Skip to content
Fraud and Security Centre

Fraud and Security Centre

Protect yourself online

At Sainsbury's Bank we’re committed to protecting our customers from fraud and giving practical advice on how to stay safe. Here are some hints and tips to keep you safe.

Protect your personal details online

The nature of social networking means that using it carries a degree of risk including becoming a target for cyber-criminals, but there are tips to keep you safe on-line.

  • Avoid publishing any identifying information about yourself -such as phone numbers, your address or birthday - that could be used by scammers.
  • Make it difficult for anyone wanting to hack your accounts by using a strong passwords with symbols and numbers.
  • Be on your guard against phishing scams, including fake friend requests and posts from individuals or companies inviting you to visit other pages or sites. If you do get caught up in a scam, make sure you remove any corresponding likes and app permissions from your account.
  • Ensure you have effective and updated antivirus/antispyware software and firewall running before you go online.

Protect your card and PIN

You and any additional cardholders should:

  • Sign your card as soon as you get them
  • Keep the card safe and do not divulge your PIN to anyone
  • Not allow anyone else to use your card or PIN
  • Not write down or record your PIN, even if disguised


What is phishing?

Phishing emails are fraudulent emails that look as if they're from your bank, and try to collect your online login details by getting you to log in to a fraudulent website.

We’ll never ask for your login details. If you receive an email like this, do not click on any links in it. Instead, forward it to us at

Look out for:
  • Informal wording that’s not in the style you would expect from a legitimate company
  • Poor grammar and spelling
  • A request to confirm or verify your account, or enter your account details, password or PIN
  • Emails claiming to have an ‘Important message for you - click here’
  • Emails that claim your account has been compromised or if you don’t respond within a certain timescale your account will be closed
  • Emails that start ‘Dear customer’ or ‘Valued customer’
  • Emails that ask you to click a link to get access to your account.
I received a suspicious email, how could the sender obtain my e-mail address?

Your e-mail address might have been obtained from another website which collected these details from you online and passed the information to the sender. Most reputable websites will tell you if they do this and will give you the option to refuse permission to pass on these details. Sainsbury's Bank will never pass your e-mail address onto any other company or individual.

I’ve heard about e-mail scams in the news recently. What do I need to do about this?

Never enter your confidential login details on any website other than Sainsbury’s Bank. If you receive an e-mail that asks you to click on a link and enter your details, please forward it to

How do I stop receiving fraudulent e-mails?

Your Internet Service Provider (ISP) or email provider may offer a service that will allow you to mark e-mails as 'spam' so that you don't receive them in the future. Contact them to ask about this service.


What is telephone fraud and vishing?

Telephone fraud, also known as vishing, are often unsolicited phone calls from fraudsters which encourage you to give out your personal details, such as your card, PIN, Mobile Banking App activation/passcodes or card reader codes.

Fraudsters may pretend to be from your bank or other legitimate businesses, such as computer companies, telecommunication companies or broadband providers.

Fraudsters will call mobile phones or landlines pretending to be from your bank in order to get your personal information or ask you to move money from your personal bank account.

They may have some of your personal information such as name, address, or phone number, to make them seem genuine.

These calls will often seem urgent to get you to act as quickly as possible, giving you minimal time to think about whether the call is fraudulent. The atmosphere and background noises can help the calls seem more convincing.

Sometimes you may get a 'warm up' call where no information is discussed. This is to set the scene for a later call where you may be asked for information.

Online transaction security

As part of an industry-wide change, we’re adding an extra layer of security to help prevent fraudulent transactions when your credit card, savings account is being used online.

We may send you a one time passcode (OTP) when you make an online transaction to make sure it’s you. This includes shopping online with your credit card, logging in to online banking or making changes such as updating your personal details, adding additional card holders or making payments. If you receive a one time passcode, you’ll need to enter it on screen before the transaction can continue. If you're shopping online with your credit card and we send you a passcode, we'll also ask you for the email address you'd normally use when buying anything from a website/online. You’ll need to enter the passcode AND your email address on screen before the transaction can continue.

If we don’t have your phone number then we won’t be able to send you a one time passcode and you’ll not be able to complete your online transaction.

Check your details

So that you can continue to make online transactions as usual, you need to make sure that the phone number we have for you is correct and up to date. Please check the number you’ve given us by logging into online banking, click on My Details, then select Personal Details.

Not given us your phone number or changed numbers recently?

The easiest way to give us your phone number, or update it, is by calling us. Please visit our contact us page to find the right telephone number for your product.

Any questions

For more information see our frequently asked questions below:

Using your credit card to shop online?

Why am I being asked to provide an email address when I’m buying something online with my credit card?

As well as sending a One Time Passcode (OTP), we're adding an additional layer of security to help prevent fraud on your Credit Card account. This is part of an industry wide change and will help us make sure it's you.

