Skip to main content

Your Security

Security is a shared responsibility - we are working hard to ensure your continued safety online. You need to take steps to stay secure too.

Here are some tips about what you can do to help stay protected online.

Online Security

Your Online Session - we understand that you work hard to do a good job, so it's important that your honest work remains as secure as possible from fraudsters.

Never share your Smartcard or PIN with colleagues. Smartcards are issued to an individual and the Smartcard and all transactions from that Smartcard remain the responsibility of that person.

Your behaviour is important to your online safety. What can you do?

  • Always log-out of Corporate Online using the Logout option to end your session.
  • Always remove your Smartcard from the Reader between signing actions and after logging out.
  • Keep Tokens & Smartcards in a safe place.
  • Be aware of your surroundings. Can anyone see you entering your log-on details?

WHY? Any activity on your session is linked back to you and can be audited by the Bank and/or your employer, this means you are personally responsible for any actions.

Please treat your access to Business Accounts with the same care and caution as your Personal Accounts.

Online security can be a moving target. Keep your safeguards strong and up-to-date.

Fraudsters can adjust their attacks to exploit the new weakest part of any security system. We constantly review our systems to stay ahead of the fraudsters, but you need to keep up to date as well.

  • We strongly recommend that your company install firewall technology, anti-virus and anti spy-ware software on all PCs or Laptops that access the internet.
  • Ensure that anti-virus and anti-spyware programmes are updated regularly.
  • Download the latest security updates (or patches) for your web browser and operating system.

WHY? Keeping your computer programmes updated increases your protection and keeps your session safe. Fraudsters can take advantage of vulnerabilities.

Stay alert!

It is important to always stay protective and vigilant of your Online Banking Session. Question anything that looks risky or different to the usual.

  • We will never request you confirm any of your personal information or companies details via an email containing a web link. If you do receive any such request;
  • If you suspect that the security of your account has been compromised, contact us immediately.

WHY? Security is a shared responsibility. Please stay alert and contact our HelpDesk immediately so we can work to protect you and other customers.

Password and PIN Security

Maintaining your Password and PIN security is an easy way to keep you and your session safe from fraudsters.

Actions you do and don't do help keep you protected. What can you do?

  • Do not write down your password and PIN and never divulge it, even to bank staff.
  • Remember to regularly change your password or PIN.
  • When choosing your Password, use a combination of Upper and Lower case letters, as well as Alpha and Numerical Characters.
  • Never use easily guessed passwords, such as your name or favourite sporting team. If possible, consider using a word that is not in the dictionary.
  • Consider using a passphrase - multiple words strung together that are unique to you.
  • Don't use the same password for multiple logins.

WHY? Passwords and PINS are your first line of defence, so always keep this updated and it is good to update your password and PIN regularly and choose a password and PIN that cannot be guessed by anyone else.

Stay alert!

  • Never log into Corporate Online via a link that has been sent to you. Always type in the website address.
  • If you think someone knows your password, get online and change it immediately.
  • If you suspect that the security of your account has been compromised in any way, contact us immediately.

WHY? Security is a shared responsibility. Please stay alert and contact us immediately so we can work to protect you and other customers.

What is online fraud?

Some fraudsters rely on the Internet to commit their crimes. Fraudsters or computer criminals can pose as a genuine customer, gain control of an account and then make unauthorised transactions. Any account linked to an online payment channel could be taken over by fraudsters.

Online banking accounts are usually taken over as a result of:


Phishing scams are used by criminals to lure victims by email into divulging valuable information such as credit card and bank account numbers, passwords and login details, which can be used to commit fraud.

You may receive an email that looks like it comes from us asking you to login and check your account. Even though it may look real, it might not be. Don’t be tempted to click on the link and enter your user ID and password.

Stop and think.

Your vigilance is one of the most important defences.

The email may not be from Bank of Scotland – it may be from another bank or supplier. If you reply to an email you are not sure about, you may be divulging your details to a criminal who intends to defraud your company.

If you are unsure of an email:

  • Do not open any attachment or open any links within the email.
  • Check with the company via an alternative method of communication.
  • Forward the email as an attachment to
  • Delete it.

We will never send you an email asking you to enter your login, account or personal details.

What you can do:

  • Be vigilant – you and your colleagues vigilance is the best defence.
  • Remember our hints and tips below about phishing emails.
  • Forward the email as an attachment to

If you clicked on any links or opened any attachments and you are concerned, contact the Corporate Online Helpdesk on 0345 300 6444 from Monday to Friday between 08.00 - 18.00.

Look at our hints below on how to spot a fraudulent email.

  • Impersonal greetings and probing questions – A phishing email will not be personally addressed to you but may begin with ‘Dear valued customer’ or something similar. The fraudster or fraudulent website may ask for sensitive personal information such as passwords, Internet banking login details, contact details or credit card numbers.
  • Urgent warnings – A phishing email may say things like ‘we need to verify your account information’ to try and get you to respond without thinking.
  • Bad spelling and formatting – The wording of the email may have poor grammar and spelling. The fake website may look slightly different with an alternative layout or misspelt words.



