Your Security Online
Online security is our number one priority
You probably already know a lot about staying safe online but it does no harm to remind us of the steps we should be taking to protect ourselves. So here’s how we keep you safe and what you can do to keep yourself secure online.
Steps we take to protect you
When you use our site, we ensure that any information you send us is transmitted using a secure connection – called HTTPS. Any activity on our website or sensitive information you send or receive via Your Account will be kept secure through encryption. This means that no unauthorised individual can access your data.
If you are unsure if HTTPS is active, look out for “https” at the start of the web address and the Padlock located in your web address bar.
Note: The Padlock may be displayed differently across each browser.
If you do not see “https” or a Padlock, then it is advised not to continue; especially when entering sensitive information such as usernames and passwords.
The majority of email providers have adopted appropriate security controls to protect your information but we cannot guarantee the security of your specific provider. If you do choose to receive information by email you do so at your own risk.
Any information we collect and pass on, if you have opted in to do so, is secured at the same regulatory level. Some of our services are provided by suppliers who are either outside the European Economic Area (EEA) or may transfer your personal information outside the EEA (for example, fraud-prevention agencies, email services, cloud-hosting services, back-up servers or disaster-recovery services). Our contracts with these suppliers’ state that they must meet the same standards of protection as required in the EEA.
- Strong Customer Authentication
- Use a secure network
We want you to stay safe when using our online service, Your Account.
So we’ve introduced extra security checks to help keep you safe when managing your finances online.
All UK banks and building societies carry out extra security checks. They are called Strong Customer Authentication, or SCA for short. SCA is designed to help us all fight fraud and improve the security of online payments.
The process, to make sure it’s really you, is known as two-factor authentication. Two of the three categories below must be used to do this.
Principality’s SCA solution uses the first two categories when you log in to Your Account and when you move money to your linked account.
- Something you know, for example
A strong password is an essential part of online safety and should have 10 or more characters, including capital letters, symbols and numbers. Customers already signed up to Your Account without strong passwords, will be asked to change their password to a new strong password next time they log in or apply for a savings account. They’ll only have to do this once.
Security questions: All Your Account registered customers will also be asked to select three security questions, just in case they forget their password. These questions will replace the memorable word. They’ll only have to do this once.
New customers will create their strong password and select their security questions as part of signing up to Your Account.
- Something you have e.g. mobile phone.
As part of the Your Account login, we’ll send a passcode to your mobile phone, so it’s important we’ve got the right number. This mobile phone must be yours and not shared with anyone else. In the future, you may not be able to log into Your Account or complete an online application if you use a shared mobile phone. If we don’t have your current mobile phone number, we can’t send you a passcode and you won’t be able to log in.
- Something you are e.g. fingerprint.
Passwords are a crucial part of computer security. Weak passwords can now be instantly compromised by malicious individuals or automated software.
What can you to do create a strong password?
- Use 10 or more alphanumeric characters, your password ideally should be as long as possible, whilst remaining memorable
- Use at least one capital letter and lower case letters
- Use at least one number
- Use at least one special character (@, #, $, %, * and +)
- Use a phrase that contains unrelated words - For example, you could combine 3 words together, pizza, snow and car to create pizz@sn0wCar
- Don’t use personal information (Birthdays, addresses, phone numbers and names of family or pets)
- Don’t recycle passwords (e.g. Password1 to Password2)
- Don’t write or share passwords with friends, family or colleagues and change your password straight away if you think someone knows it
- Don’t write down passwords
- Don’t use the same password across multiple accounts
- Do not use work-related information such as building names, system commands, companies, hardware or software
If you believe your ‘Your Account’ password has been compromised, report it immediately.
Using an unsecure connection can mean that people can eavesdrop on your internet activity, which could include personal sensitive data. Use websites with the padlock symbol in your web address bar, as mentioned above, so your information is secure from snooping. Likewise, you should:
- Ensure that the equipment you are using to access our online services cannot be overlooked by another person
- When you have completed your transaction or wish to take a break, log-off from the service and close down your Internet browser
- Do not use a public computer to access your online accounts because you cannot be certain that the public computer is safe and secure. It could be infected with a virus that will try to collect your password or other personal information
- Using an email account that is not shared with other family members will help keep your communications confidential
Connecting to a public Wi-Fi network can be very useful, however it does pose security risks:
- If the connection is unsecure, anyone nearby area also connected to the public Wi-Fi network could potentially monitor and access the information sent between your device and the network
- If you have Wi-Fi at home, you should change the default password assigned to your wireless router provided by your supplier. You can change the password by following the instructions provided by your supplier through the manual.
Software and app companies are continually developing their products to be more secure by releasing security updates. These updates are primarily to fix any vulnerabilities that cyber criminals could exploit to access your personal sensitive data. Malware, like viruses, trojans, adware or spyware among others, infects your computer with malicious software that could steal your personal information. Therefore, installing these security updates as soon as possible will reduce the risk of your data being stolen. You will receive prompts and notifications on your device to inform you of an update.
If you haven’t been prompted to update your web browser by the browser itself, you can check the What is My Browser? Website to see what version you’re using and, if necessary, download and install the latest one.
A few tips to help protect your device:
- Keep all software and applications up to date
- Avoid conducting personal tasks when connected to unsecured Wi-Fi points (such as online banking or email)
- Be wary of what you’re downloading, not all applications are legitimate and safe
- De-activate Bluetooth capability when not in use
Antivirus software detects, prevents and removes malware. Malware is malicious software that is designed to disrupt, damage, or gain authorized access to a computer system. However, antivirus is only effective if it is kept up to date. Most antivirus software includes an auto-update feature. It is recommended that this is enabled at all times.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Your computer will have a built in firewall that must not be turned off or have its settings amended unless you know what you are doing.
Find out more about how to protect yourself online from these great sources:
Useful Related Links
Questions & Comments
- If you have any questions or comments, or want more information, you can Contact Us or you can contact our Data Protection Officer as follows. Email: DPO@principality.co.uk or Post: Principality Data Protection Officer, Principality Building Society, Principality House, The Friary, Cardiff, CF10 3FA.
If you have any concerns or queries about your privacy and security, please call us on 0330 333 4000. Lines open 9am-5pm weekdays and 9am-1pm Saturdays.
Alternatively, you can write to us:
Customer Contact Centre, Principality Building Society, PO Box 89, Queen Street, Cardiff, CF10 1UA