What email address should I enter?

You can choose which email address you give us but it must be one that's valid. It doesn't need to match one you've given us in the past but should be the one you normally use when shopping online.

What if I don’t have an email address?

You may not be able to buy items online if you don't have an email address. You can create an email address using a provider you choose and use this to shop online.

Do I need to enter the same email address, when requested, for everything I buy online?

You should enter the email address you would normally use when shopping online.

Do my additional cardholders need to use my email address if they’re making shopping online?

No. Additional cardholders should enter the email address they'd normally use when shopping online.

Passcode questions

What is a One Time Passcode?

When you’re making a transaction online, we may need to do an extra security check to make sure it’s you. If we do, then we’ll send a 6 digit One Time Passcode to the phone number you’ve given us. This is a secure number that you must keep confidential and can only be used by you for that particular transaction. It’ll also have a time limit so it can only be used once. Once received, you enter the passcode at the prompt on screen to continue with your transaction.

Why have you introduced this?

As part of an industry-wide change, we’re adding an extra layer of security to help prevent fraudulent transactions when your credit card or savings account is being used online. We’ll be using One Time Passcodes to authenticate online transactions because they’re more effective at preventing fraudulent transaction attempts than other methods.

What if you haven’t got my phone number?

You may not be able to access online banking or service your account online, and may not be able to shop online with your credit card. So it's important that you tell us your phone number, preferably a mobile one. The easiest way to do this is by calling us. Please visit our contact us page to find the right telephone number for your product.

What if I haven’t got a mobile phone?

Don’t worry, you’ll still be able to use your card in shops and take cash out. And if you’re at home shopping online or logging into online banking, you can choose to send the One Time Passcode to your landline if we also hold this phone number on file for you.

What if you need to send me a One Time Passcode but I haven’t got a mobile phone signal?

If you don't receive the One Time Passcode because you don't have a signal, you can request another one time passcode if you can get a signal nearby. Or if you’re at home and logging in online you can choose to send the passcode to your landline if we also hold this phone number on file for you. However for some servicing activity we need to send the one time passcode to your mobile.

How do I know what phone number you have for me?

Just log in to online banking, click on My Details, then select Personal Details.

What if I have difficulty reading a mobile phone screen?

Most mobile phones have a tool to help blind or visually impaired people read their mobile phone screen. We’d suggest checking your mobile phone’s accessibility settings for screen reading and text to speech options. On most Apple devices VoiceOver can be activated and most Android devices have a TalkBack tool.

One Time Passcode questions

Will I need a one time passcode to access online banking?

We may need to send you a One Time Passcode when you log in to online banking to make sure it’s you. And you’ll need a One Time Passcode to carry out specific servicing activity such as updating your personal details, adding additional card holders or making balance transfers and money transfers.

Will this affect all of my purchases?

No. We’ll only send you a One Time Passcode when you make certain online transactions and we need to do an additional security check. It doesn't apply to any other types of transactions such as shopping in person or taking cash out.

How does this affect additional cardholders on my account?

Provided we have phone numbers for the additional cardholders, they’ll still be able to shop online using the credit card.

Will I need a one time passcode when I set up a new recurring payment, for example to a TV streaming service?

Yes, in the future we will need to send you a One Time Passcode when you set up a new recurring payment. However this’ll only happen once, at set up, not each time the payment is made. And you’ll not need a one time passcode for existing recurring payments, though you may need a one time passcode if you are making changes to these payments.

Protect your computer

Keep your computer security up to date to stay safe from Trojans, viruses and other online risks.

Operating system and browser

Keep them up to date — newer versions have higher levels of internal security.

Anti-Virus Software

Keep your anti-virus software up to date — new viruses can appear daily. Look for software that combines anti-virus, firewall and anti-spyware. Here are some popular providers:

Sainsbury's Bank Secure

What is Sainsbury's Bank Secure?

This is a free service provided by Sainsbury's Bank and certified by Mastercard® International. It offers you a more secure internet shopping service when you pay with your Sainsbury's Bank credit card. The service assesses each transaction and will either verify it automatically or ask you for some further information. It only applies to online purchases at participating retailers.

You’ll sometimes see the Sainsbury's Bank Secure service being called 'Mastercard® SecureCode' or 'Verified by Visa'.

With Sainsbury’s Bank Secure you can shop online safely, using any computer, anytime, anywhere.

How it works

When you buy something online, you’ll get a "Processing…." page after you’ve entered your payment details. Sometimes you’ll be asked for further information to help us verify the payment.

Will I need to apply for a new card to use Sainsbury's Bank Secure?

No. Your existing credit card is enabled for using Sainsbury's Bank Secure.

Can I use Sainsbury's Bank Secure from any computer?

Yes. Sainsbury's Bank Secure works on most modern computers and browsers. One of its great advantages is that it works on any computer connected to the web that has a compatible browser.

