We're completely committed to protecting you when you use this website. As you may know, internet security technology is very good these days. We confirm the identity of customers through the use of multiple security credentials that have been designed in accordance with financial industry standards and best practice.
Furthermore, any information sent between you and cahoot when using the cahoot online service uses strong industry-standard security technology.
Rest assured that your money is safe when you bank online. There's protection provided by the Payment Services Regulations 2009. In the unlikely event funds are taken from your account as a result of fraud, we'll refund you and restore your account to the state it would have been in had the unauthorised payment transaction not taken place.
There are some circumstances in which this protection is not available. For example if you've acted fraudulently or have deliberately or with gross negligence failed to take reasonable steps to keep your security information safe.
The information on our website is split into two types of area: 'freely accessible' areas and 'secure' areas. We don't mind who visits the freely accessible areas and we don't check on who does. None of your personal information is kept there, just general information about our products and services that anyone can have access to.
The secure zone is where we keep personal information, which is why you have to enter a personal password and security number before we can give you access. For example, you'll use the secure areas of our site when you access your cahoot accounts online.
You can identify secure areas by looking at the address in the top of your browser. A secure area's web address will begin https:// rather than the usual http:// and you can also tell this by the padlock symbol in the bottom right hand corner of your web browser.
On top of this, any information you submit online is protected by data encryption. Your browser scrambles the information, which is later unscrambled when it gets to us. It cannot be read along the way.
To prevent problems viewing secure sites like ours, it's always a good idea to have the latest version of your browser installed.
You can change your password and security number at any time by using the 'Change security settings' section of online banking. When changing your security details, use words and numbers you can easily remember, such as a place or name that you know, but make sure it's only memorable to you. You could also include numbers to make it harder for someone to guess.
To be more precise, you must:
- choose a personal password made up of letters and digits only – it must be between 6 and 20 characters long
- choose a security number exactly 5 digits long
- make your security details harder to guess
- not choose a code that includes repeated characters, e.g. 1111aaaa
- not include sequential characters, e.g. 123456789.
If you think someone may know your security codes you should change them immediately and notify us at once by calling us on 0800 5871 111. We're open 8am to 8pm Monday to Friday, and 9am to 5pm on Saturday.
We only request and display personal information about you and your accounts and dealings from secure areas of our site.
Exactly the same security measures, including data encryption and passwords, apply to all our online application and transactional processes. In addition, these services are protected by firewalls. This technology monitors and prevents any unauthorised access to our computer systems (where personal data is kept) - which means unauthorised people cannot access account and personal details.
When you bank online, it's important that we recognise each other. That's where your secret image and phrase combination comes in. This extra security level assures you that you're logging on to the genuine cahoot website. It also lets us identify the desktop computer(s) you normally use and your log on details.
So, even if a would-be fraudster gets hold of your user name, we can stop them logging on to your account. Don't worry though – this doesn't mean you can't log on from a desktop computer you don't normally use. We simply ask your memorable information questions.
Remember – don't ever enter your online password and security number if the image and phrase isn't displayed.
This system sends a unique, one-off passcode to your mobile phone. It's only needed when we want you to verify that a payment to a new payee or a request to amend some important details (like your address) is genuine.
The great thing about OTP is that you only need to register a mobile phone number with us to use it – and you won't have to remember any new passwords or carry a separate kit, such as a card reader.
Therefore, it's important that you keep us updated when you change your mobile number so you're able to receive your OTP messages.
Remember – always make sure the details quoted within the OTP message correspond with your original request. If you ever receive an OTP message which you're not expecting, notify us immediately as it may be a sign of attempted fraud on your account.
If you make three incorrect log on attempts we'll disable your access to cahoot. You'll then need to go through the online 'forgotten your log on details' process to reset.
When you haven't used your cahoot banking session for 10 minutes we'll log you out of the cahoot site. This provides an extra safety net in case you forget to log out.
You've seen some of the steps we take to help prevent fraud but there are ways for you to boost this protection.
Recently there have been quite a few fraudulent emails assuming the identity of UK banks, encouraging people to share user names and passwords. These authentic-looking messages sometimes include the organisations' logos and are designed to fool people into divulging their personal information.
We'd like to confirm that cahoot does not send any emails to customers requesting their security details or any other confidential information. If you receive an email reporting to be from cahoot asking you to input your details then please let us know. At any time, if you feel at all suspicious about it, then delete it without opening.
If you're concerned that you may have disclosed any confidential information, please click on 'contact us' once you've logged on to send us a secure message.
'Phishing' uses links that appear to be legitimate but actually take you somewhere else. 'Pharming' hijacks the domain name so that even if you're a 'phishing' aware user who specifically types in the web site you want (e.g. http://www.bbc.co.uk) you'll still end up at a different web site anyway.
To help defeat 'pharming', you need to check the SSL (secure sockets layer), which provides you with a secure and private connection. When you log on to cahoot, double-click the padlock symbol at the bottom of your browser to ensure the site certificate is valid and belongs to cahoot. As long as the padlock symbol is there and is issued to cahoot you're not at any risk.
A trojan is a malicious file, usually disguised as something useful, but when activated, can cause loss, damage or even theft of data.
The critical difference between a trojan and a virus is that a trojan cannot replicate itself. The only way that it can spread is if you help it, typically by opening an email attachment, or downloading from the internet.
Once you open this file, the trojan goes to work destroying your computer's functionality – possibly recording your log on details. A good line of defence is not to accept files from someone you don't know, and if you've any doubts, don't open the file.
Always try and keep your operating system (e.g. Windows XP) and web browser (e.g. Internet Explorer) up-to-date. They're not infallible products, which is why the makers often provide patches to correct problems. To stay informed, have a look at the Microsoft website or visit the website of the relevant operating system or browser that you're using.
When using wireless networks always make sure all security features are turned on so nobody else can access your information. We strongly advise you to review your configuration and ensure that strong encryption and authentication features are turned on. Features such as '128bit WEP' and the more recent, and more secure, 'WPA encryption technologies' are essential to protecting your data. For further information on Wi Fi security go to www.getsafeonline.org
If you can, use a personal firewall and anti-virus software to prevent unauthorised access and viruses being downloaded onto your PC when you're on the internet.
Anti-virus software is available from many suppliers such as McAfee www.mcafee.com.uk and Symantec www.symantec.com.uk. Some companies provide free versions of their software. Do try and remember to keep them updated with the latest versions
Never write your personal details down or share them with anyone.
Regularly check your transactions by looking at your account status and statement pages. If you find anything suspicious then report it by sending us a secure message from the online banking 'Help & contact us' tab.
Whenever you're using a PC in a public place such as a cyber café, be extra careful. Make sure there's nobody behind you when you're entering your passwords.
Never leave your PC logged on to your cahoot account. When you've finished your online session always remember to log out and shut down your browser. This is especially important if you've been using a public PC.
For further information on web security please visit Financial Fraud Action UK.
This site aims to provide advice and tips on how to use online banking services, on your computer or other device, securely and with confidence.