A virus is a file written with the sole intention of doing harm, or for criminal activity. There are many types of virus. Most commonly, they are designed to give the criminals who create them some sort of access to those infected computers. New viruses are found on a daily basis.

Viruses can get onto your computer when you open emails or when you go to suspicious websites which have viruses attached to them. The emails and websites may look genuine but contain a link or document which will install a virus to your computer. This virus will then be ready to collect and send your personal information to fraudsters.

Spyware and adware

Spyware and adware are programs designed to spy on your online activity. Protect your devices and your personal information by installing anti-spyware and keeping it up to date.


Trojans take their name from the term ‘Trojan Horse’ and are a type of computer virus which can be installed on your computer without you realising.

Trojans are sometimes capable of installing a ‘keystroke logger’ which captures all of the keystrokes entered into a computer keyboard. They then try and capture passwords entered at certain web sites.

What you can do:

Technical Protection – there are things you can do before you go online:

  • It is your responsibility to install firewall technology, anti-virus and anti spy-ware software on all devices that access the Internet.
  • Review your systems on a regular basis to identify any security vulnerabilities, so fraudsters cannot exploit the weakest part.
  • It is important that you regularly visit the website of the company which produces your operating system (e.g. Windows) and browser (e.g. Internet Explorer) to check for any patches or updates they may have issued.

Stop and think – being aware of your online session can help keep you safe.

Keep aware of any irregularities with your session: If in doubt, logout. For example if are loading slower than you would expect, if the screen flickers or you see an unusual screen like a white screen then please let us know immediately.

Be careful online: Never download software if you are unsure of the source – this includes websites which prompt you to click ‘yes’ or ‘OK’ to run a program or install a browser plug-in.

Watch out for emails: Be wary of unexpected or suspicious looking emails from unknown sources. Emails are a common way to spread harmful codes or to trick you into revealing your Internet banking information.

Never leave the PC unattended: always exit the system correctly by using the ‘Logout’ link at the top right of the screen. If you are ever disconnected when you are logged in, always login and logout correctly.

More information on how the different types of viruses work and how best to use anti-virus software is available at the Government Get Safe Online website.

Vishing (Suspicious Calls)

Please be wary of unsolicited phone calls. Some customers have advised us they’ve received suspicious calls from people claiming to be from Bank of Scotland or other well known organisations.

Fraudsters are using the following common tactics:

  • Stating there is a problem with your account.
  • Keeping your phone line open by not putting down the receiver at their end.
  • Asking you to transfer money from your account to another account for security purposes.
  • Asking you to divulge a PIN code or password over the phone.

Remember – Fraudsters are clever. They know how to trick people to get the response they want.

They will try to gain your trust by asking you to call the help desk number or a number that you already know AND they will keep your phone line open by not putting down the receiver at their end.

We’ll never ask you to transfer any of your money out of your account to another account that you do not recognise. If you’re asked to do so, please hang up immediately.

What you can do:

If you do receive a call and are asked to call a known bank number, or any other number please do the following:

  • Use another phone from the one you received the call on.
  • If you don’t have another phone to use and have to use the same phone, call someone you know first to make sure the telephone line is clear.

For further information on security go to the Government Get Safe Online website

What are we doing?

We take our side of security seriously and use technology, intelligence and hard work to keep you safe. We do take measures to keep you safe that we can’t publicise, this maintains the security of these measures.

PKI Security

PKI is a strong, very robust security system that encrypts your banking session and protects your transactions. The process authenticates you as the user and signs a digital signature on each request that is sent to the bank. As the system needs you, the software, hardware and PIN to work in harmony it creates a very secure environment.

Market Intelligence

We work closely with a number of experts and agencies to understand the latest threats and work to actively protect your online session in the background.

Security Certificates

Digital certificates are required when Corporate Online is used on Internet Explorer to provide additional security for you when using the service. Customers who have disabled the Microsoft Windows feature to automatically update Root Certificates may receive alerts because the PC being used to access Corporate Online cannot recognise the Root Certificate that we use.

Corporate Online security certificates are provided by VeriSign.

To check whether the automatic update of security root certificates facility is disabled on your PC please

  • Launch internet explorer and click on tools and internet options
  • Click on the content tab and select the certificates button in the certificates section
  • Click on the Trusted Root certificates tab and check that VeriSign is listed.

If VeriSign is not listed, you will need to either

  • Ensure that updates are applied by your IT support area OR
  • Proceed through the certificate security alert to allow the certificates to be automatically installed.

If you have any queries relating to security certificates on your PC, you should contact your IT support area.

Contact the Corporate Online Helpdesk on 0345 300 6444† if you suspect the security of your PC, Smartcard or Token have been compromised in any way.

Requesting a recall for an International Payment outside of business hours: If you suspect that you've been the vicitm of fraud on an international payment and need to request a recall please contact us on 0345 600 9656.

For further information on how to stay secure whilst online please click here.

For further information on security go to the Government Get Safe Online website