What if I have software that stops pop-up boxes?

If you have a pop-up blocker installed you’ll need to disable it or change the settings to make sure Sainsbury's Bank Secure works properly.

What if I buy something online but the Sainsbury's Bank Secure summary box doesn’t appear?

Some retailers don’t use Sainsbury's Bank Secure yet but you can still use your credit card. Just follow the retailer's normal checkout process.

Where can I get more help and information on Sainsbury's Bank Secure?

For help please call our Sainsbury's Bank helpdesk.

Spyware and spam


Spyware is software can collect personal information about you, track the websites you visit or change the configuration of your computer.

Some spyware simply displays advertising such as pop-up windows, while more malicious versions can record what you key in, to try to intercept your passwords or credit card numbers.

Downloading games, pictures, screensavers etc. from dubious sites can cause spyware to be installed onto your computer. Certain pop-ups that appear when visiting websites can also install spyware.

These tips can help you stop spyware from infecting your computer:

  • Download and install anti-spyware software such as Microsoft's free anti-spyware program, Windows Defender
  • Keep your computer software up to date
  • Only download and install programs from websites you trust
  • Read security information, privacy statements and licence agreements when you install downloaded software.
  • Don’t click 'OK' or 'I Agree' on pop-up windows unless you know what you’re agreeing to
Spam and how to avoid it

Sainsbury's Bank will never pass your email address to another company or individual. To minimise the amount of spam you receive, don’t:

  • Put your email address on a newsgroup, message board or personal webpage
  • Signing up for a email newsletter or web service that doesn’t let you opt out of sharing your email address with others


Trojans give fraudsters unauthorised access to your computer so that they can record your online activities. They may record your personal login details by:

  • Recording the keys you press on your keyboard
  • Copying images displayed on your screen, including online application forms

If you're asked to login via a format that looks different to our standard login page (e.g. a pop-up window or a dialogue box), that could be a Trojan.


A virus is a computer program that can replicate itself and spread from one computer to another. A virus can infect and damage your computer.

What to look out for

Email is a common way for viruses to spread, so be careful when you open emails from unfamiliar senders.

If you use social networking sites, make sure you're careful about the information that you post on there (for example, you shouldn't give your full address or date of birth). Be wary of accepting friend requests or joining groups when you're not certain you know who has invited you. This can be a way that fraudsters infect your computer with a virus or Trojan.

The best way to protect your computer from viruses is to keep your anti-virus software up to date.

Recycling of email addresses

Customers who hold certain email accounts (for example, Yahoo, Rocket and Ymail email accounts) who have not logged into those email accounts for a prolonged period (for Yahoo, Rocket or Ymail email accounts, this period is 12 months) could have their email addresses recycled by their provider. If any account you hold with us is registered under an email address that is recycled, emails from us regarding your Sainsbury's Bank account could potentially be seen by unknown third parties.

If you no longer actively use the email address under which your Sainsbury's Bank account is registered, please update your registered details to reflect the email address currently used by you. If you continue to use your registered email account, please ensure that you visit the email account with sufficient regularity to avoid it being recycled. We recommend that you check with your email account provider for specific details of their email recycling policy.

Using your credit card abroad

Going somewhere nice? Your Sainsbury's Bank Credit Card is accepted around the world, wherever you see the Mastercard, Visa or Maestro/Cirrus sign.

Tips for using your card safely

Follow these steps to use your card safely when you’re abroad:

  • If you have trouble using your card abroad, call the overseas telephone number on the back of the card
  • Take a note of your card number and your card company's 24-hour contact number, and report any lost or stolen cards as soon as possible
  • Make sure have up-to-date contact details for you, including your mobile number
  • Don't let your card out of your sight − especially when you make purchases in bars or restaurants
  • Never give your PIN to anyone
  • Shield your PIN when paying with your credit card or using a cash machine
  • When you return home, check your card statement for any unfamiliar transactions, and report them to us as soon as possible
Charges for using your card abroad

You’ll be charged a fee of 2.75% for using your credit card abroad. Cash advances are also subject to a handling fee of 3% (minimum £3).

Any payment you make abroad will be converted into Sterling at the exchange rate determined by Visa International or MasterCard International depending on which card you have.

How we protect you

We use the latest security measures to keep your money and personal information safe when you bank with us online.

Our online servicing system includes:

Secure sign in
Only gives you access once you enter your login details.

Secured Sockets Layer (SSL) certificates
Your Proof that we are who we say we are and that your information is encrypted to prevent others reading it — look for the yellow padlock at the bottom of your browser.

Firewall protection
Prevents unauthorised access from third parties and safeguards your account information in our systems.

Time-out facility
Automatically logs you out if you’re inactive for 10 minutes.

Online fraud guarantee
Our guarantee means that if you're a victim of online fraud you’ll be reimbursed if you lose any money.