PROTECTING YOURSELF AGAINST FRAUDS AND SCAMS

More in this section

Scams target people of all backgrounds and ages. With today’s modern technology, criminals are becoming increasingly sophisticated in their attempts to steal personal data and your money. It’s important to be alert and protect yourself against scams and to know what we are doing about it.

> Authorised Push Payment Fraud
> Looking after your data
> Phishing
> Vishing
> Pharming
> Passwords
> Keeping your browser up to date

Authorised Push Payment Fraud

What is an Authorised Push Payment (APP) Fraud?

An APP fraud is when you are tricked into sending money to a fraudster, either through being deceived about who you are paying, or about the purpose of the payment.

In May 2022, the government announced that they would make new laws to allow a regulatory body, called the Payment Systems Regulator (PSR), to require banks and payment services providers to reimburse people who have been tricked into sending money to scammers, and this came into effect in June 2023.

From 7 October 2024, this regulation will offer greater protection to most victims of this type of fraud. 

Am I eligible for reimbursement?

If you are the victim of an APP fraud, you may be eligible to claim reimbursement if:

  • You’re an individual, a micro-enterprise (with under 10 employees) or a small charity
  • your payment was made by faster payments or CHAPS on or after 7 October 2024
  • your payment was made to a UK account that can send or receive faster payments
  • you have made your claim within 13 months of the last payment made to the fraudster.

Note: There is no minimum amount you can claim. The maximum amount that can be claimed for an APP fraud from 7 October is £85,000. An excess of up to £100 may apply. If eligible, you could receive a refund within five business days, unless more time is needed to investigate your claim.

When might I not be eligible for reimbursement?

You may not be able to claim reimbursement if:

  • the payment was made to another account that you control, such as your nominated account
  • you have acted fraudulently
  • you have been significantly careless, for example, by ignoring advice from your bank not to proceed with a payment
  • the payment is part of a civil dispute, for example, where you were not satisfied with the goods you paid for
  • the payment was sent or received by a credit union, municipal bank or national savings bank.

What should I do if I’m a victim?

If you suspect one of the following:

  • One of your accounts with us has been affected by fraud, please contact us immediately. Our contact details can be found here
  • The fraud originated from your retail bank please contact them directly.

In addition please note the following:

  • You must report the scam as soon as you can, and no more than 13 months after the last fraudulent payment was made
  • We may ask you for additional information about your claim, please make sure you respond to these requests
  • Once you have made the claim, we may ask you to report the details of the fraud to the police or offer to do this for you, and would request your consent to do this.

 

Looking after your data

As you would expect, we take looking after our customer data and money very seriously. We are proud to have received Cyber Essentials Plus accreditation. This means the Society has the necessary technical security and controls in place to ensure customer data is safe and secure.

We use the most up to date firewall security and regularly upgrade our systems and software controls

We employ external security auditors to robustly test our systems and controls

We will only act on change requests to your account after we have received clear evidence to prove that you are indeed the actual customer

We monitor for abnormal transactional activity and will contact you if we have any suspicion of unusual behaviour.

Cyber-essentials

As a further level of protection, you will be reimbursed for an unauthorised withdrawal. This protection is subject to our 'General conditions for our savings accounts'. Users of our Online Service are also protected from unauthorised transactions. View our ‘Online Service Agreement'.

While the Society has many anti-fraud and data protection measures in place, there is much you can do to help yourself.

  • Never disclose security details, such as your PIN or passwords
  • Don’t assume an email, text or phone call is genuine
  • Don’t be rushed – a genuine organisation won’t mind waiting
  • Listen to your instincts – you know if something doesn’t feel right
  • Stay in control – don’t panic and make a decision you’ll regret

And remember, these useful tips:

  • Be alert to the fact that scams exist
  • Know who you're dealing with
  • Do not open suspicious texts, pop-up windows or click on links or attachments in emails – delete them
  • Don't respond to phone calls about your computer asking for remote access – hang up
  • Keep your personal details secure
  • Keep your mobile devices and computers secure
  • Choose your passwords carefully
  • Review your privacy and security settings on social media
  • Beware of any requests for your details or money
  • Be wary of unusual payment requests
  • Be careful when shopping online.


Below are a few of the most common types of scams and tips on how to avoid them.

Phishing

Phishing refers to emails that attempt to fraudulently obtain your sensitive information. These emails will often direct you to a website requesting you to enter your personal information such as bank log in details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. 

Common features of phishing emails are:

  • Appear to be too good to be true (they often are) 
  • Have a sense of urgency
  • Address you in an unusual way
  • Contain multiple grammatical errors
  • Contain hyperlinks or attachments which may be from an unusual sender. 

If you receive an email from us that you are suspicious about, simply forward the email to besecure@ncbs.co.uk and we will investigate it.

 

Vishing

Fraudsters can also make unsolicited telephone calls encouraging individuals to provide sensitive data such as personally identifiable information. This is known as Vishing. If you’re unsure about a call you receive from any financial organisation, call them back but from another phone line such as a mobile or landline. We would recommend waiting about five minutes before doing so as sometimes the fraudster on the other end doesn’t hang up so when you make another call, they’re still on the line.

When we make an outgoing call e.g. to check something on an application or letter, please be aware that we will ask for personal data to identify you. We encourage you to follow the steps above if you are at all suspicious about any aspect of the call.

 

Pharming

Pharming is another scam whereby a fraudster installs malicious code on a personal computer or server. This code usually redirects any clicks you make on a website to another fraudulent website without your consent or knowledge. Be especially careful when entering financial information on a website. Look out for the ‘s’ in https and the key or lock symbol in the browser. Don’t click on the website unless you’re absolutely certain that the website is secure.

 

Passwords

To help keep your data and personal information safe you should ensure you set a strong password on your account. To help set a strong password see the useful points below.

  • Don’t use personal information
  • Don’t use easily recognisable numbers
  • Avoid using the word ‘password’
  • Use a mixture of letters and numbers
  • Use a mixture of capital and non-capital letters
  • Use symbols such as an asterix or exclamation mark
  • Make sure you have a long password
  • Modify easy to remember phrases
  • Try using three completely random words.

It’s important that you change your password regularly and use different passwords to those you’ve already used for other accounts. Also, don’t write passwords down or share them.

Keeping your browser up to date

In order to benefit from the latest security features that Google and Microsoft introduce as a matter of course, it is important that your web browser is up to date. We’ve created a page on our website that provides full instructions on how to check and upgrade your browser which you can view here.

You also may find the following links useful:

Take Five - https://takefive-stopfraud.org.uk/

Get Safe Online - https://www.getsafeonline.org/shopping-banking/telephone-banking-fraud/

Action Fraud - http://www.actionfraud.police.uk/