safe and sound with cahoot online

We're completely committed to protecting you when you use this website. As you may know, internet security technology is very good these days. We confirm the identity of customers through the use of multiple security credentials that have been designed in accordance with financial industry standards and best practice.

Furthermore, any information sent between you and cahoot when using the cahoot online service uses strong industry-standard security technology. 

online banking commitment

Be assured that your money is safe when you bank online. There's protection provided by the Payment Services Regulations 2009. In the unlikely event funds are taken from your account as a result of fraud, we'll refund you and restore your account to the state it would have been in had the unauthorised payment transaction not taken place.

There are some circumstances in which this protection is not available. For example if you've acted fraudulently or have deliberately or with gross negligence failed to take reasonable steps to keep your security information safe. 

protecting you with technology

The information on our website is split into two types of area: 'freely accessible' areas and 'secure' areas. We don't mind who visits the freely accessible areas and we don't check on who does. None of your personal information is kept there, just general information about our products and services that anyone can have access to.

your security details

The secure zone is where we keep personal information, which is why you have to enter a personal password and security number before we can give you access. For example, you'll use the secure areas of our site when you access your cahoot accounts online or apply online for an account.

You can identify secure areas by looking at the address in the top of your browser. A secure area's web address will begin https:// rather than the usual http:// and you can also tell this by the padlock symbol in the bottom right hand corner of your web browser.

On top of this, any information you submit online is protected by data encryption. Your browser scrambles the information, which is later unscrambled when it gets to us. It cannot be read along the way.

You may come across the term 128-bit SSL (Secure Socket Layer) technology. This is the way the data is scrambled and unscrambled again at each end. The latest browsers have this built in - and it is automatically enabled unless you turn it off.

To prevent problems viewing secure sites like ours, it's always a good idea to have the latest version of your browser installed.

changing your security details

You can change your password and security number at any time by using the 'Change security settings' section of online banking. When changing your security details, use words and numbers you can easily remember, such as a place or name that you know, but make sure it's only memorable to you. You could also include numbers to make it harder for someone to guess.

To be more precise, you must choose:

make your security details harder to guess

if someone finds out your codes

If you think someone may know your security codes you should change them immediately and notify us at once by calling us on 0844 9000 900*. We're open 8am to 8pm Monday to Friday, and 9am to 5pm on Saturday. *Call charges apply

Our website secure area

We only request and display personal information about you and your accounts and dealings from secure areas of our site.

Exactly the same security measures, including data encryption and passwords, apply to all our online application and transactional processes. In addition, these services are protected by firewalls. This technology monitors and prevents any unauthorised access to our computer systems (where personal data is kept) - which means unauthorised people cannot access account and personal details.

image and phrase security

When you bank online, it's important that we recognize each other. That's where our secret image and phrase combination comes in. This extra security level assures you that you're logging on to the genuine cahoot website. It also lets us identify the desktop computer(s) you normally use and your log on details.

So, even if a would-be fraudster gets hold of your user name, we can stop them logging on to your account. Don't worry though - this doesn't mean you can't log on from a desktop computer you don't normally use. We simply ask your memorable information questions.

Remember - don't ever enter your online password and security number if the image and phrase isn't displayed.

One Time Passcode (OTP)

This system sends a unique, one-off passcode to your mobile phone. It's only needed when we want you to verify that a payment to a new payee or a request to amend some important details (like your address) is genuine.

The great thing about OTP is that you only need to register a mobile phone number with us to use it - and you won't have to remember any new passwords or carry a separate kit, such as a card reader

Therefore, it's important that you keep us updated when you change your mobile number so you're able to receive your OTP messages.

Remember - always make sure the details quoted within the OTP message correspond with your original request. If you EVER receive an OTP message which you're not expecting, notify us immediately as it may be a sign of attempted fraud on your account.

logging on to cahoot

If you make three incorrect log on attempts we'll disable your access to cahoot. You'll then need to go through the 'forgotten your log on details' process to reset, which can be completed online.

time out

When you haven't used your cahoot banking session for 10 minutes we'll log you out of the cahoot site. This provides an extra safety-net in case you forget to log out.

what you should do to help keep safe

You've seen some of the steps we take to help prevent fraud but there are ways for you to boost this protection.

