How we're protecting you.

Your online safety and security matter. And this is where you can find out exactly what we’re doing to keep you and all your Online Banking information safe.

For example, we have the latest anti-fraud systems to make sure your Online Banking experience is as safe as possible and to protect your personal information and privacy.

Plus you have the full support of our online fraud guarantee, so whatever little surprises life throws your way – we’ve got you covered.

Protecting you

Your online safety and security matter. And this is where you can find out exactly what we’re doing to keep you and all your Online Banking information safe.

Even if you only spend five minutes looking at your account every now and then, we have some seriously clever widgets to keep you safe:

  • Secure sign in
    You will always have to enter your User ID, password and three characters from your Memorable Information to access your account from your desktop. However, once you have registered for Mobile Banking using our Android or iOS app you’ll only have to enter 3 characters from your Memorable Information to access your accounts securely from your mobile.

    REMEMBER – We will never ask you for all the characters from your Memorable Information.
  • Automatic sign out
    We will automatically sign you out after several minutes of inactivity in case you forget to sign out or leave your device unattended.
  • Fraud detection systems
    We monitor your account(s) for any unusual behaviour.
  • Suspend account
    We will temporarily disable your account(s) after a number of incorrect sign in attempts in case fraudsters are trying to guess your details.
  • Telephone masking
    To provide additional security, we have partially hidden your telephone numbers to help protect you against online fraud.

Anti fraud system

Here’s how we’re protecting your accounts online

We're regularly improving our security to prevent online fraud, using cutting edge security technology and anti-fraud systems to protect your personal information and your online privacy.


Enhanced Internet Authentication

Enhanced Internet Authentication is another measure we’re using to make your banking even safer online. It works by using your phone as an additional security hurdle when making important transactions or requests related to your Halifax account.


Contacting you

Criminals may use email, text or phone to lure you into handing over valuable information such as credit card and bank account numbers, passwords and sign in details. These can then be used to commit fraud.

We will always:

  • Quote your Online Banking user ID and part of your postcode. By default this will be your main account.
  • Greet you personally using your title and surname. For text alerts check they begin Halifax A/C and quote part of your account number or postcode.
  • Use links in our emails that will only ever go to a page on www.halifax.co.uk. We will never link directly through to our Online Banking sign in page or ask for your personal details.

For the phone security check to be effective we need you to provide us with up to three phone numbers, for example work, mobile and home. It’s important that you provide as many different phone numbers as you can to make it easier for us to contact you and that you keep them up-to-date. You can do this by signing in to Online Banking to update or confirm them.

Find out more about how phone security checks work.

Discover tips on surfing safely and staying secure online and get some great advice on how to avoid phishing and scam emails as well as keeping yourself virus free.

Phone security check

Our phone security check is called Enhanced Internet Authentication (EIA).

When you set up a new payee, standing order or credit card payment, we need to make sure you are who you say you are. To do this, we’ll give you a call to ensure that the instruction is coming from you.


How it works:

  • All you need is a telephone near you. You’ll be able to choose which number we call you on, provided it’s a number we already have on your records.
  • You’ll receive an automated call asking you to confirm details about your transaction.
  • You’ll need to enter the four digit number that will appear on your device screen into your telephone keypad.

The whole process takes around a minute. You can see this security check in our Online Banking demo.

  1. Why do Halifax use EIA?
  2. Is there a charge for this service?
  3. What happens if I don’t give you my numbers?
  4. Will I need to have my phone with me every time I want to make a payment?
  5. If I update my phone number online can I use it immediately?
  6. What happens if I can’t answer my phone?
  7. What should I do if my access is suspended?
  8. I received a call asking me to confirm an instruction I didn’t set up, what should I do?
  9. You don’t hold any numbers for me so how can I use the service?
  10. What type of telephone numbers can you call me on?
  11. I have a disability that may prevent me from using this service, what can I do?

Why do Halifax use EIA?

We’re always working to improve the security of Online and Mobile Banking to prevent fraud. This is another measure to protect your personal and financial information online. If a fraudster gets hold of your sign in details and gains access to your account(s), they’re unlikely to have access to your phone as well. Without your phone, they won’t be able to transfer money away from your account(s).

Is there a charge for this service?

Not a penny. Although your mobile provider might charge you if you take the call while you’re abroad.

What happens if I don’t give you my numbers?

Without a phone number to reach you on, EIA will not work, and you will not be able to use Online Banking to set up any new payees , standing order or credit card payment.

Will I need to have my phone with me every time I want to make a payment?

No, you’ll only receive a phone call when you set up a new payee, standing order, credit card payment or resetting your security details.

If I update my phone number online can I use it immediately?

New numbers take a few days to become active, so in the meantime you’ll be directed to our phone support team who’ll help you.

