecting, give us a call on 0345 08 08 500.

Authenticating online transactions

You may need to log in to your Online Banking or Metro Bank App to authenticate a transaction when using your card online. You should only approve transactions that you are making. If you are asked to approve a transaction that you don’t recognise, please contact us immediately on 0345 08 08 500.

Confirmation of Payee

Confirmation of Payee is the account name checking service that allows payers to confirm if the name held on a payee’s account belongs to the person or business they want to pay. This can help to protect individuals and businesses against certain types of fraud, and to prevent payments like CHAPS, Faster Payments and Standing Orders from being sent to the wrong account.

You must remember to:

• use the full first and last names if you’re paying a person
• use the business or organisation name registered to the account if you’re paying a business.

Stay safe:

• When confirming payment details, it’s important to contact the person or business on a number you trust
• Never use phone numbers from emails or text conversations as they can be faked by criminals to trick you into making payments
• Don’t let anyone pressure you into continuing with the payment when the details don’t fully match or where the account details can’t be confirmed.

Find out more about Confirmation of Payee

Alerts

If we notice something suspicious or need to get in touch with you, we may call you or send you a text message. If it’s a text, it’ll be from ‘METROBANK’ or ‘MetroBank’.

While we may ask you to reply to messages, we’ll never:

• contact you from a mobile number
• include a link to a log in page
• ask for your complete security number, password, or card number
• ask you for answers to your security questions.

If you’re not sure whether a call or a text is genuine, give us a call on 0345 08 08 500 to confirm.

Stopping suspicious transactions

We work hard to identify and protect you from fraud. If we believe someone has attempted to defraud your account, we’ll protect your money and contact you.

You’ll never be asked to move your money to another account ‘for safety’ – only a fraudster would ask this.

Our cards also have the added protection of MasterCard SecureCode. This software works to stop any fraudulent transactions on your account. It can stop suspicious activity, like unusual card payments or purchases.

If a purchase looks suspicious, we’ll ask for extra authorisation through the Mobile app or Online Banking – you will be asked to approve or decline the transaction.

If you don’t recognise a card transaction on your account, give us a call on 0345 08 08 509.

The CRM Code

We’re signed up to the Contingent Reimbursement Model Code, which reviews and aims to reduce scams that happen when a customer is tricked into authorising a payment to an account they thought was legitimate. To find out more, click here.

Top tips and advice

• Don’t tell anyone your 4-digit PIN – even a bank or the police
• If you’re asked to move your money to a new account, don’t – we’ll never ask you to do this
• Don’t give your card, chequebook or cash to anyone who’s ‘come to collect it’ – we’ll never send anyone to do that, even if you’re a victim of fraud
• Never send confidential information by email – it may be intercepted
• Phone numbers can also be spoofed. If you’re suspicious, hang up and call the company back  using a trusted source, like the official number listed on their website
• Most companies will not use in-app messengers (e.g. WhatsApp) to contact you
• If you’re buying something, always use a secure payment method that can be traced easily, such as PayPal, or a credit or debit card – or pay on collection/delivery
• Don’t be rushed or pressured into handing over money, or giving out personal details. If someone threatens you, this is a sign of a scam
• The FCA and Companies House are good places to do a quick background check on companies
• If you’re unsure, talk to a trusted friend or family member before sending money to anyone
• If you receive a suspicious call, text or email, don’t respond – just speak to us in store or call us on 0345 08 08 500.

Spotting a fraudster’s text or email

Fraudulent emails can look genuine, but there are a few giveaways to look out for:

• The email address – is it the same as the one you usually get emails from, or just similar?
• The subject line – if it mentions something like ‘secure message’, ‘security alert’ or ‘system upgrade’, assume it’s suspect.
• If it asks you to follow a link, click on a button or download a file – these will likely take you to a fake copycat website.
• A sense of urgency, like: ‘If you don’t respond within 48 hours your account will be suspended’.
• Strange fonts, different text size or grammar and spelling mistakes.

If an email or text link takes you to a log in page, close it – we’ll never send you a link to a secure page. If you get a suspicious email or text, mark it as spam, forward it to us at phishing@metrobank.plc.uk, then delete it.

Keeping an eye on your cards

Your cards can be vulnerable to fraud – so it pays to keep a close eye on them. Here are a few tips:

• Report any stolen cards straight away by calling us on 0345 08 08 500.
• If you’ve misplaced your card, you can block it temporarily on our Mobile App.
• Never write down your card’s PIN.
• Never share your cards, even with friends and family.

