Information security

Security

Current Account Security

We understand the importance of the security and confidentiality of your personal information. Keeping our customers’ information secure is a top priority for us, but it is also important for you to protect your security online. Learn more by clicking on a link below for guidance on how best to protect your personal information.

 

3 Key Steps to Online Security

  • Consider using a personal firewall
  • Ensure that the operating system and other software (especially your browser) are regularly updated
  • Ensure that you have up-to-date, supported and licensed anti-virus and anti-spyware software in place

More detailed security steps are outlined in our "How to protect your online security" section.

Fake Emails and Websites

Often called "Phishing" these fake emails or websites appear to represent a legitimate company and try to obtain confidential Account details with a view to conducting illegal transactions on your Account. Please note that we (which includes: the Post Office® Online Banking, the Post Office and the Bank) will never send emails which require customers to send personal information via email or pop-up windows. Any unsolicited requests for any Post Office® personal current account information you receive through pop-up windows, emails, or websites should be considered fraudulent and should be reported immediately.

Your email address can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake email that appears to be from Post Office® Online Banking, the Post Office or the Bank, this does not mean that your email address, name, or any other information has been gathered from our systems.

How do I Identify a Fake email?

Fake emails will often:

  1. Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the "From" field, as this is easily altered.
  2. Ask you for personal information. Fake emails often contain an overly generic greeting and may claim that your information has expired, been corrupted or been lost, and that you must immediately resend it.
  3. Link to counterfeit websites. Fake emails may direct you to counterfeit websites carefully designed to look real, but which actually collect personal information for illegal use.
  4. Link to real websites. In addition to links to counterfeit websites, some fake emails also include links to legitimate websites. The fraudsters do this in an attempt to make a fake email appear real.
  5. Contain fraudulent phone numbers. Fake emails often contain telephone numbers that are linked to the fraudsters. Never call a number featured on an email you suspect is fraudulent, and be sure to double-check any numbers you do call.
  6. Contain real phone numbers. Some of the telephone numbers listed in fake emails may be legitimate, connecting to actual companies. Just like with links, fraudsters include the real phone numbers in an effort to make the email appear legitimate.

Fraudulent Pop-ups

Pop-up windows are the small windows or ads that appear suddenly over or under the window you are currently viewing. Fraudulent pop-up windows are a type of online fraud often used to obtain personal information with a view to conducting illegal transactions on your Account. Please note that Post Office Online Banking does not use pop-up windows to request your Account information. We will never display a pop-up window on our site that is not user initiated by you clicking on a link. Pop-up windows are often the result of programs installed on your computer called "adware" or "spyware." These programs look in on your web-viewing activity and regularly come hidden inside many free downloads, such as music-sharing software or screen savers. Many of these programs enable harmless advertisements, but some contain "Trojan horse" programs that can record your keystrokes or relay other information to an unauthorized source. Any unsolicited requests for any Post Office personal current Account information you receive through pop-up windows should be considered fraudulent and should be reported immediately.

Viruses

A computer virus is merely a programme that attaches itself to another programme or data file in order to spread and reproduce itself without the knowledge of the user. The effects of these viruses can vary widely depending on what they were designed to do, some viruses are annoying but cause no significant damage, others can be quite harmful and can even erase data, corrupt disks or in the case of business computers, degrade a network's performance. As viruses are designed to hide their presence in legitimate programs or data files, viruses are usually spread from computer to computer by individuals who are unaware they are doing so. The main methods by which viruses are generally transmitted include:

  • Attachments to e-mail messages;
  • Files downloaded from the internet
  • Using infected disks or compact disks (CDs)
     

Common symptoms that your computer may have a virus:

  • Applications that don't work properly;
  • Disks can't be accessed;
  • Printing doesn't work correctly;
  • Pull-down menus are distorted;
  • File size changes for no apparent reason;
  • Date of last access does not match date of last use;
  • An increase in the number of files on the system when nothing has been added;
  • Uncommanded disk drive activity;
  • Unusual error messages;
  • System slows down, freezes or crashes.
     

Spyware

'Spyware' is software that is downloaded onto your hard disk, without your knowledge. Once there, it can collect information from your computer system and may transmit it elsewhere. It may also gather and transmit information about e-mail addresses, passwords and online Account details.

How to recognise Spyware:

  • You may have contracted spyware if the following symptoms occur:
  • Pop-up ads appear, even offline, often for 'adult' sites;
  • Your homepage/search settings unexpectedly change;
  • Your browser toolbar changes and is hard to restore;
  • System performance deteriorates unexpectedly.

How to avoid Spyware:

  • Install a reliable anti-spyware application;
  • Ensure the application is kept up to date;
  • Use a firewall
  • Adjust security settings on your browser to a sufficiently high level - the higher the security level, the lower the risk. By default, Internet Explorer classifies all websites into a single zone (the Internet zone) and assigns everything medium level security. When you are using this level of security, Internet Explorer will ask you to confirm that you want to download a file, unless you have previously indicated that the website or publisher is trusted. If you are using an alternative web browser, check the providers instructions on how to limit your exposure to spyware by configuring the browser settings;
  • Be security conscious when surfing and downloading;
  • Only download from sites you trust;
  • Read security information before you download software;
  • Never click "Agree" or "OK" to an unexpected pop-up or window. Instead, close the window by clicking on the "x" button on the top right hand corner of the window.

