online security

what we're doing to keep your money safe

At cahoot, security is of utmost importance. So that you can bank in confidence, we employ the latest technology to keep your personal details safe. So rest assured that as long as you follow the precautions, you'll never have to pay for any banking activity that you haven't authorised. We undergo periodic reviews of our security policies and procedures to ensure that cahoot systems are secure and protected.

personal details

When logging into cahoot, you will need to enter your security details and then use drop down lists for your password. The password characters, once selected, will not be visible. All this is to help against fraud but remember, never write down or reveal your security details to anyone.

logging in to cahoot

If you make 3 incorrect log-in attempts we will disable your access to cahoot. You will then need to go through the 'forgotten your password / memorable information' process to reset, which can be completed online.

encryption

Once you have logged into the cahoot banking site your session will be hosted on a secure 128-bit encrypted server. Encryption converts your information into an encoded format before it is sent over the Internet. You know you are in a secure session when you see two things. Firstly, the padlock icon should appear in the bottom right hand corner of your browser. Secondly, the web address (URL) will change to one beginning “https://…” in your browser address bar. You should ensure that these have both happened before continuing any further.

time out

When you haven't used your cahoot banking session for over 10 minutes we will log you out of the cahoot site. This provides an extra safety-net in case you forget to log out.

what you should do to help keep safe

You have seen some of the steps we take to help prevent fraud but there are ways for you to boost this protection.

'phishing' / fraudulent emails

Recently there have been quite a few fraudulent emails assuming the identity of UK banks, encouraging people to share user names and passwords. These authentic-looking messages sometimes include the organisations' logos and are designed to fool people into divulging their personal information.

We would like to confirm that cahoot does not send any emails to customers requesting their security details or any other confidential information. If you receive an email reporting to be from cahoot asking you to input your details then please let us know. At anytime, if you feel at all suspicious about it, then delete it without opening.

If you are concerned that you may have disclosed any confidential information, please click on 'contact us' once you have logged in.

'pharming'

'Phishing' uses links that appear to be legitimate but actually take you somewhere else. 'Pharming' hijacks the domain name so that even if you are a 'phishing'-aware user who specifically types in the web site you want (e.g. http://www.bbc.co.uk); you will still end up at a different web site anyway.

To help defeat 'pharming', you need to check the SSL (secure sockets layer), which provides you with a secure and private connection. When you log-in to cahoot, double-click the padlock symbol at the bottom of your browser to ensure the site certificate is valid and belongs to cahoot. As long as the padlock symbol is there and is issued to cahoot you are not at any risk.

trojans

A trojan is a malicious file, usually disguised as something useful, but when activated, can cause loss, damage or even theft of data.

The critical difference between a trojan and a virus is that a trojan cannot replicate itself. The only way that it can spread is if you help it, typically by opening an email attachment, or downloading from the Internet.

Once you open this file, the trojan goes to work destroying your computer's functionality - possibly recording your logging-in details. A good line of defence is not to accept files from someone you don't know, and if you have any doubts, then do not open the file.

browsers / operating system

Always try and keep your operating system (e.g. Windows XP) and web browser (e.g. Internet Explorer) up-to-date. They are not infallible products, which is why the makers often provide patches to correct problems. To stay informed, have a look at the following websites: www.microsoft.com (opens new window) and www.netscape.com (opens new window) (or visit the website of the relevant operating system or browser that you are using).

wireless networks / broadband routers (Wi Fi)

When using wireless networks always ensure all security features are turned on so nobody else can access your information. We strongly advise you to review your configuration and ensure that strong encryption and authentication features are turned on. Features such as "128bit WEP" and the more recent, and more secure, "WPA encryption technologies" are essential to protecting your data. For further information on Wi Fi security go to www.getsafeonline.org (opens new window).

firewall / anti-virus software

If you can, use a personal firewall and anti-virus software to prevent unauthorised access and viruses being downloaded onto your PC when you're on the Internet. Anti-virus software is available from many suppliers such as McAfee (www.mcafee.co.uk (opens new window)) & Symantec (www.symantec.co.uk (opens new window)) and some companies provide free versions of their software. Do try and remember to keep them updated with the latest versions.

cookies

These are small files stored on your computer's hard drive. They don't cause any problems and are used to recognise users so you get a more consistent experience on our website. For more information on cookies and instructions on how to enable / disable cookies from your browser click here.

personal details

This is a very important area and one you can ensure is kept hidden. You should never write your personal details down or share them with anyone.

examine all transactions

Regularly check your transactions by looking at your account status and statement pages. If you find anything suspicious then report it, by clicking on 'contact us' from your personal homepage.

public places

Whenever you are using a PC in a public place such as a cyber café, be extra careful. Ensure there is nobody behind you when you are entering your passwords.

log out

Never leave your PC logged on to your cahoot account. Once you have finished, always remember to log out and shut down your browser. This is especially important if you have been using a public PC.

For further information on web security please visit www.banksafeonline.org.uk (opens new window). This is the UK banking industry's initiative to help online banking customers stay safe online. This site is run by APACS on behalf of its member banks and explains the latest security threats and how to avoid them.S

cahoot is a division of Santander UK plc. Registered Office: 2 Triton Square, Regentís Place, London NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England. www.santander.co.uk. Telephone 0870 607 6000. Calls may be recorded or monitored. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. cahoot, Santander and the flame logo are registered trademarks. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA's website www.fca.org.uk/register or by contacting the FCA on 0800 111 6768.