'phishing'/ fraudulent emails

Recently there have been quite a few fraudulent emails assuming the identity of UK banks, encouraging people to share user names and passwords. These authentic-looking messages sometimes include the organisations' logos and are designed to fool people into divulging their personal information.

We'd like to confirm that cahoot does not send any emails to customers requesting their security details or any other confidential information. If you receive an email reporting to be from cahoot asking you to input your details then please let us know. At any time, if you feel at all suspicious about it, then delete it without opening.

If you're concerned that you may have disclosed any confidential information, please click on 'contact us' once you've logged on to send us a secure message.

'pharming'

'Phishing' uses links that appear to be legitimate but actually take you somewhere else. 'Pharming' hijacks the domain name so that even if you're a 'phishing' aware user who specifically types in the web site you want (e.g. http://www.bbc.co.uk) you'll still end up at a different web site anyway.

To help defeat 'pharming', you need to check the SSL (secure sockets layer), which provides you with a secure and private connection. When you log on to cahoot, double-click the padlock symbol at the bottom of your browser to ensure the site certificate is valid and belongs to cahoot. As long as the padlock symbol is there and is issued to cahoot you're not at any risk.

trojans

A trojan is a malicious file, usually disguised as something useful, but when activated, can cause loss, damage or even theft of data.

The critical difference between a trojan and a virus is that a trojan cannot replicate itself. The only way that it can spread is if you help it, typically by opening an email attachment, or downloading from the internet.

Once you open this file, the trojan goes to work destroying your computer's functionality - possibly recording your log on details. A good line of defence is not to accept files from someone you don't know, and if you've any doubts, don't open the file.

browsers/ operating system

Always try and keep your operating system (e.g. Windows XP) and web browser (e.g. Internet Explorer) up-to-date. They're not infallible products, which is why the makers often provide patches to correct problems. To stay informed, have a look at the Microsoft website or visit the website of the relevant operating system or browser that you're using.

wireless networks/ broadband routers (Wi Fi)

When using wireless networks always make sure all security features are turned on so nobody else can access your information. We strongly advise you to review your configuration and ensure that strong encryption and authentication features are turned on. Features such as '128bit WEP' and the more recent, and more secure, 'WPA encryption technologies' are essential to protecting your data. For further information on Wi Fi security go to www.getsafeonline.org

firewall/ anti-virus software

If you can, use a personal firewall and anti-virus software to prevent unauthorised access and viruses being downloaded onto your PC when you're on the internet. Anti-virus software is available from many suppliers such as McAfee www.mcafee.com.uk & Symantec www.symantec.com.uk. Some companies provide free versions of their software. Do try and remember to keep them updated with the latest versions.

cookies

These are small files stored on your computer's hard drive. They don't cause any problems and are used to recognise users so you get a more consistent experience on our website. For more information on cookies and instructions on how to enable /disable cookies from your browser take a look at our cookie policy

personal details

Never write your personal details down or share them with anyone.

examine all transactions

Regularly check your transactions by looking at your account status and statement pages. If you find anything suspicious then report it by sending us a secure message from the online banking 'Help & contact us' tab.

public places

Whenever you're using a PC in a public place such as a cyber café, be extra careful. Make sure there's nobody behind you when you're entering your passwords.

log out

Never leave your PC logged on to your cahoot account. When you've finished your online session always remember to log out and shut down your browser. This is especially important if you've been using a public PC.

For further information on web security please visit banksafeonline

This site aims to provide advice and tips on how to use online banking services, on your computer or other device, securely and with confidence.

cahoot is a division of Santander UK plc. Registered Office: 2 Triton Square, Regent’s Place, London NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England and Wales. www.santander.co.uk. Telephone 0800 389 7000. Calls may be recorded or monitored. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA's website www.fca.org.uk/register or by contacting the FCA on 0800 111 6768. cahoot, Santander and the flame logo are registered trademarks.