What to do if you think you have Spyware:

  • Install and run anti-spyware software to remove any spyware from your system;
  • Keep it updated and use it to perform regular checks on your computer system;
  • Check whether or not your Internet Service Provider (ISP) offers anti-spyware software.

How to protect your security online

We are continuously working to ensure the security of your Accounts. With your help we can reduce the risk posed by online fraudulent activity. Below is a list of some simple steps to take to protect your Accounts.

  1. Always log-out of Post Office Online Banking and close your browser after you use Post Office Online Banking.
  2. Do not release passwords (e.g. power-on, log-on, screensaver, internet Account, Post Office Online Banking) to anyone. Remember that you alone are accountable for actions carried out when your User ID is used.
  3. Ensure that the operating system and other software on your PC are fit for purpose and are configured appropriately.
  4. Ensure that the operating system and other software (especially your browser) are regularly updated with relevant security patches and bug-fixes (available frequently from the vendor sites). Subscribe to your vendor's security mailing lists and apply updates as appropriate to your operating system.
  5. Ensure that you have up-to-date, supported and licensed anti-virus software in place.
  6. Consider activating a pop-up blocker. Some browsers now incorporate this functionality by default.
  7. Consider using a personal firewall.
  8. Do not open unsolicited e-mail (in particular, any attachments that are associated with this form of communication). Be sure of your sender.
  9. Do not send confidential information via internet e-mail unless appropriately secured.
  10. Always check the validity of the certificate on a website where you enter personal details (e.g. passwords, payments).
  11. Be wary of the content of unsolicited e-mails appearing to come from a trusted source asking you to validate your logon / payment credentials. Always check with the institution first using their pre-registered / published contact details (not details supplied in the e-mail).
  12. Use secure websites for transactions and shopping. Be sure the web page you are viewing offers encryption of your data. Often you will see a lock symbol in the lower right-hand corner of your browser window, or the web address of the page you are viewing will begin with "https://...". The "s" indicates "secured" and means the web page uses encryption. Post Office Online Banking, for instance, provides 128-bit encryption - the highest level commercially available today.
  13. If in doubt please contact us on 0345 266 8977 Calls cost no more than calls to geographic numbers (01 or 02). Calls from landlines and mobiles are included in free call packages (from with the UK) or +44 117 300 6876 from abroad.

How we protect your security online

  1. When logging on to Post Office Online Banking we will ask you to provide your own private and individual User ID and Post Office Online Banking PIN in conjunction with a personal detail question. This information is encrypted during transmission and will remain a secret as long as you do not disclose it. We use what is known as 128 bit SSL to ensure the highest level of security of information passing between our Account Holders and ourselves.
  2. Post Office Online Banking requires the use of a secure browser to access Account information and perform transactions.
  3. The website is protected by a firewall, which forms a barrier between the outside internet and the internal systems that support the website.
  4. Your name, address and full Account number will never appear on screen. Payee details will appear on screen and in the receipt which you can print off when we confirm your instruction to make a funds transfer or pay a bill.
  5. After a 10 minute period of inactivity your current session on the website will automatically timeout. To restart your session, all you have to do is re-enter your User ID, PIN and password at the login screen.

How to report online fraud

Step 1: Call the Post Office

If you receive a fraudulent email, pop-up or web page report it immediately to us on 0345 266 8977 Calls cost no more than calls to geographic numbers (01 or 02). Calls from landlines and mobiles are included in free call packages (from within the UK) or +44 117 300 6876 from abroad. Do not reply or follow any of the specified instructions, regardless of how genuine they may appear.

Step 2: Monitor your Accounts

Monitor your Accounts on a regular basis and report any suspicious money transfers, payments or unauthorised access immediately. One of the best ways to detect fraudulent activity quickly is by examining your Account activity regularly.[/no-lexicon]

Security Definitions

Secure Browser

A secure browser means you can send and receive messages using technology, which encrypts the information so it's virtually impossible for anyone other than you and us to read it. Use an internet browser that has Secure Sockets Layer (SSL) encryption version 3.0 or higher to conduct secure transactions over the internet. Microsoft Internet Explorer, Mozilla Firefox and Apple Safari are all examples of browsers that employ SSL technology to communicate with appropriately configured servers.

Secure Socket Layer

An encryption that creates a secure communication channel by encrypting information while it is transmitted over the internet to prevent the information being intercepted or modified. SSL authenticates that the server you've connected to is the one it purports to be. Post Office Online Banking uses what is known as 128 bit SSL to ensure the highest level of security of information passing between our Account Holders and us. You can be assured that you are actually communicating with us, and not a third party trying to intercept the transaction.

Firewall

The purpose of a firewall is to ensure only the valid requests are allowed to pass to the systems and networks that support this website - all other traffic from the Internet is rejected. The firewall verifies the source and destination of each message, and determines whether or not to let the message through. Access is denied if the message is not directed at a specific service.

Browser Encryption

Internet communications are not secure unless the data is encrypted. This allows for the transfer of digitally signed certificates for authentication procedures and provides message integrity, so that information cannot be tampered with in transit.

When a session is encrypted, certain aspects of the browser change:

Many browsers use a key or padlock symbol in the browser screen to show the user that encryption is in use. Please consult your browser provider for more information on encryption. Check the web address that you have accessed. If you are in a secure area, the address will appear as https://www. Notice the "s" in the address. This means that you have accessed a secure server.