We take online security very seriously. Below we have indicated the security measures that we have taken and have suggested some steps that you can take to further protect yourself against financial crime.
Keeping your personal information secure
Here are some tips on setting up and managing your account securely:
- To help keep your account details confidential choose an email address, mobile number and login information that isn't shared with other family members
- Ensure you are not overlooked when you are entering your personal information
- Wherever possible, avoid using a public computer when logging into your account. You can't be certain that the public computer is secure
- If you notice any unusual account activity contact us immediately on 0345 601 3344
Most browsers, particularly the latest ones, support high grade 256-bit Secure Sockets Layer (“SSL”) encryption. All Cambridge Building Society web pages that relate to your account use this high grade 256-bit SSL encryption. This means that whenever we ask you to enter any personal information, including passwords, you are doing so using the strongest type of online encryption currently available to the public. In Internet Explorer you can tell that your web browser is using SSL if a small padlock icon appears on your browser status bar at the bottom of the screen. In Safari the padlock appears in the top-right, and in Firefox a blue bar should appear to the left of the web address. You can click on the padlock or blue bar to bring information up about the SSL certificate.
Monitoring our security arrangement
Our website is constantly monitored for security problems. We also regularly review our security arrangements in line with the latest developments in the technology available.
Confirming online requests
When you request a transaction or other online changes, we may contact you by telephone to check the details. It is important that you keep us informed if you change your telephone number, and wherever possible provide us with more than one telephone number on which we can contact you.
As online requests are generally confirmed by email, make sure that we have your correct email address and check your email inbox regularly for new messages.
You should note that ordinary email is not secure. Much like a postcard it could be read by anyone and can even be altered. Please do not send us any personal or confidential information via email. Similarly, we will not use email to send confidential information about your accounts to you unless you specifically request, and agree to, this.
Password and memorable question/answer
When you set up your online savings account you will need to choose your own password and memorable question/answer which you will then use to access the secure parts of the site; these details are like a PIN at an ATM and you should treat these as such for your online accounts.
Make sure that you choose the right password and look after it. Choose a strong password that is easy to remember, but is difficult to guess. We have certain system based rules in place that will make sure that your password is reasonably strong.
Good examples of passwords would include:
- N1two0d (“Now is the winter of our discontent…”)
Bad examples of passwords would include:
When choosing a memorable question it is advised to make it personal to you and that the answer is only known to you.
‘Your favourite or first…’ is typically how a good memorable question may start. Avoid using questions which can easily be found out or are guessable such as your mother’s maiden name or favourite colour.
Finally, do not tell anybody your login information, especially your password. If you suspect that somebody else knows your password, change it immediately.
Firewalls are hardware devices, or software programs, that are designed to block unauthorised access to your computer, from the Internet, while allowing you access to the Internet.
You should ideally only access the Internet through a firewall.
You should ideally have anti-virus software installed on your computer to minimise the risk of your personal details or information being compromised by a virus.
You should set up your anti-virus software to regularly update itself.
Spyware is a term used to describe a type of program that tries to collect information about you and your browsing habits, often without your knowledge or consent. People are normally tricked into installing spyware programs.
Most anti-virus software also has an anti-spyware option, but there are also a number of anti-spyware programs available.
Phishing is a common type of fraud where fraudsters try to trick people into revealing their online passwords and account details, to collect them to be used to try to commit fraud. Because the fraudsters are using real customer information, it is very hard to track the fraudulent activity back to them.
How the attack works
A fraudster sends an email that has been designed to look like a legitimate one from a financial organisation. The email will encourage you to visit an Internet site to revalidate or reactivate access to an online account, typically providing a link within the email.
The website will be a fake one set up by the fraudster but designed to look like a real financial organisation's website. The website will ask you to re-enter or re-verify personal or confidential information, such as passwords and account details.
What to do
If you receive an email that you suspect is phishing, DO NOT REPLY and DO NOT FOLLOW any of the instructions or any links in it, even if the tone of the email suggests that action is required urgently.
We will NEVER send you an email that you are not expecting from us with a link that directs you straight to any kind of login page. Always check the URL (address) of the web page you are viewing.
All Cambridge Building Society web pages start with one of the following:
Often fake web pages will not be able to use the same levels of security that we would use, so always check for the SSL padlock before you log on to the web page.
If you receive a suspicious email, please forward it to us at firstname.lastname@example.org
We will not be able to respond to each message individually, but each message we receive will be looked into and we will take steps to close down any fake websites we identify.