Passwords

Passwords are a common way to prove your identity on websites, email accounts, online and mobile banking, as well as for social media. Using strong passwords, and looking after them carefully, is an essential part of protecting yourself from fraud.

Many websites and apps use passwords in conjunction with your username. On sites with extra levels of security, such as your online banking service, you may also use an additional form of identification such as a PIN or memorable information.

Using a weak password means you could be at risk of a criminal accessing your account to commit fraud or another crime. This could include a fraudster getting into your bank account, stealing your personal information or sending emails in your name.

How to choose a password

Creating a strong password doesn’t need to be complicated. Try using one of these methods:

  • Choose three random words and join them all together. Add numbers, symbols and a combination of upper and lower case letters to make it more complex. This is particularly necessary for those accounts requiring more than just letters.
  • Select a line in a song or a phrase you know that wouldn’t be obvious to other people. For example “life is a mystery, everyone must stand alone”, and take the first character from each word to get ‘liam,emsa’. Then add numbers, symbols and a combination of upper and lower case letters to make it more complex.

Bear in mind that some punctuation marks may be difficult to enter on foreign keyboards.

When you set a password, never:

  • Use the word ‘password’, your username, your actual name or business name
  • Choose the names of family members or pets, or any birthdays.
  • Use numerical sequences, for example 12345678
  • Choose words that would be easy to work out with a little background knowledge about you, like your favourite football team or author.
  • Pick just a single, common word, as these can be easy guessed by hacking software.

How to look after your password

With lots of different passwords for lots of different websites and accounts, it’s really important that you look after them all carefully.

  • Never disclose your full passwords to anyone, whether it’s over the phone, on email or by text. No bank, or reputable firm, will ask you to do this.
  • If you think someone knows your password, or has gained access to your account, change it immediately.
  • Use a different password for each website or account. Just using a single password means a criminal only has to crack one to access everything.
  • Don’t enter your password when others can see what you are typing.
  • Don’t just recycle password – for example password2, password3. Create a new password each time.

If you must write down your passwords to remember them, ensure you encrypt them in a way that is only understandable to you and no one else. Online password vaults or safes are also available, but always do your research first and ensure the one you choose is secure and reputable.

Mobile apps (mobile applications)

What are they?

Applications (commonly known as apps) provide a quick and easy way to download, access and use software on your smart device (e.g. mobile phone or tablet).

They provide amobile-app whole host of services such as games, banking services, weather reports etc.

Once downloaded, apps appear as an icon on your screen, which can be opened by touching on the icon. A range of providers offer apps which can be downloaded at a small cost or in many cases free of charge.

Official apps can currently be downloaded to a smart device from one of the following: Apple’s App Store, the Play Store for Android devices, and BlackBerry App World.

Why would I have one?

Convenience is the main reason people use apps. Access is far quicker than keying in a full website address to access the same service via an Internet browser.

 

Advice when using a mobile app:

  • Only use official bank apps (and websites) to do your banking – ALWAYS check the app has been published by your bank.
    • Look carefully at reviews of the developer/company who publish the app.
    • Review and understand the permissions you are giving when you download apps. Advise your bank immediately if you feel someone may know your log in details for your mobile banking app or if you lose your smart device. Your bank can then take mitigating action.
    • Only download mobile apps from official stores, such as Apple iTunes, Android Marketplace and Blackberry App World. Free apps are great but downloading them from unknown sources could lead to your device becoming infected/compromised.
  • Smart devices require updates to run apps and firmware. Ensure you install these as if you neglect this, it increases the risk of the device being hacked or compromised.
  • When using a mobile app always ensure to log out when you have finished using it.
  • Be aware of and ignore Phishing * emails that may request personal details and credentials used to log in to your banking app.
  • Think carefully before removing any security controls from your smart device: this is known as jail-breaking or rooting your device. This will weaken the security of your device, and expose you to additional risks.

* Phishing is the name given to the practice of sending emails at random, claiming to come from a reputable company such as your bank. The emails attempt to trick people into disclosing sensitive information at a bogus website ‘Phishing site’ operated by fraudsters. The email usually claims that it is necessary to ‘update’ or ‘verify’ your customer account information and urges you to click on a link in the email which takes you to a Phishing site. Sometimes the email won’t contain a link; instead the recipient is asked to provide information on a form attached to the email. Any information entered is then used by criminals for their own fraudulent purposes.

SIM Swap

What is it?

 

Digital wallets

What are they?

Also referred to as an electronic or mobile wallet these are essentially digital alternatives to a physical wallet. A digital wallet may contain your credit and debit card details as your physical wallet contains your physical cards.

digital-wallet-new

A digital wallet allows consumers with a smart device (e.g. mobile phone or tablet) to make purchases on the Internet, or within a shop or store using their device rather than a physical card.

