Safe and sound with cahoot online

We're completely committed to protecting you when you use this website. As you may know, internet security technology is very good these days. We confirm the identity of customers through the use of multiple security credentials that have been designed in accordance with financial industry standards and best practice.

Furthermore, any information sent between you and cahoot when using the cahoot online service uses strong industry-standard security technology. 

Rest assured that your money is safe when you bank online. There's protection provided by the Payment Services Regulations 2009. In the unlikely event funds are taken from your account as a result of fraud, we'll refund you and restore your account to the state it would have been in had the unauthorised payment transaction not taken place.

There are some circumstances in which this protection is not available. For example if you've acted fraudulently or have deliberately or with gross negligence failed to take reasonable steps to keep your security information safe. 

The information on our website is split into two types of area: 'freely accessible' areas and 'secure' areas. We don't mind who visits the freely accessible areas and we don't check on who does. None of your personal information is kept there, just general information about our products and services that anyone can have access to.

The secure zone is where we keep personal information, which is why you have to enter a personal password and security number before we can give you access. For example, you'll use the secure areas of our site when you access your cahoot accounts online.

You can identify secure areas by looking at the address in the top of your browser. A secure area's web address will begin https:// rather than the usual http:// and you can also tell this by the padlock symbol in the bottom right hand corner of your web browser.

On top of this, any information you submit online is protected by data encryption. Your browser scrambles the information, which is later unscrambled when it gets to us. It cannot be read along the way.

To prevent problems viewing secure sites like ours, it's always a good idea to have the latest version of your browser installed.

You can change your password and security number at any time by using the 'Change security settings' section of online banking. When changing your security details, use words and numbers you can easily remember, such as a place or name that you know, but make sure it's only memorable to you. You could also include numbers to make it harder for someone to guess.

To be more precise, you must:

  • choose a personal password made up of letters and digits only – it must be between 6 and 20 characters long
  • choose a security number exactly 5 digits long
  • make your security details harder to guess
  • not choose a code that includes repeated characters, e.g. 1111aaaa
  • not include sequential characters, e.g. 123456789.

If you think someone may know your security codes you should change them immediately and notify us at once by calling us on 0800 5871 111. We're open 8am to 8pm Monday to Friday, and 9am to 5pm on Saturday.

We only request and display personal information about you and your accounts and dealings from secure areas of our site.

Exactly the same security measures, including data encryption and passwords, apply to all our online application and transactional processes. In addition, these services are protected by firewalls. This technology monitors and prevents any unauthorised access to our computer systems (where personal data is kept) - which means unauthorised people cannot access account and personal details.

When you bank online, it's important that we recognise each other. That's where your secret image and phrase combination comes in. This extra security level assures you that you're logging on to the genuine cahoot website. It also lets us identify the desktop computer(s) you normally use and your log on details.

So, even if a would-be fraudster gets hold of your user name, we can stop them logging on to your account. Don't worry though – this doesn't mean you can't log on from a desktop computer you don't normally use. We simply ask your memorable information questions.

Remember – don't ever enter your online password and security number if the image and phrase isn't displayed.

We're changing the way you pay someone new

We want to do everything we can to make sure that you’re safe from scams when you make a new payment.


We’re working with other UK banks and the regulators to make changes to the steps you need to make when you make new payments. The reason for these changes is to help you be as sure as you can be that your money goes to the right place.
 
 

We need extra details when you pay someone new

When you make a payment to someone you haven’t paid before (a ‘new payee’), as well as the account number and sort code, you’ll now need:

  • The account name exactly as it appears on the account 
  • The account type – personal or business 

We’ll check what you tell us against the details on the new payee’s account and let you know the results before you make the payment. There will be a few outcomes:


1.      The name and account type match 
If you use the correct name and account type, you’ll receive confirmation that they match the account you’re trying to pay, so you can proceed with the payment. No payments will be made automatically. Even when the name and account type match, you’ll always need to confirm that you want to go ahead with a payment.


2.      The details partially match 
If you’ve got a partial match, you’ll be given the actual name or account type of the account holder, so you can check and update the details, or contact the person or organisation you are trying to pay.
 
3.      The name doesn’t match 
If the name doesn’t match, you’ll be told that the name is not correct and advised to contact the person or organisation you’re trying to pay.

 

Joint accounts

If you need to pay a joint account you’ll need to ask for the name of a joint account exactly as it’s registered with your payees’ bank, the same as for any other account.

 

Giving you extra peace of mind

These checks can help you avoid simple mistakes like mis-typing account details when you set up a payment. They also help tackle fraud. They offer increased protection against authorised push payment scams, which are payments you initiate and authorise from your account, usually through Online Banking (they may include transactions such as a single Faster Payment when sending money to friends, family or organisations, setting up standing orders or setting up a single CHAPS payment.) The checks also aim to reduce the chance of you falling victim to the different forms of maliciously misdirected payments. Credit cards and BACS payments including Direct Debits are not included for the time being. 

