Be Your Own Hero

One-time passcodes

When we need to verify who you are, we’ll send a text message with a unique code to the mobile number you gave us when you opened your account.

The text will state exactly what the code is for, like creating a new payee. You shouldn’t tell anyone what this code is other than a Metro Bank colleague. If someone asks for the code for a different reason than is stated in the text message, you shouldn’t answer them.

If you get a one-time passcode message you’re not expecting, give us a call on 0345 08 08 500.

You may need to log in to your Online Banking or Metro Bank App to authenticate a transaction when using your card online. You should only approve transactions that you are making. If you are asked to approve a transaction that you do not recognise, please contact us immediately at 0345 08 08 500.

Alerts

If we notice something suspicious or need to get in touch with you, we may send you an alert either by email or text message. If it’s a text, it’ll be from “METRO BANK”, ‘MetroBank’ or the number ‘80003’.

While we may ask you to reply to messages, we’ll never:

• Include a link to a login page 
• Ask for your complete security number, password, or card number
• Ask you for answers to your security questions

If you’re not sure whether a text or email is genuine, give us a call on 0345 08 08 500.

Stopping suspicious transactions

We invest in sophisticated software to identify and protect you from fraudulent activity. If we believe someone has attempted to defraud your account, we’ll protect your money and contact you. You’ll never be asked to move your money to another account ‘for safety’ – only a fraudster would ask this. 

Our cards also have the added protection of MasterCard SecureCode. This software works to stop any fraudulent transactions on your account. It can stop suspicious activity, like unusual card payments or purchases. If a purchase looks suspicious, we’ll ask for extra authorisation.

If you don’t recognise a card transaction on your account, give us a call on 0345 08 08 500.

Seeing through the disguise

Fraudsters use email, phone calls or text messages to try and steal your information (sometimes referred to as phishing, vishing and smishing).

What you can do:

• If an email link takes you to a log in page, close it - we’ll never send you a link to a secure page
• Don’t tell anyone your 4-digit PIN – even a bank or the police
• We’ll never ask you to move your money to a new account
• We’ll never send someone to collect your card, chequebook or cash, even if you’ve been a fraud victim
• If you receive a suspicious call, text or email, don’t respond – just come into a store or call us on 0345 08 08 500
• If you get a suspicious email, mark it as spam, forward it to us at phishing@metrobank.plc.uk, then delete the email
• Never send confidential information by email - it may be intercepted

Spotting a fraudster’s email

Fraudulent emails can look genuine, but there are a few giveaways to look out for:

• The email address – is it the same as the one you usually get emails from, or just similar?
• The subject line – if it mentions something like ‘secure message’, ‘security alert’ or ‘system upgrade’, assume it’s suspect
• If it asks you to follow a link, click on a button or download a file – these will likely take you to a fake copycat website
• A sense of urgency, like: ‘If you don’t respond within 48 hours your account will be suspended’
• Grammar and spelling mistakes

If you ever receive a suspicious email, forward it to us at phishing@metrobank.plc.uk.

Keeping an eye on your cards

Your cards can be vulnerable to fraud – so it pays to keep a close eye on them. Here are a few tips:

• Report any stolen cards straight away
• If you’ve misplaced your card, you can block it temporarily with our mobile app
• Never write down your PIN with your card
• Never share your cards, even with friends and family

Counterfeit cards

Fraudsters can make a counterfeit card by cloning your card’s magnetic strip (sometimes referred to as skimming). This happens most often at bars, restaurants, petrol stations and cash machines. And most people don’t know it’s happened until their statement arrives.

How to prevent skimming:

• Check cash machines for signs of tampering, like damage to the card insertion point or PIN pad. If you think a Metro Bank machine has been tampered with, call us on 0345 08 08 500
• Cover the PIN pad with your hand when you enter your number
• Always check your balance and transactions to see if there’s anything you find suspicious

Fraudsters using your card details to buy things online, by phone or by post

This is called card-not-present fraud, and it’s the most common type in the UK.

How to protect your details:

• Don’t enter your card details on shared computers
• Never email anyone your card details
• Always log out of any websites where you’ve entered your card details
• Only enter your card details on secure sites with addresses that start with ‘https’ and have a padlock icon next to it

Your card being stolen on its way to you

There’s a bigger risk of this if you share a letterbox.

