Safe and sound with cahoot online

We're completely committed to protecting you when you use this website. As you may know, internet security technology is very good these days. We confirm the identity of customers through the use of multiple security credentials that have been designed in accordance with financial industry standards and best practice.

Furthermore, any information sent between you and cahoot when using the cahoot online service uses strong industry-standard security technology. 

Rest assured that your money is safe when you bank online. There's protection provided by the Payment Services Regulations 2009. In the unlikely event funds are taken from your account as a result of fraud, we'll refund you and restore your account to the state it would have been in had the unauthorised payment transaction not taken place.

There are some circumstances in which this protection is not available. For example if you've acted fraudulently or have deliberately or with gross negligence failed to take reasonable steps to keep your security information safe. 

The information on our website is split into two types of area: 'freely accessible' areas and 'secure' areas. We don't mind who visits the freely accessible areas and we don't check on who does. None of your personal information is kept there, just general information about our products and services that anyone can have access to.

The secure zone is where we keep personal information, which is why you have to enter a personal password and security number before we can give you access. For example, you'll use the secure areas of our site when you access your cahoot accounts online.

You can identify secure areas by looking at the address in the top of your browser. A secure area's web address will begin https:// rather than the usual http:// and you can also tell this by the padlock symbol in the bottom right hand corner of your web browser.

On top of this, any information you submit online is protected by data encryption. Your browser scrambles the information, which is later unscrambled when it gets to us. It cannot be read along the way.

To prevent problems viewing secure sites like ours, it's always a good idea to have the latest version of your browser installed.

You can change your password and security number at any time by using the 'Change security settings' section of online banking. When changing your security details, use words and numbers you can easily remember, such as a place or name that you know, but make sure it's only memorable to you. You could also include numbers to make it harder for someone to guess.

To be more precise, you must:

  • choose a personal password made up of letters and digits only – it must be between 6 and 20 characters long
  • choose a security number exactly 5 digits long
  • make your security details harder to guess
  • not choose a code that includes repeated characters, e.g. 1111aaaa
  • not include sequential characters, e.g. 123456789.

If you think someone may know your security codes you should change them immediately and notify us at once by calling us on 0330 678 2811 or you can call us on 0800 9 173 489 (freephone). We’re open 8am-6pm Monday-Friday, and 9am-5pm Saturday.

We only request and display personal information about you and your accounts and dealings from secure areas of our site.

Exactly the same security measures, including data encryption and passwords, apply to all our online application and transactional processes. In addition, these services are protected by firewalls. This technology monitors and prevents any unauthorised access to our computer systems (where personal data is kept) - which means unauthorised people cannot access account and personal details.

We're helping keep you safe from scams when you make payments

Find out more about making a new payment

To increase your security online and help fight fraud, we use a One Time Passcode (OTP) to authorise particular transactions. Your OTP acts as a secure key to your account, helping to stop anyone but you logging on, authorising transactions or making changes to your account. 

If you make three incorrect log on attempts we'll disable your access to cahoot. You'll then need to go through the online 'forgotten your log on details' process to reset.

When you haven't used your cahoot banking session for 5 minutes we'll log you out of the cahoot site. This provides an extra safety net in case you forget to log out.

You've seen some of the steps we take to help prevent fraud but there are ways for you to boost this protection.

Recently there have been quite a few fraudulent emails assuming the identity of UK banks, encouraging people to share user names and passwords. These authentic-looking messages sometimes include the organisations' logos and are designed to fool people into divulging their personal information.

We'd like to confirm that cahoot does not send any emails to customers requesting their security details or any other confidential information. If you receive an email reporting to be from cahoot asking you to input your details then please let us know. At any time, if you feel at all suspicious about it, then delete it without opening.

If you're concerned that you may have disclosed any confidential information, please click on 'contact us' once you've logged on to send us a secure message.

'Phishing' uses links that appear to be legitimate but actually take you somewhere else. 'Pharming' hijacks the domain name so that even if you're a 'phishing' aware user who specifically types in the website you want (e.g. you'll still end up at a different website anyway.

To help defeat 'pharming', you need to check the SSL (secure sockets layer), which provides you with a secure and private connection. When you log on to cahoot, double-click the padlock symbol at the bottom of your browser to ensure the site certificate is valid and belongs to cahoot. As long as the padlock symbol is there and is issued to cahoot you're not at any risk.

A trojan is a malicious file, usually disguised as something useful, but when activated, can cause loss, damage or even theft of data.

The critical difference between a trojan and a virus is that a trojan cannot replicate itself. The only way that it can spread is if you help it, typically by opening an email attachment, or downloading from the internet.

Once you open this file, the trojan goes to work destroying your computer's functionality – possibly recording your log on details. A good line of defence is not to accept files from someone you don't know, and if you've any doubts, don't open the file.

Always try and keep your operating system (e.g. Windows XP) and web browser (e.g. Internet Explorer) up-to-date. They're not infallible products, which is why the makers often provide patches to correct problems. To stay informed, have a look at the Microsoft website or visit the website of the relevant operating system or browser that you're using.

When using wireless networks always make sure all security features are turned on so nobody else can access your information. We strongly advise you to review your configuration and ensure that strong encryption and authentication features are turned on. Features such as '128bit WEP' and the more recent, and more secure, 'WPA encryption technologies' are essential to protecting your data. For further information on Wi Fi security go to

If you can, use a personal firewall and anti-virus software to prevent unauthorised access and viruses being downloaded onto your PC when you're on the internet.

Anti-virus software is available from many suppliers such as McAfee and Symantec Some companies provide free versions of their software. Do try and remember to keep them updated with the latest versions

These are small files stored on your computer's hard drive. They don't cause any problems and are used to recognise users so you get a more consistent experience on our website. For more information on cookies and instructions on how to enable /disable cookies from your browser take a look at our cookie policy.

Never write your personal details down or share them with anyone.

Regularly check your transactions by looking at your account status and statement pages. If you find anything suspicious then report it by sending us a secure message from the online banking 'Help & contact us' tab.

Whenever you're using a PC in a public place such as a cyber café, be extra careful. Make sure there's nobody behind you when you're entering your passwords.

Never leave your PC logged on to your cahoot account. When you've finished your online session always remember to log out and shut down your browser. This is especially important if you've been using a public PC.

For further information on web security please visit Financial Fraud Action UK.

This site aims to provide advice and tips on how to use online banking services, on your computer or other device, securely and with confidence.