Malware

What is malware?

Malware is ‘malicious software’. Criminals will try to trick you into downloading it to your computer, phone or other device by asking you to open attachments or links in an email, text message or a post on social media. They might also ask you to download a fake app so that they can copy your login details.

Protect yourself from malware

Here’s some ways to help protect yourself from Malware:

1. Watch out for suspicious links in emails or text messages, or on social media. If in doubt, do not click.
2. Have antivirus software on all your devices to spot and block malware, and run a weekly scan.
3. Install device security updates as soon as they come up.
4. Use strong passwords and change them often.
5. Avoid third-party apps.
6. Limit app permissions to only what is absolutely necessary. Never choose ‘always on’.
7. Clear your browser history regularly.
8. Check your browser’s address bar for the padlock or key symbol, which shows that a site is secure.
9. Watch out for any apps that you did not download yourself and delete them immediately.
10. Be suspicious of apps that use an unusually large amount of data or battery power.

Counterfeit cards

Fraudsters can make a counterfeit card by cloning your card’s magnetic strip (sometimes referred to as skimming). This happens most often at bars, restaurants, petrol stations and cash machines. And most people don’t know it’s happened until their statement arrives.

How to prevent skimming:

• Check cash machines for signs of tampering, like damage to the card insertion point or PIN pad. If you think a Metro Bank machine has been tampered with, call us immediately on 0345 08 08 500 or let a store colleague know.
• Cover the PIN pad with your hand when you enter your number. Check your surroundings to make sure no one is too close to you at an ATM. 
• Always check your balance and transactions to see if there’s anything you find suspicious.

Fraudsters using your card details to buy things online, by phone or by post

This is called card-not-present fraud, and it’s the most common type in the UK.

How to protect your details:

• Don’t enter your card details on shared computers.
• Never email anyone your card details.
• Always log out of any websites where you’ve entered your card details.
• Only enter your card details on secure sites with addresses that start with ‘https’ and have a padlock icon next to it.

Your card being stolen on its way to you

Sometimes a card can be intercepted or stolen in the post or from your letterbox. There’s a bigger risk of this if you share a letterbox. 

Find out how long it will take for your card to arrive and contact your card provider straight away if it doesn’t turn up. Don’t forget, with Metro Bank you can get your card printed in store on the spot – and because we’re open early ‘til late on weekdays and open on weekends, you can do this at a time that works for you. 

If you believe your card has been stolen, you can report it by calling is on 0345 08 08 500, and you can cancel the card on your mobile App

Money mule scams

A money mule is someone who helps criminals launder money. They’re often recruited by adverts that look like a legitimate job, but involves transferring money through your own account and keeping a cut as commission.

The money is likely to be the proceeds of crime, and is a criminal offence to hold it. If you’re suspected of money laundering, your accounts may be suspended and closed down. Your name might also be put on the fraud database.

How to avoid becoming a money mule:

• Be wary of any job that involves holding or transferring money through your personal account.
• Never share your bank details with anyone you don’t know or trust.

Phone calls

A fraudster might call claiming to be your bank, or a person or company you trust. They can sound very professional and convincing, and can even copy phone numbers – so it could show up as us on your caller ID. 

Text messages and emails

Fraudsters also send emails and texts to try to steal your bank details and money. If you receive a suspicious message – even if it looks like it’s from us – don’t respond. Send a screenshot to phishing@metrobank.plc.uk so we can investigate.

Social media

Fraudsters use social media to lure you in. Don’t buy into it – always buy or invest with a trusted seller who has verified reviews, and double check with your friends and family if they contact you from a ‘new’ account.

Investment and crypto scams

There are several types of investment scams. Scammers may be hard to spot and have a professional-looking website and documents. Only use reputable companies for your investments, don’t let people talk you into anything, check if an opportunity could be a scam by taking the FCA’s ScamSmart test and always use a cryptocurrency firm that is registered with the FCA. 

Impersonation scams

An impersonation scam is when a criminal pretends to be from a trusted organisation or person to trick their victim into transferring money. If you think there’s something strange about how someone has contacted you, check in with them using a different form of contact before sending money. Remember, your bank will never get in touch out of the blue for personal information like PINs or passcodes, and neither will the police.