Eich Diogelwch Ar-Lein

Online security is our number one priority

You probably already know a lot about staying safe online but it does no harm to remind us of the steps we should be taking to protect ourselves. Online security is our number one priority, so here’s how we keep you safe and what you can do to keep yourself secure and aware of dangers online.

Steps we take to protect you

When you use our site, we ensure that any information you send us is transmitted using a secure connection – called HTTPS. Any sensitive information you send or receive via Your Account will be kept secure through encryption. This means that no unauthorised individual can access your data.
If you are unsure if HTTPS is active, look out for “https” at the start of the web address and the Padlock located in your web address bar.

Secure website padlock example

Note: The Padlock may be displayed differently across each browser. 

If you do not see “https” or a Padlock, then it is advised not to continue; especially when entering sensitive information such as usernames and passwords.

The majority of email providers have adopted appropriate security controls to protect your information but we cannot guarantee the security of your specific provider. If you do choose to receive information by email you do so at your own risk. Read Phishing below for more details. 

Any information we collect and pass on, if you have opted in to do so, is secured at the same regulatory level. Some of our services are provided by suppliers who are either outside the European Economic Area (EEA) or may transfer your personal information outside the EEA (for example, fraud-prevention agencies, email services, cloud-hosting services, back-up servers or disaster-recovery services). Our contracts with these suppliers’ state that they must meet the same standards of protection as required in the EEA.


Fraudsters can make a fraud or scam look very professional, often impersonating an organisation you trust, like a bank, credit card provider or online site. A few key phrases you may have heard in relation to fraud and scams are phishing (email), vishing (phone call) and smishing (text message). 

MessagesWhat is phishing?

Phishing emails will attempt to trick you into visiting a fake website so that they can steal your login and / or personal details.

How to identify a phishing email:

 Tick Check the actual sender in the ‘from’ field – the sender email address and name may not match
 Tick Check the ‘to’ field if it’s impersonal, addressing you as customer or user, then this is a warning sign as legitimate companies address by names
Thinking Does the email include a threat if action isn’t taken straight away? Phishing emails contain threats, such as account closure if you don’t complete an action
Thinking Does the email have an attachment you are not expecting? If it is a link hover your mouse over it before sending, as that way you can see if it takes you to a legitimate link 
 Tick Check for spelling and grammar mistakes, phishing emails often have mistakes
 Cross Phishing emails will often ask you to send personal details such as your login ID, password or security question

If you're in any doubt about the emails legitimacy, don’t click on links, attachments or provide any personal or security information. 

Tell us if you get a phishing email by forwarding to phishing@principality.co.uk


What is vishing?

Vishing is where fraudsters will try and trick you into giving them personal information over the phone by pretending to be a person or organisation you trust like a building society, HMRC or the police. Fraudsters will try to gain your trust to trick you into handing over personal or security details.

How to identify a vishing call:

Cross If you have any suspicions about a call, even if you recognise the phone number, remember that fraudsters can make a number appear on your phone screen to make it look genuine, so don’t answer
Cross If the caller is claiming to be from the Police, HMRC, DWP or any other government agency asking for information, please be wary. You should never be asked to provide bank details or make any payments to them during an initial call
 Cross If someone asks for your online username or password end the call straight away

phone with textWhat is smishing?

Smishing will often involve a text message highlighting fraudulent activity on one of your accounts, directing you to call a number or visit a website. Fraudsters use your trust to trick you into giving them personal information. They’ll usually tell you there’s been fraudulent activity on your account and will ask you to call a number or visit a fake website to update your personal details.  

Thinking Be careful with messages from unknown numbers. Even those that appear legitimate may not be
 Cross Ignore requests for personal information
 Cross Don’t reply to suspicious messages
Thinking Beware of ‘urgent’ requests
 Cross Avoid hyperlinks

We will never ask you to:

  • Disclose your online banking details
  • Move money or transfer funds to a new sort code and account number
  • Send us personally sensitive information or security information such as passwords via email, calls or texts

If you have received an email, call or text claiming to be from Principality Building Society which you are suspicious of, please call us immediately on 0330 333 4000. We will investigate every email and call and ensure that bogus websites are closed down as quickly as possible. Personal information supplied will be held in accordance with our Privacy Policy.


Passwords are a crucial part of computer security. Weak passwords can now be instantly compromised by malicious individuals or automated software. 

What can you to do create a strong password?


