Scams target people of all backgrounds and ages. With today’s modern technology, criminals are becoming increasingly sophisticated in their attempts to steal personal data and your money. It’s important to be alert and protect yourself against scams and to know what we are doing about it.

> Authorised Push Payment Fraud
> What we do to help protect you against Authorised Push Payment Fraud
> Looking after your data
> Phishing
> Vishing
> Pharming
> Passwords
> Keeping your browser up to date

Authorised Push Payment Fraud

Authorised Push Payment fraud is when you are deceived into transferring money from your account to a fraudster’s account. They often do this by contacting you via phone, email or social media and pretending to be someone else such as your bank, solicitor, a contractor, an estate agent or the police, for example.

On 28 May 2019, a number of banks and one building society, Nationwide, signed up to a new voluntary protection scheme, the ‘Contingent Reimbursement Model Code’, which now falls under the responsibility of the Lending Standards Board. The members of this scheme offer current accounts and process millions of transactions every day.

National Counties Building Society, along with all other Building Societies with the exception of Nationwide, is not part of this voluntary Code. This is because we do not operate current accounts or allow payments to be made to 3rd party accounts. Only payments made to a customer’s own nominated account are allowed.

What we do to help protect you against Authorised Push Payment Fraud

Although the Society is not part of the voluntary Code, you can be assured that any case of fraud that is reported to us is investigated thoroughly and promptly.

Anti-fraud measures are already in place to help combat fraud, from our own electronic security systems that protect your data, to our branch staff who are trained to spot when someone is about to fall victim to a scam.

Looking after your data

As you would expect, we take looking after our customer data and money very seriously. We’re proud to have received Cyber Essentials Plus accreditation. This means the Society has the necessary technical security and controls in place to ensure customer data is safe and secure.

We use the most up to date firewall security and regularly upgrade our systems and software controls

We employ external security auditors to robustly test our systems and controls

We will only act on change requests to your account after we have received clear evidence to prove that you are indeed the actual customer

We monitor for abnormal transactional activity and will contact you if we have any suspicion of unusual behaviour.


As a further level of protection, you will be reimbursed for an unauthorised withdrawal. This protection is subject to our 'General conditions for our savings accounts'. Users of our Online Service are also protected from unauthorised transactions. View our ‘Online Service Agreement'.

While the Society has many anti-fraud and data protection measures in place, there is much you can do to help yourself.

  • Never disclose security details, such as your PIN or passwords
  • Don’t assume an email, text or phone call is genuine
  • Don’t be rushed – a genuine organisation won’t mind waiting
  • Listen to your instincts – you know if something doesn’t feel right
  • Stay in control – don’t panic and make a decision you’ll regret

And remember, these useful tips:

  • Be alert to the fact that scams exist
  • Know who you're dealing with
  • Do not open suspicious texts, pop-up windows or click on links or attachments in emails – delete them
  • Don't respond to phone calls about your computer asking for remote access – hang up
  • Keep your personal details secure
  • Keep your mobile devices and computers secure
  • Choose your passwords carefully
  • Review your privacy and security settings on social media
  • Beware of any requests for your details or money
  • Be wary of unusual payment requests
  • Be careful when shopping online.

Below are a few of the most common types of scams and tips on how to avoid them.


Phishing refers to emails that attempt to fraudulently obtain your sensitive information. These emails will often direct you to a website requesting you to enter your personal information such as bank log in details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. 

Common features of phishing emails are:

  • Appear to be too good to be true (they often are) 
  • Have a sense of urgency
  • Address you in an unusual way
  • Contain multiple grammatical errors
  • Contain hyperlinks or attachments which may be from an unusual sender. 

If you receive an email from us that you are suspicious about, simply forward the email to and we will investigate it.



Fraudsters can also make unsolicited telephone calls encouraging individuals to provide sensitive data such as personally identifiable information. This is known as Vishing. If you’re unsure about a call you receive from any financial organisation, call them back but from another phone line such as a mobile or landline. We would recommend waiting about five minutes before doing so as sometimes the fraudster on the other end doesn’t hang up so when you make another call, they’re still on the line.

When we make an outgoing call e.g. to check something on an application or letter, please be aware that we will ask for personal data to identify you. We encourage you to follow the steps above if you are at all suspicious about any aspect of the call.



Pharming is another scam whereby a fraudster installs malicious code on a personal computer or server. This code usually redirects any clicks you make on a website to another fraudulent website without your consent or knowledge. Be especially careful when entering financial information on a website. Look out for the ‘s’ in https and the key or lock symbol in the browser. Don’t click on the website unless you’re absolutely certain that the website is secure.



To help keep your data and personal information safe you should ensure you set a strong password on your account. To help set a strong password see the useful points below.

  • Don’t use personal information
  • Don’t use easily recognisable numbers
  • Avoid using the word ‘password’
  • Use a mixture of letters and numbers
  • Use a mixture of capital and non-capital letters
  • Use symbols such as an asterix or exclamation mark
  • Make sure you have a long password
  • Modify easy to remember phrases
  • Try using three completely random words.

It’s important that you change your password regularly and use different passwords to those you’ve already used for other accounts. Also, don’t write passwords down or share them.

Keeping your browser up to date

In order to benefit from the latest security features that Google and Microsoft introduce as a matter of course, it is important that your web browser is up to date. We’ve created a page on our website that provides full instructions on how to check and upgrade your browser which you can view here.