Is online banking safe?

Online banking with an FCA-authorised provider includes regulatory and security safeguards, although no system is completely risk-free. While scams are a concern for users, banks typically have measures in place, such as encryption and fraud monitoring, to protect your money and data. However, the safety of online banking often relies on the user taking precautions themselves as well. This guide explores how safe online banking really is, and what you can do to keep your money secure.

The information provided here is for informational and educational purposes only and does not constitute financial advice. Please consult with a licensed financial adviser or professional before making any financial decisions. Your financial situation is unique, and the information provided may not be suitable for your specific circumstances. We are not liable for any financial decisions or actions you take based on this information.

Also known as internet banking, or mobile banking when using a mobile device, online banking allows customers to access and manage their accounts through a website or app, without needing to visit a branch. 

With online banking, you can:

• Check your balance

• Pay bills and make transfers to other accounts

• Check your mortgage, loan, or savings balances

• View, download, and print your bank statements

• Set up or cancel direct debits and standing orders

Online banking is now a central part of everyday life for many Brits. According to finder.com:*

• An estimated 88% of UK adults used online banking in 2025

• 40% of Brits had a digital-only bank account in 2025, compared to only 9% in 2019

• Around 1 in 6 Brits (16%) intend to get a digital-only bank account in the future

• 6.3% of people have chosen to open or intend to open a digital-only bank account due to a lack of branches in their area

• 12% of traditional bank account holders do not trust digital-only banks, citing fear of scams

*https://www.finder.com/uk/banking/digital-banking-statistics

Online banking with a trusted UK provider is usually safe. This is because regulated banks are overseen by the Financial Conduct Authority, which requires them to follow strict security rules. Consumers also have protections under the Financial Services Compensation Scheme, with eligible deposits protected up to £120,000 per person, per authorised bank.

Banks themselves have various measures in place to protect their customers. These include encryption of data so it can only be read by you (and the bank), and multi-factor authentication, which requires extra verification when logging in. No financial system is ever completely without risk, however, and a large part of staying safe when banking online relies on customers taking precautions of their own.

Learn more about whether your money is safe in the bank.

It’s generally safe to use your bank’s app on a smartphone or tablet, as long as it’s downloaded from a trusted source such as the Google Play Store or App Store. Apps are vetted by Google or Apple for a more reliable customer experience, although users should still verify the developer and permissions requested. Even so, around 200,000 UK-based Android users alone were at risk of fraud in the first half of 2025 owing to malicious apps targeting banking.** Before banking with a mobile, users should check that their phone security system is up to date, and only download the app from an official store.

If you use a smartphone, you’ll also have access to the extra security features they offer, such as locating, locking or wiping the phone entirely, and even taking pictures. Lost your phone? You can find it by using the ‘find my device’ or ‘find my iPhone’ features from Google and Apple.

Many high street and online banks offer app security features, including:

• Instant card freezing: this lets you block your card instantly if it’s lost, stolen or you suspect fraud, without needing to contact your bank.

• Freeze specific purchases: some banks let you block certain types of payments, including payments made outside of the UK, cash machine withdrawals, online purchases, or specific categories like gambling websites.

• Real-time spending notifications: some UK banking apps send notifications to your mobile every time you make a transaction, making it easier and quicker to spot fraudulent transactions and suspicious activity. You may need to opt in or enable push notifications in your app settings.

**https://www.cifas.org.uk/newsroom/surge%20in%20android%20malware%20targeting%20banking

All banks have integrated, invisible systems in place to enhance the safety of online banking. Some of the more obvious ones include:

Strong Customer Authentication (SCA) – Also called ‘two-factor authentication’ (2FA), SCA requires at least two independent checks when you log in or make a payment. This is typically  a password plus a one-time code sent to your phone, or an approval within your banking app. So even if someone has your password, they wouldn’t be able to access your account unless they have your phone as well.

Confirmation of Payee – the bank will check their own records against the customer account you’re transferring money to, avoiding payments to the wrong account holder. When you’re setting up a new payee in your account, you might need to provide the name of their bank and the exact name on their account.

Secure login – Many banks with optimum security require either a small card reader or the mobile banking app to be used every time you want to securely log in, strengthening their security alongside other measures, such as One Time Passcodes (OTP).

Encryption – Encryption secures communication between you and your bank, so only the two of you can see the information you enter. All your credentials are encrypted to reduce the risk of interception by any potential hackers. 

Fraud monitoring – Banks run automated systems that scan transactions for patterns that seem out of the ordinary, such as a large transfer of money or a change to your account. If something looks suspicious, you might receive an alert and the bank won’t allow the transaction to go through while it investigates.