  • Use 10 or more alphanumeric characters, your password ideally should be as long as possible, whilst remaining memorable
  • Use at least one one capital letter and lower case letters
  • Use at least one number
  • Use at least one special character (@, #, $, %, * and +)
  • Use a phrase that contains unrelated words - For example, you could combine 3 words together, pizza, snow and car to create pizz@sn0wCar


  • Don’t use personal information (Birthdays, addresses, phone numbers and names of family or pets) 
  • Don’t recycle passwords (e.g. Password1 to Password2) 
  • Don’t share passwords with friends, family or colleagues 
  • Don’t write down passwords 
  • Don’t use the same password across multiple accounts 
  • Do not use work-related information such as building names, system commands, companies, hardware or software

If you believe your ‘Your Account’ password has been compromised, report it immediately.

Use a secure network

Using an unsecure connection can mean that people can eavesdrop on your internet activity, which could include personal sensitive data. Use websites with the padlock symbol in your web address bar, as mentioned above, so your information is secure from snooping. Likewise, you should:

  • Ensure that the equipment you are using to access our online services cannot be overlooked by another person
  • When you have completed your transaction or wish to take a break, log-off from the service and close down your Internet browser
  • Do not use a public computer to access your online accounts because you cannot be certain that the public computer is safe and secure. It could be infected with a virus that will try to collect your password or other personal information
  • Using an email account that is not shared with other family members will help keep your communications confidential

Connecting to a public Wi-Fi network can be very useful, however it does pose security risks:

  • If the connection is unsecure, anyone nearby area also connected to the public Wi-Fi network could potentially monitor and access the information sent between your device and the network
  • If you have Wi-Fi at home, you should change the default password assigned to your wireless router provided by your supplier. You can change the password by following the instructions provided by your supplier through the manual.


Keeping your software up-to-date

Software and app companies are continually developing their products to be more secure by releasing security updates. These updates are primarily to fix any vulnerabilities that cyber criminals could exploit to access your personal sensitive data. Malware, like viruses, trojans, adware or spyware among others, infects your computer with malicious software that could steal your personal information. Therefore, installing these security updates as soon as possible will reduce the risk of your data being stolen. You will receive prompts and notifications on your device to inform you of an update.

If you haven’t been prompted to update your web browser by the browser itself, you can check the What is My Browser? Website to see what version you’re using and, if necessary, download and install the latest one.

A few tips to help protect your device:

  • Keep all software and applications up to date
  • Avoid conducting personal tasks when connected to unsecured Wi-Fi points (such as online banking or email)
  • Be wary of what you’re downloading, not all applications are legitimate and safe
  • De-activate Bluetooth capability when not in use
Antivirus and Firewall protection 

Antivirus software detects, prevents and removes malware. Malware is malicious software that is designed to disrupt, damage, or gain authorized access to a computer system. However, antivirus is only effective if it is kept up to date. Most antivirus software includes an auto-update feature. It is recommended that this is enabled at all times.

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Your computer will have a built in firewall that must not be turned off or have its settings amended unless you know what you are doing.

Your Account

Having issues logging into Your Account?

If you have experienced issues logging into Your Account or accessing some of the pages once you have logged in, then your browser may be out of date. For your security and safety, we recommend that you use the latest version of your browser. Read Keeping your software up-to-date if you think you might not have the latest version of your browser. 

What do I do if I still can't access or have limited access on our website?

Sometimes disabling or customising functions on your browser can cause problems when trying to access our site.  You can check what’s been disabled or enabled by looking into your internet browser setting menu. 

Check your browser settings:

JavaScript enabled? Yes

Can access secure sites? Yes

Images enabled Yes


More advice

You may find the following websites useful:

  • If you have any questions or comments, or want more information, you can call us. See our Contact Us page for more details. Or you can contact our Data Protection Officer as follows. Email: DPO@principality.co.uk or Post: Principality Data Protection Officer, Principality Building Society, Principality House, The Friary, Cardiff, CF10 3FA.

Your Queries

If you have any concerns or queries about your privacy and security, please call us on 0330 333 4000. Lines open 8am-8pm weekdays and 9am-1pm Saturdays.
Alternatively, you can write to us: 

Customer Contact Centre, Principality Building Society, PO Box 89, Queen Street, Cardiff, CF10 1UA

Email: enquiries@principality.co.uk

Principality. Lle mae cartref yn bwysig.