Safe and sound with cahoot online

We’d like to assure you that your money is safe when you bank online. There's protections provided by the Payment Services Regulations 2009. In the unlikely event funds are taken from your account in the case of fraud, we'll refund you and restore your account to how it was before the unauthorised transaction happened. 

There are some instances when this protection isn’t available. For example, if you've acted fraudulently, or have deliberately, or with gross negligence failed to take reasonable steps to keep your security information safe.

The information on our website is split into two types of area: 'freely accessible' areas and 'secure' areas. We don't mind who visits the freely accessible areas and we don't check on who does. None of your personal information is kept there, just general information about our products and services that anyone can have access to.

The secure zone is where we keep personal information, which is why you must enter a security number before we can give you access. Your online banking is in the secure part of our site.

You can easily see which areas are secure, by looking at the address in the top of your browser. A secure area's web address will begin https:// instead of the usual http:// and you can also tell this by the padlock symbol in the URL bar of your web browser.

As another layer of protection the information you put into the secure zone is scrambled when you put it in. It's unscrambled when it gets to us and can't be read along the way. This is called data encryption. 

Keeping your internet browser up to date also helps with security. The latest versions of browsers will always contain the latest security updates. 

You can change your password and security number at any time by using the 'Change security settings' section of Online Banking. When changing your security details, use words and numbers you can easily remember that are only memorable to you. You could also include numbers to make it harder for someone to guess.

Please:

• choose a personal password made up of letters and digits only – over 15 characters long
• choose a security number exactly 5 digits long
• make your security details harder to guess
• not choose a code that includes repeated characters, e.g. 1111aaaa
• not include sequential characters, e.g. 123456789.

If you think someone might know your security codes you should change them immediately and call us on 0330 678 2811 or  0800 9 173 489 (freephone). We’re open 8am-6pm Monday-Friday, and 9am-5pm Saturday.

We're helping keep you safe from scams when you make payments

Find out more about making a new payment 

To increase your security online and help fight fraud, we use a One Time Passcode (OTP) to authorise particular transactions. Your OTP acts as a secure key to your account, helping to stop anyone but you logging on, authorising transactions or making changes to your account. 

If you make three incorrect log on attempts we'll disable your access to cahoot. You'll then need to go through the online 'forgotten your log on details' process to reset.

When you haven't used your cahoot banking session for 5 minutes we'll log you out of the cahoot site. This provides an extra safety net in case you forget to log out.

You've seen some of the steps we take to help prevent fraud but there are ways for you to boost this protection.

Recently there have been quite a few fraudulent emails assuming the identity of UK banks, encouraging people to share usernames and passwords. These emails look real and sometimes include the organisations' logos, copy the way they write and are designed to fool people into giving out their personal information.

Cahoot doesn’t send any emails to customers asking for any of their security details or any confidential information. If you get an email saying it’s from cahoot asking you to input your details then please let us know. At any time, if you feel suspicious about it, then delete it without opening.

If you think you might have given away confidential information, please click on 'contact us' once you've logged on to send us a secure message.

'Phishing' uses links that appear to be legitimate but actually take you somewhere else. 'Pharming' hijacks the domain name so that even if you're a 'phishing' aware user who specifically types in the website you want (e.g. https://www.bbc.co.uk/) you'll still end up at a different website anyway.

To help defeat 'pharming', you need to check the SSL (secure sockets layer), which provides you with a secure and private connection. When you log on to cahoot, double-click the padlock symbol at the bottom of your browser to ensure the site certificate is valid and belongs to cahoot. As long as the padlock symbol is there and is issued to cahoot you're not at any risk.

A trojan is a file that is sent disguised as something useful. When it's opened though, it can damage, wipe or steal the information on your computer. It's different from a virus because it can't copy itself. It can only spread if you help it by opening an email attachment or downloading it from the internet. 

The critical difference between a trojan and a virus is that a trojan cannot replicate itself. The only way that it can spread is if you help it, typically by opening an email attachment, or downloading from the internet.

Once you open this file, the trojan might record your log on details and stop your computer from working. A good line of defence is not to accept files from someone you don't know, and if you’re worried at all about something don't open the file.

Always try and keep your operating system (e.g. Windows XP) and web browser (e.g. Internet Explorer) up-to-date. Their makers often update them with new security.  To stay informed, have a look at the Microsoft website or visit the website of the operating system or browser that you're using.

When using wireless networks always make sure all security features are turned on so nobody else can access your information. We strongly advise you to review your configuration and ensure that strong encryption and authentication features are turned on. Features such as '128bit WEP' and the more recent, and more secure, 'WPA encryption technologies' are essential to protecting your data. For further information on Wi Fi security go to https://www.getsafeonline.org/

If you can, use a personal firewall and anti-virus software to prevent unauthorised access and viruses being downloaded onto your PC when you're on the internet.

Anti-virus software is available from many suppliers. Popular examples are Mcafee  and Symantec Norton . Some companies provide free versions of their software. Try and remember to keep them updated with the latest versions.

These are small files stored on your computer's hard drive. They don't cause any problems and are used to recognise users so you get a more consistent experience on our website. For more information on cookies and instructions on how to enable /disable cookies from your browser take a look at our cookie policy.

Never write your personal details down or share them with anyone. This is so that they can’t be used against you, such as someone attempting a login using your personal information.

Regularly check your transactions by looking at your account status and statement pages. If you find anything suspicious then report it by sending us a secure message from the online banking 'Help & contact us' tab.

Whenever you're using a PC in a public place such as a café, be extra careful. Additionally, make sure there's nobody behind you when you're entering your passwords or working with sensitive data.

Never leave your PC logged on to your cahoot account. When you've finished your online session always remember to log out and shut down your browser. This is especially important if you've been using a public PC.

For more information about web security please visit Financial Fraud Action UK.

This site gives advice and tips on how to use online banking services, on your computer or other device, securely and with confidence.