This can be done where a shop or store displays the contactless payment logo.

Online purchases can also be made using a digital wallet whilst at a PC in your own home.

Why would I have one?

Once registered, you can use your digital wallet to buy online without having to manually input your payment and shipping information. The digital wallet is able to automatically populate the necessary payment and shipping information that you would normally input when buying online.

Using a digital wallet in a shop or store means that you can make a purchase without the need to carry physical cards or cash.

Current providers of digital wallets include: American Express Serve, MasterCardMasterPass, Visa V.Me (expected later in 2013), O2, Google Wallet, Microsoft Wallet, and Apple Passbook. For more information about obtaining a digital wallet visit the relevant providers’ websites or check with your bank which services they offer.

Advice when using a digital wallet:

  • Do not share the password for your digital wallet with anyone and select a password that cannot be easily guessed.
  • Make sure you change your digital wallet password regularly – or immediately if you suspect that someone might know it.
  • When accessing your digital wallet via your smart device or at your PC (for example, to check your account balance or to add the details of an additional card), if not using an application (app), always type the URL into the browser, NEVER enter the wallet via e-mail links.
  • When making a purchase using your digital wallet at a retailer that is unfamiliar to you, try to find out more about them i.e. that they are a legitimate trader, before undertaking the transaction. Do you know their contact phone number (not just a mobile phone number) and their physical postal address (not just a post office PO Box number)?
  • Think carefully before removing any security controls from your smart device: this is known as jail-breaking or rooting your device. This will weaken the security of your device, and expose you to additional risks.

Mobile phone card readers

What are they?

Chip and PIN card readers that use Bluetooth via an app on your smart device (e.g. mobile phones or tablet) or card readers that plug into a mobile phone or tablet are increasingly being used by small traders such as plumbers and window cleaners to accept a card payment from their customers (similar to the types of card payments made in a shop or store).

mobile-phone-card-reader

When paying this way your card is usually swiped or inserted into a reader attached to the small trader’s device and you are then either prompted to sign or enter your 4 digit PIN.

There are an increasing range of these types of solutions available to small traders, examples of which include iZettle and Square, MPowa and SumUp.

Why would I have one?

If you are a small trader, using these types of solution provides a further option for your customers to pay you for the services you provide. As a consumer, it is more convenient for those times when you don’t have cash or a cheque at hand.

Using a digital wallet in a shop or store means that you can make a purchase without the need to carry physical cards or cash.

Current providers of digital wallets include: Visa V.me, MasterCard PayPass, O2, Google Wallet, Microsoft Wallet, and Apple Passbook. For more information about obtaining a digital wallet visit the relevant providers’ websites or check with your bank which services they offer.

Advice for customers when using a mobile phone card reader:

  • Make sure you are dealing with a small trader that you trust before making a transaction.
  • If prompted to enter your PIN, ensure that you shield the key pad, so that yourPIN cannot be seen by anyone else. If you suspect someone knows your PIN, change it immediately at a cash machine.
  • Keep your card within your sight at all times.
  • Ensure you receive a receipt for your transaction – this may be provided via e-mail.
  • Regularly check your statements and report any suspicious transactions to your bank.
  • Think carefully before removing any security controls from your smart device: this is known as jail-breaking or rooting your device. This will weaken the security of your device, and expose you to additional risks.

Mobile to mobile payments

What are they?

An increasingly popular way to send and receive payments is through your smart device (e.g. mobile phone or tablet) using one of the various money-sending services being launched by different providers e.g. Barclays Pingit.

mobile-to-mobile-payment

They allow bank account customers to send and receive payments through their smart device offering an easy way to pay a friend back for dinner.

You are normally required to download an app (application) to your smart device as well as register or be registered in order to use the service.

You then simply need to know the payment recipient’s mobile telephone number (rather than their bank account details).
Why would I have one?

As a consumer, it is quicker and more convenient for those times when you don’t have cash or your chequebook to hand.

Advice for customers when using mobile to mobile payments:

  • Keep your smart device secure by ensuring it is PIN or password protected.
  • Do not divulge your login details to anyone.
  • Ensure the application that you are using is the official one. You can do this by only downloading them from the official app stores i.e. Play Store and App Store. Also when installing an app, check what data it accepts accessing and revoke permissions for any information the App doesn’t require, allowing it to operate properly.
  • Avoid sharing the smart device you bank with to anyone.
  • Be sure to clear your browsing history, cache and cookies on a regular basis.
  • Make sure that your device’s operating system is up to date. Alerts on your smart device that tell you to update your apps and operating systems are more than just a minor annoyance. These updates can close security loopholes that hackers can use to access your smart device without your knowledge.
  • When you have finished using an App, ensure you log out of it properly.
  • Think carefully before removing any security controls from your smart device: this is known as jail-breaking or rooting your device. This will weaken the security of your device, and expose you to additional risks.