Navigation and logging out – Banks with online banking safety procedures will automatically log you out after several minutes of inactivity.

Use this checklist to help assess a bank or payments service before you use it:

• Do you have 2FA or SCA options during login and payments?
• Is Confirmation of Payee used when adding new payment recipients?
• Does the site or app show a secure connection, such as a padlock, and is there an official app in the Apple or Google stores?
• Does the provider send real-time alerts for large transactions?
• Does the provider publish fraud reporting guidance and clear contact numbers in the event of suspected fraud?

Scammers use emails, messages, phone calls, and fake websites to trick you into giving out personal information or money. A growing threat to look out for when making a payment through online banking is authorised push payment (APP) fraud, where victims are misled into sending money to a fake account. Here’s how to spot and respond to common threats.

These types of scams have a few things in common:

• Correspondence that looks or feels unprofessional, or that uses poor spelling

• Greetings such as ‘dear customer’ instead of your name

• A sense of urgency, such as telling you your account will be closed, or that you’ll face a fine if you don’t take an action

• Contact numbers that look unofficial, or listing a mobile number

• Email addresses that don’t match your bank’s website. For example, you may get a fraudulent email from HSBCbank.co.uk, but their website is actually just hsbc.co.uk

• Unexpected attachments or prompts to download software

• Requests for passwords, PINs, or one-time codes

If any of these things appear in digital correspondence you have received, either delete it or get in touch with your bank directly to query it (don’t use the links or numbers in the email or text you received). Forward phishing emails to your bank’s fraud team if they provide a reporting address.

While more regulations are being introduced to protect your finances and encourage banks to be more stringent, there are certain steps you can take for stronger security.

While you might find it easier to remember your password if it’s the same for everything, but this gives fraudsters and hackers a gateway to all of your information once they’ve accessed just one of your accounts.

To prevent people from writing their passwords down, experts suggest using a short, memorable sentence that combines letters and numbers, such as ‘Iwas6whenigotmyfirstrabbit’.

There are some telltale signs to look out for when it comes to suspicious phone calls:

A cold call: Scammers may contact you out of the blue. If you find yourself having a conversation that makes you feel uneasy, hang up and wait a few minutes before calling your bank directly. 

A sense of urgency: Fraudsters often try to create panic to trigger action from you. If someone calls and tells you that your money is at risk, it could be a scam. 

A request: Your bank would never ask you for your full online banking password or six-digit memorable code. In fact, most banks explicitly say that they will never ask for this. Scammers may also ask you for your card details or ask you to open certain websites on your computer so they can walk you through a process that may result in you downloading malware. 

You’re asked to keep quiet: Phone scammers become uneasy if you say you need to talk to a friend or family member before making any decisions, and they will often attempt to prevent you from doing so. If you’re in doubt about any phone call, seek trusted, independent advice.

If you spot suspicious activity on your account or if a scammer tricks you into giving away confidential credentials, you may have fallen victim to fraud.

The best things to do if you’re a victim of online fraud are:

1. Contact your bank as soon as possible

2. Contact Action Fraud on 0300 123 2040 (England and Wales), Police Scotland, or PSNI in Northern Ireland.

As set out by the Financial Conduct Authority (FCA), you can claim a refund if you didn’t authorise a payment. In most cases, your bank must refund the payment by the end of the next business day, subject to investigation and regulatory conditions.

As part of this process, your bank may ask you to complete a form stating what happened and answer some questions.

When your bank refunds an unauthorised payment, it must also refund any charges and interest you’ve paid because of the transaction.

Many people also use online platforms for their savings, and these follow similar security standards. When using any online service, look for the padlock in the address bar at the top of your screen, as this means that any information you supply is encrypted to prevent access by unauthorised parties.

At Raisin UK, we follow stringent security protocols. The Raisin UK website uses industry-standard SSL Secure Sites Certificates designed to protect your data across our site. 

We apply industry-standard security protocols designed to protect your data, meaning we have:

• A firewall designed to reduce the risk of  unauthorised external access to our information

• Multi-level encryption and identification systems

• Password protection with automatic log-out after 15 minutes of inactivity

• Transactions that are restricted to one nominated account provided by you

• A secure personal mailbox with message encrypting

When you set up an account with us, we may ask you for supporting documentation to verify your identity (similar to the experience you would have in-branch), such as a scan of your passport or other documentation. When you withdraw cash from your Raisin UK Account or apply for a savings account, we will always ask you to enter a single-use six-digit verification code that we send to your mobile phone.

Interested in opening a savings account with competitive interest rates at Raisin UK? Find out how it works right here.