Find out how long it will take for your card to arrive and contact your card provider straight away if it doesn’t turn up. Don’t forget, with Metro Bank you can get your card printed in store on the spot - and because we’re open until 8pm on weekdays and open weekends you can do this at a time convenient for you.

Money mule scams

A money mule is someone who helps criminals launder money. They’re often recruited by adverts that look like a legitimate job, but involves transferring money through your own account and keeping a cut as commission.

The money is likely to be the proceeds of crime, and it’s a criminal offence to hold it. If you’re suspected of money laundering, your accounts may be suspended and closed down. Your name might also be put on the fraud database.

How to avoid becoming a money mule:

• Be wary of any job that involves you holding or transferring money through your personal account
• Never share your bank details with anyone you don’t know or trust

Keep your passwords strong

Other people shouldn’t be able to guess your passwords. And you shouldn’t use the same one for more than one site. Here are a few tips to consider when making a password:

• Use strong passwords with a minimum of eight characters and a mix of numbers and upper and lower-case letters
• Don’t use sequences
• Don’t use information like your children’s names, pet names, favourite team or mother’s maiden name as a password, as this information isn’t secret
• Consecutive numbers, dates of birth and other significant dates shouldn’t be used as security numbers
• Don't write down or tell anyone your login details
• Don’t use your date of birth as your ‘Security Number’
• If you think your password has been compromised, change it.

Check your wireless network

Use a secure wireless network you trust. If you’re on an unsecured network, a fraudster can see who you bank with and could hack your personal information.

Protecting your details on wireless networks:

• Make sure your router’s security features are switched on
• Always use a strong password for the router
• Use a firewall on your computer.

Banking on your mobile

We’re doing more banking on our mobile phones – and the fraudsters know it. Here’s how to be as safe on your phone as you would be on your computer:

• Be careful who you share your bank or personal details with
• You shouldn’t share photos of your debit or credit cards, as they have your payment details on them
• Be mindful of Bluetooth attacks that let fraudsters see your private information
• Try to pick a PIN that nobody else would guess
• Set your phone to lock automatically
• Never store passwords, usernames or log-in reminders on your phone
• Reset your phone to factory settings if you sell or recycle it
• Never follow links in texts or emails
• Use different PIN codes for your phone, apps, cards, etc
• Turn on push notifications
• Always log on to internet banking through the app or the correct web page.

What’s a SIM Swap?

This happens when a fraudster replaces your SIM with a new one and moves your number to it. All your calls and texts will be diverted to the new number – making the fraudster the main contact for your bank and card providers.

What you need to be aware of:

• You shouldn’t give confidential information over the phone unless you're absolutely sure of the caller's identity. If in doubt, ask for the caller's phone number, hang up and check to see if it's genuine by using our Phone Checker
• Don’t turn your handset off if you get a flurry of nuisance calls. Fraudsters use this technique to stop you noticing a loss of service when a SIM is swapped
• Set up additional security with your network provider to stop your number being diverted without your permission
• If your mobile phone service stops unexpectedly, call us on 0345 08 08 500 and we’ll help check out the problem.

Protecting yourself on social media

Sharing personal information on channels like Facebook, Twitter and LinkedIn can put you at risk from fraudsters. They can use your details to impersonate you, access your accounts and open new ones in your name.

How you can protect yourself:

• Be careful what you share - phone numbers, emails, dates of birth and your mother’s maiden name can be used to steal your identity
• Think about using different emails for different sites to avoid email attacks
• Use your privacy settings to control what people can see, and who can see it.

Social media and Metro Bank

We have official accounts on Twitter (@Metro_Bank and @MetroBank_Help), on LinkedIn, Instagram and on YouTube.

Both our Twitter accounts have been verified by Twitter and include Twitter’s blue verified badge.

We’ll never ask you to share any account information in a public forum. The only details we’ll ever ask you for are your name (or if you’re a business customer, your business name) and a contact number we can reach you on. Please use a private/direct message to tell us these.

If you ever have doubts about a social media channel, call us on 0345 08 08 500 or email phishing@metrobank.plc.uk.