Mobile contactless payments

What are they?

Consumers are increasingly able to use mobile phone to make contactless purchases in shops and stores. This negates the need for using a card.

mobile-contactless-payment

As with use of a contactless card in shops and stores the customer simply holds their smart device (e.g. mobile phone or tablet) against a secure reader when instructed to do so by the shop staff.

In the future higher value payments will be allowed, supported by a PIN.

Why would I have one?

For low value purchases, mobile contactless payments provide a quick and convenient way of paying for goods.

Advice for customers when using mobile to mobile payments:

  • Mobile contactless payments enjoy exactly the same protection as standard contactless cards with the added benefit that you are able to turn off the application when you do not want to use it.
  • Ensure that your mobile contactless payment application is protected with a PIN or passcode (we recommend you use a different PIN from the one for your bankcard). You may be given the option to set up the applications so that you enter the PIN for all transactions.
  • If you lose your smart device, report the loss to your card issuer who will be able to block the mobile contactless payment application and ensure that service is restored to any new device you are given.
  • Think carefully before removing any security controls from your smart device: this is known as jail-breaking or rooting your device. This will weaken its security, and expose you to additional risks.

Further advice regarding your smart device (mobile phone or tablet)

  • NEVER give your mobile banking security details, including your log in details, to anyone else and do not store these on your smart device (e.g. mobile phone or tablet).
  • Do not store account details, passwords, bank account numbers, PINs or credit or debit card details on your mobile phone.
  • Use the same precautions on your smart device as you would on your computer when using the Internet. For added security password or PIN protect your smart device. We recommend you use a different PIN from the one for your bankcard. This is the first layer of physical security to protect the contents of your device. In addition to a PIN or password, enable the screen lock feature so that your device automatically locks after a few minutes of inactivity. It can then be re-opened using your PIN/password.
  • NEVER leave your smart device unattended when logged on, watch out for people looking over your shoulder, and consider using privacy screens with any tablet device.
  • Keep your smart device’s operating system updated with the latest security patches and upgrades. Older software may have security vulnerabilities that could expose you to additional risks. Use a reputable brand of anti-virus software on your smart device. Some banks offer customers free anti-virus software for their mobile phones; check your bank’s website.
  • Avoid clicking on or otherwise downloading software or links from unknown sources.
  • Be cautious about opening links contained in SMS messages or emails. Don’t respond to unsolicited messages and remember that your bank will never contact you to ask you to disclose your security credentials.
  • Do not allow your smart device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and your legitimate server.
  • If you decide to sell your smart device or trade it in, make sure you wipe it first (reset it to factory default) to avoid leaving personal data on the device.
  • Make a note of your smart device’s IMEI (International Mobile Equipment Identity) number. This is a unique 15 digit number that identifies your device to your provider. If your device is ever lost or stolen, your mobile provider can use this number to block and permanently deactivate the device, therefore making it useless to anyone who has the device. The IMEI number is usually found printed in the battery compartment or you can access it on most devices by entering the key sequence *#06#.
  • Register your smart device with Immobilise. Immobilise is the world’s largest free register of possession ownership details and together with its sister sites the Police’s NMPR (www.thenmpr.com) and CheckMEND (www.checkmend.com), forms a very effective tool in helping to reduce crime and repatriate recovered personal property to its rightful owners. This registration enables the police to return the device back to you if it is ever recovered.
  • Ensure that your Bluetooth is switched off when you do not need to use it.
  • Be aware of the practice of Smishing – where criminals send unsolicited text messages to a mobile phone number, with the intention of inducing the recipient to believe that it is from their bank. The text may instruct that someone is trying to send money or ask the mobile phone user to visit the fraudsters’ fake website and provide their personal details.
  • A Quick Response (QR) code is a type of matrix barcode that can store alphanumeric characters, in the form of texts or URLs. All you need to visualise such a code is a smart device with a camera and a QR reader application to scan it. The code can direct you to websites or online videos, send text messages and e-mails, or launch apps. Fast, easy and very popular, scanning QR codes is clearly a convenient way to stay informed anytime, anywhere. But the downside is that you don’t really know the content of a QR code until you scan it. For this reason you must be careful when scanning one, as your device’s security might be at risk. Criminals might use these codes to redirect you to websites via malicious links that then ask you to download malicious applications containing a virus or malware.

What to do if you are a victim of fraud?

  • If you spot any unauthorised transactions on your bank account, contact your bank immediately.
  • If you think that you may have disclosed information to a fake website, or if you believe that any of your passwords have been captured by malware, contact your bank immediately.
  • If you are a victim of fraud you have legal protection which means that you will not be liable for any losses unless you have acted fraudulently or without reasonable care.