 

Keeping you secure

To check that payee names are right, banks will use a secure directory. We’re one of several of the UK’s largest financial organisations to implement these changes. Other institutions include: Bank of Scotland, Barclays, HSBC, Lloyds, NatWest, Nationwide, RBS and Ulster Bank. 

 

When is it happening? 

The banking industry is making these changes over a period of time to minimise any potential disruption. They’ll happen between the end of 2019 and early April 2020, but not all banks are participating straight away.

    

Opting out

Customers of the participating banks will automatically be included so that we can make these checks to help our customers pay the right account. However, if you’d rather opt out, you can let us know and we’ll make sure that your name won’t be validated and presented back to anyone sending you payments. If you’d like to discuss opting out, or understand the implications, please call us. 

 

Never set up new or change existing payment details without first verifying the request directly with the person or company you’re paying, preferably using existing contact details.

 

 

 

 

This system sends a unique, one-off passcode to your mobile phone. It's only needed when we want you to verify that a payment to a new payee or a request to amend some important details (like your address) is genuine.

The great thing about OTP is that you only need to register a mobile phone number with us to use it – and you won't have to remember any new passwords or carry a separate kit, such as a card reader.

Therefore, it's important that you keep us updated when you change your mobile number so you're able to receive your OTP messages.

Remember – always make sure the details quoted within the OTP message correspond with your original request. If you ever receive an OTP message which you're not expecting, notify us immediately as it may be a sign of attempted fraud on your account.

If you make three incorrect log on attempts we'll disable your access to cahoot. You'll then need to go through the online 'forgotten your log on details' process to reset.

When you haven't used your cahoot banking session for 10 minutes we'll log you out of the cahoot site. This provides an extra safety net in case you forget to log out.

You've seen some of the steps we take to help prevent fraud but there are ways for you to boost this protection.

Recently there have been quite a few fraudulent emails assuming the identity of UK banks, encouraging people to share user names and passwords. These authentic-looking messages sometimes include the organisations' logos and are designed to fool people into divulging their personal information.

We'd like to confirm that cahoot does not send any emails to customers requesting their security details or any other confidential information. If you receive an email reporting to be from cahoot asking you to input your details then please let us know. At any time, if you feel at all suspicious about it, then delete it without opening.

If you're concerned that you may have disclosed any confidential information, please click on 'contact us' once you've logged on to send us a secure message.

'Phishing' uses links that appear to be legitimate but actually take you somewhere else. 'Pharming' hijacks the domain name so that even if you're a 'phishing' aware user who specifically types in the website you want (e.g. http://www.bbc.co.uk) you'll still end up at a different website anyway.

To help defeat 'pharming', you need to check the SSL (secure sockets layer), which provides you with a secure and private connection. When you log on to cahoot, double-click the padlock symbol at the bottom of your browser to ensure the site certificate is valid and belongs to cahoot. As long as the padlock symbol is there and is issued to cahoot you're not at any risk.

A trojan is a malicious file, usually disguised as something useful, but when activated, can cause loss, damage or even theft of data.

The critical difference between a trojan and a virus is that a trojan cannot replicate itself. The only way that it can spread is if you help it, typically by opening an email attachment, or downloading from the internet.

Once you open this file, the trojan goes to work destroying your computer's functionality – possibly recording your log on details. A good line of defence is not to accept files from someone you don't know, and if you've any doubts, don't open the file.

Always try and keep your operating system (e.g. Windows XP) and web browser (e.g. Internet Explorer) up-to-date. They're not infallible products, which is why the makers often provide patches to correct problems. To stay informed, have a look at the Microsoft website or visit the website of the relevant operating system or browser that you're using.

When using wireless networks always make sure all security features are turned on so nobody else can access your information. We strongly advise you to review your configuration and ensure that strong encryption and authentication features are turned on. Features such as '128bit WEP' and the more recent, and more secure, 'WPA encryption technologies' are essential to protecting your data. For further information on Wi Fi security go to www.getsafeonline.org

If you can, use a personal firewall and anti-virus software to prevent unauthorised access and viruses being downloaded onto your PC when you're on the internet.

Anti-virus software is available from many suppliers such as McAfee www.mcafee.com.uk and Symantec www.symantec.com.uk. Some companies provide free versions of their software. Do try and remember to keep them updated with the latest versions

These are small files stored on your computer's hard drive. They don't cause any problems and are used to recognise users so you get a more consistent experience on our website. For more information on cookies and instructions on how to enable /disable cookies from your browser take a look at our cookie policy.

Never write your personal details down or share them with anyone.

Regularly check your transactions by looking at your account status and statement pages. If you find anything suspicious then report it by sending us a secure message from the online banking 'Help & contact us' tab.

Whenever you're using a PC in a public place such as a cyber café, be extra careful. Make sure there's nobody behind you when you're entering your passwords.

Never leave your PC logged on to your cahoot account. When you've finished your online session always remember to log out and shut down your browser. This is especially important if you've been using a public PC.

For further information on web security please visit Financial Fraud Action UK.

This site aims to provide advice and tips on how to use online banking services, on your computer or other device, securely and with confidence.