Protecting your account

We take the security of your online accounts very seriously. Below we have indicated the security measures that we have taken and have suggested further measures that should help you to improve the security of your accounts with us.

Encryption

Most browsers, particularly the latest ones, support high grade 256-bit Secure Sockets Layer (“SSL”) encryption. All Cambridge Building Society web pages that relate to your account use this high grade 256-bit SSL encryption. This means that whenever we ask you to enter any personal information, including passwords, you are doing so using the strongest type of on-line encryption currently available to the public. In Internet Explorer you can tell that your web browser is using SSL if a small padlock icon appears on your browser status bar at the bottom of the screen. In Safari the padlock appears in the top-right, and in Firefox a blue bar should appear to the left of the web address. You can click on the padlock or blue bar to bring information up about the SSL certificate.

Monitoring our security arrangements

Our website is constantly monitored for security problems. We also regularly review our security arrangements in line with latest developments in the technology available.

Confirming online requests

When you request a transaction or other online changes, we may contact you by telephone to check the details. It is important that you keep us informed if you change your telephone number, and wherever possible provide us with more than one telephone number on which we can contact you.

Email

As online requests are generally confirmed by email, make sure that we have your correct email address and check your email inbox regularly for new messages.

However, you should note that ordinary email is not secure. Much like a postcard it could be read by anyone and can even be altered. Please do not send us any personal or confidential information via email. Similarly, we will not use email to send confidential information about your accounts to you unless you specifically request, and agree to, this.

Make sure that we have your correct email address and check your inbox regularly for new messages. Try to use an email account that you do not share with other family members as this should help to keep your communications with us confidential.

General security advice

Whether you are using a public or a private computer to access your accounts, you should ensure that no one can overlook you and see you entering your security details.

Avoid using a public computer to access your online accounts because you cannot be certain that the public computer is secure. If you do use a public computer you should log off the service as soon as you have completed your transactions, or want to take a break, and ideally close down your Internet browser session. Log in regularly to check your account and tell us straight away if you suspect something is wrong. When you log in you will be given details about your last successful session.

Passwords

When you set up your online account you will need to choose your own password which you will then use to access the secure parts of the site; it is like a PIN at an ATM and you should treat it as such for your online accounts.

Make sure that you choose the right password and look after it. Choose a strong password that is easy to remember, but is difficult to guess. We have certain system based rules in place that will make sure that your password is reasonably strong.

Good examples of passwords would include:

  • N1two0d (“Now is the winter of our discontent…”)
  • Break123FAst

Bad examples of passwords would include:

  • 123456
  • Password
  • Iloveyou
  • qwerty

Finally, do not tell anybody your login information, especially your password. If you suspect that somebody else knows your password, change it immediately.

Firewalls

Firewalls are hardware devices, or software programs, that are designed to block unauthorized access to your computer, from the Internet, while allowing you access to the Internet.
You should ideally only access the Internet through a firewall.

Anti-virus

You should ideally have anti virus software installed on your computer to minimise the risk of your personal details or information being compromised by a virus.

You should set up your anti virus software to regularly update itself.

Spyware

Spyware is a term used to describe a type of program that tries to collect information about you and your browsing habits, often without your knowledge or consent. People are normally tricked into installing spyware programs.

Most anti virus software also has an anti spyware option, but there are also a number of anti-spyware programs available.

Phishing

Phishing is a common type of fraud where fraudsters try to trick people into revealing their online passwords and account details, to collect them to be used to try to commit fraud. Because the fraudsters are using real customer information, it is very hard to track the fraudulent activity back to them.

How the attack works

A fraudster sends an email that has been designed to look like a legitimate one from a financial organisation. The email will encourage you to visit an Internet site to revalidate or reactivate access to an online account, typically providing a link within the email.

The website will be a fake one set up by the fraudster but designed to look like a real financial organisation's website. The website will ask you to re enter or re verify personal or confidential information, such as passwords and account details.

What to do

If you receive an email that you suspect is phishing, DO NOT REPLY and DO NOT FOLLOW any of the instructions or link in it, even if the tone of the email suggests that action is required urgently.

We will NEVER send you an email asking for the whole of your password (except when you want to change it), only three characters from it. We will NEVER send you an email with a link that directs you straight to any kind of login page. Always check the URL (address) of the web page you are viewing.

All Cambridge Building Society web pages start with one of the following:

  • http://www.cambridgebs.co.uk
  • http://www.thecambridgebs.co.uk
  • https://online.cambridgebs.co.uk 
  • http://www.cambridgebs.co.uk/intermediaries

Often fake web pages will not be able to use the same levels of security that we would use, so always check for the SSL padlock before you log on to the web page.

If you receive a suspicious email, please forward it to us at phishing@cambridgebs.co.uk

We will not be able to respond to each message individually, but each message we receive will be looked into and we will take steps to close down any fake websites we identify.

© 2012 The Cambridge Building Society. The Cambridge Building Society is a member of the Building Societies Association and is authorised and regulated by the Financial Services Authority. It is entered on the FSA Register; registration number 157223. This site is intended for UK residents only. Communications with us may be monitored/recorded to improve the quality of our service and for your protection and security. Calls to The Cambridge Building Society’s 0845 number will be charged at local rate. Prices can be checked with your phone provider. Mobile calls usually cost more.