What we are doing

We know you want the convenience of banking online without constantly worrying about the security of your money and your personal information.

We take your online safety seriously, that’s why we use state of the art anti-fraud systems to identify unusual activity and a telephone challenge process to block fraudsters even in in the unlikely event that they get hold of your details. 

We also give you peace of mind with our online fraud guarantee.

When using our Online Banking service your security is our number one priority.
Card readers and password tokens are one security option but we use a different online anti-fraud system for customers.  Our 'multi-factor authentication' system adds another layer of security to your online experience.

The system works by exception only, so the majority of customers will see no change in their use of our online banking service – but all our customers will benefit from the increased fraud protection it provides.

How it works to prevent fraud
The system works by building up a picture of each customer's online usage. By doing this, a set of "normal use" parameters are created for each online user. If we detect any unusual activity on your account, we can contact you before allowing it to proceed.

Users of our online banking system have being given the opportunity to update their contact telephone numbers, so that in the event of unusual activity being detected on an account, an alert message can be displayed on the computer screen. Customers will then be contacted by telephone, using a number they have pre-registered, and asked to enter an on-screen code into the phone before they can proceed with online banking.

In a situation where you are unlucky enough to have a fraudster acquire your online sign in details, perhaps from a ‘phishing’ scam and gain access to your accounts, unusual online activity may trigger a telephone challenge. 

Fraudsters are very unlikely to have acquired your phone, and will not be able to complete the challenge process. Your online access will be suspended to protect your accounts and stop any fraudulent transactions.

Help us contact you
In order for the telephone challenge to be effective we need you to provide us with up to three telephone numbers, for example work, mobile and home, as we may need to contact you to verify your activity whilst you are signed in to our online service. 

It's important that you provide as many different telephone numbers as you can to make it easier if we need to contact you.

If we're unable to contact you, we may need to suspend your online access to protect your accounts. If you enter the code wrong three times, your access will be suspended. We will then contact you within 24 hours, between 9am and 8pm. 

If we are unable to contact you by phone, we will write to you instead, either by email or by letter, with further instructions.

These alert messages will only be seen in a minority of cases where customers use using online banking.

Read our tips on how to surf safely and stay secure online. You can also get advice on avoiding phising and scam emails and keeping safe from viruses.

We do all we can to protect you online. Even in the unlikely event of fraud, we promise you won't lose out. As a Bank of Scotland online banking customer, you automatically benefit from our online fraud guarantee:

If you use our online service and become a victim of online fraud, we guarantee you won't lose any money from your account, and will always be reimbursed in full.

For the vast majority of our customers, this situation will never arise, especially if you take a few simple steps to protect yourself online.

Worried that your online personal or security details may have been compromised? Call 08456 02 00 00.

We have introduced a new feature to our online banking service, designed to give you even more confidence when using our service.

How does it work?
Extended Validation Secure Socket Layer, or EVSSL for short, means that our site has undergone many rigorous checks to confirm its validity, and has been provided with a 'certificate of authenticity' which can be recognised by your browser.

In the majority of cases, this validation is shown within your address bar, displaying a 'traffic light' style response of green, amber or red.

This feature gives you the added confidence of knowing the site you're using has been confirmed as genuine.

What will you see?
This certificate of authenticity is recognised by most browsers, though there are variations in the way the different browsers display the validation.

The majority of users running Internet Explorer versions 7 and 8 (IE7 and IE8), Mozilla Firefox 3, Opera 9.5 and Safari 3.2  will see the following 'traffic light' responses on their address bars:

• Websites recognised as authenticated will display a GREEN address bar plus a padlock symbol, referencing the certificate and the authenticated website provider
• Websites considered to be suspicious will display an AMBER address bar with no padlock symbol
• Websites identified as fraudulent and a phishing site, or as having a revoked or expired validation certificate, will display a RED address bar

Users running Internet Explorer 6 (IE6), Mozilla Firefox 2 and Google Chrome will continue to see their standard address bar.  No 'traffic light' notification will be given though authenticated websites will display a padlock symbol in the address bar.

Other browsers not mentioned above will continue to see their standard address bars

To help you understand what is displayed on your browser and where, we've created this PDF document showing images of the various browser address bars, and what they will display in response to EVSSL validation.

Update your browser version
We always recommend you upgrade your browser now to one of the versions that is compatible with EVSSL. You can usually upgrade your browser version from your browser providers' website. Here are the most common providers*:
Upgrade your Internet Explorer browser
Upgrade your Mozilla Firefox browser
Upgrade your Safari browser
Upgrade your Chrome browser
Upgrade your Opera browser