What happens if I can’t answer my phone?

We’ll try three times but if we can’t get hold of you we won’t be able to carry out your request.

What should I do if my access is suspended?

Our security team will try to contact you within the next three hours during the working day (8am – 9pm Mon to Fri, 8am – 8pm at weekends). If they can’t reach you within 24 hours they’ll send you a letter with further instructions.

I received a call asking me to confirm an instruction I didn’t set up, what should I do?

Please report it to our fraud prevention team on 0800 917 7017
(+44 207 481 2614 from overseas) who are available 24/7.
Calls may be recorded.

You don’t hold any numbers for me so how can I use the service?

If we don’t have a number for you you’ll have to call us on 0345 721 3141 or pop into your local branch so we can set up the instruction for you. Please make sure your contact details are up to date: Sign in to Online Banking, then select Personal Details from the left-hand menu.

What type of telephone numbers can you call me on?

We can call you on any UK number as long as its not a premium rate number ( e.g. starting with 09). To use this service you need to be able to receive a call from us, confirm the details given to you and using the telephone key pad, enter a four digit number that will be displayed on your Online Banking screen.

I have a disability that may prevent me from using this service, what can I do?

To use this service you need to be able to receive a call from us, confirm the details relayed to you and enter a four digit number that will be displayed on your device screen using your telephone keypad. Customers with a hearing impairment can follow the on screen instructions while the security check is in progress. If you use a mobile phone, we recommend you include this number in the mobile section of your phone details. You can then use this number for a phone security check. If you're unable to do this, please visit your local branch or contact us by text phone or SignVideo and we'll arrange the payment for you.

Your contact details

Please make sure your contact details are up to date:
Sign in to Online Banking, then select Personal Details from the left-hand menu.

Our Fraud Guarantee

We guarantee to refund your money (including charges and interest that you’ve paid or not received as a result) in the unlikely event that you experience fraud with our Online Banking service. We will take steps to protect you 24/7, using technology and safeguards that meet or exceed industry standards, but you must also use our online banking services carefully.

Being careful when you use our services includes, for example, that you:

  • Do all that you reasonably can to keep your Security Details (such as online and mobile username, password, and memorable information) secure, and you log off after each Online Banking session.
  • Don’t let anyone else have access to your account or Security Details, or transact using them, even if they share a joint account with you through our Online Banking services.
  • Tell us, as soon as you can if you think your Security Details have been lost, stolen, damaged or are being misused; or think someone may be accessing your accounts without your authority, or has discovered your Security Details.
  • Carry out regular virus checks on your devices.

If you've been grossly negligent, we will not refund any money taken from your account before you have told us your Security Details have been lost, stolen or could be misused.

We won't give you a refund if you have acted fraudulently.

For further guidance on using our online banking services - see our Online Banking service conditions.

If you’re already concerned that your online personal or security details might be at risk give us a call on 0345 602 0000. If you’re calling from a mobile or overseas, the number is +44 113 279 8302.

Stay Secure Online - New security certificate

We have introduced a new feature to our online banking service, designed to give you even more confidence when using our service.

How does it work?
Extended Validation Secure Socket Layer, or EVSSL for short, means that our site has undergone many rigorous checks to confirm its validity, and has been provided with a 'certificate of authenticity' which can be recognised by your browser.

In the majority of cases, this validation is shown within your address bar, displaying a 'traffic light' style response of green, amber or red.

This feature gives you the added confidence of knowing the site you're using has been confirmed as genuine.

What will you see?
This certificate of authenticity is recognised by most browsers, though there are variations in the way the different browsers display the validation.

The majority of users running Internet Explorer versions 7 and 8 (IE7 and IE8), Mozilla Firefox 3, Opera 9.5 and Safari 3.2  will see the following 'traffic light' responses on their address bars:

  • Websites recognised as authenticated will display a GREEN address bar plus a padlock symbol, referencing the certificate and the authenticated website provider
  • Websites considered to be suspicious will display an AMBER address bar with no padlock symbol
  • Websites identified as fraudulent and a phishing site, or as having a revoked or expired validation certificate, will display a RED address bar

Users running Internet Explorer 6 (IE6), Mozilla Firefox 2 and Google Chrome will continue to see their standard address bar.  No 'traffic light' notification will be given though authenticated websites will display a padlock symbol in the address bar.

Other browsers not mentioned above will continue to see their standard address bars

Update your browser version
We always recommend you upgrade your browser now to one of the versions that is compatible with EVSSL.  You can usually upgrade your browser version from your browser providers' website.


Cyber Essentials certified logoCyber Essentials is a government-backed scheme that certifies that we meet their requirements in a range of essential precautions to protect the bank and our customers against internet-based threats.