Online banking is convenient — but only safe if you follow a few important rules. Here is what every person should know.
Use Your Bank’s Official App or Website
The safest way to bank online is to:
- Use your bank’s official app downloaded from the App Store (iPhone) or Google Play Store (Android)
- Or type your bank’s address directly into your browser — do not click links in emails to reach your bank
Never access your bank by clicking a link in an email or text message, even if it looks official. This is one of the most common ways people get their details stolen (called “phishing”).
Signs You Are on a Real Banking Website
Before you log in, check:
- The address starts with https:// (with a padlock icon)
- The address is exactly right —
natwest.com, notnatwest-secure.netornatwest.security-login.com - There are no spelling mistakes on the page
If anything looks odd, close the tab and type the address manually.
Use a Strong, Unique Password
Your online banking password should be:
- At least 12 characters long
- Not used on any other website
- Not related to personal information (birthday, pet’s name, etc.)
See our guide on creating strong passwords for simple tips.
Never Share Your Password, PIN, or Passcode
Your bank will never ask you for:
- Your full password
- Your PIN (the 4-digit number for your card)
- Your one-time passcode (the code they send by text)
If anyone calls or emails asking for these, it is a scam. Hang up or ignore it.
Enable Banking Alerts
Most banks let you set up alerts so you receive a text message or notification every time:
- Money leaves your account
- Someone logs in from a new device
- A large transaction is made
Set these up through your online banking settings or by calling your bank. These alerts help you spot fraud immediately.
Check Your Statements Regularly
Log in to your online banking at least once a week and look for:
- Transactions you do not recognise
- Small test charges (fraudsters sometimes charge a tiny amount first to check if the card works)
- Unfamiliar direct debits
If you see anything suspicious, contact your bank immediately.
What to Do If You Spot Fraud
- Call your bank right away — the number is on the back of your card
- Ask them to freeze your account while they investigate
- Change your online banking password
- Report it to Action Fraud: 0300 123 2040
Use Your Bank on Safe Devices and Networks
- Do not log in to your bank on a public computer (library, hotel lobby, etc.)
- Avoid banking on public Wi-Fi (coffee shops, airports)
- If you must bank away from home, use your mobile data (4G/5G) instead of the café Wi-Fi
Set Up Two-Factor Authentication
Most UK banks now require two-factor authentication for online banking — meaning you need a code sent to your phone as well as your password. If your bank offers this and you have not set it up yet, do it now.
Read our full guide: What is Two-Factor Authentication
Your bank will always work with you if something goes wrong — but the sooner you report a problem, the better. Check your account regularly and report anything unusual without delay.