Online security

Stay safe from online fraud

Here at the AA, we're helping you to stay on top of your money using your phone, tablet and computer. It's now quicker and easier to manage your finances wherever and whenever you want. However you choose to bank, we're committed to keeping your information secure.

Although your online security is a top priority for us, it's important you know how to avoid and reduce security risks. Never open suspicious links or attachments, respond to unexpected text messages or emails, or enter your full banking details in a pop-up window.

While we may contact you to find how you use your account, tell you about products, or ask for feedback, we will never:

  • Send you a link directly to the login page of our online banking pages.
  • Email you a direct link to your latest eStatement.
  • Ask you to share your password.
  • Ask you to transfer money out of your account to protect yourself from fraud.
  • Request your account information through an onscreen pop-up window.

You should always:

  • Check statements as soon as they are available. If you don't recognise any transactions, report it immediately.
  • Keep your anti-virus software up-to-date on all devices.
  • Tell us if any of your personal details change.
  • Log out of your online banking session before closing your browser.

Online and mobile banking

Online or mobile banking are used all the time, but you should take these precautions so you can enjoy the safest banking experience possible.

  • Never share your online banking login details with anyone.
  • Make sure you're not being watched when entering passwords or PINs.
  • Check your accounts online regularly and report any transactions that you didn't make, or any new payees that you haven't set up..
  • Beware if you're asked to change or update details for any online payees and check it's a legitimate request
  • Always log out completely from your online banking session rather than just closing the website or app.

When entering login details or personal information, check the web page is secure by looking for:

  • The web address or URL changing from http to https.
  • A closed padlock icon.
  • The address bar may be green.


Email is a useful way to find out about new products and services. However, it can be used by fraudsters who want to get your personal details – they'll send emails pretending to be from a reputable company, asking for usernames, PINs, credit card details or other information. This is known as phishing while personalised emails targeting certain people are known as spear phishing.

  • Don't trust unexpected emails – if something doesn't feel right, then stop and question it.
  • Never reveal your banking details or other personal information, if they're asked for in an email.
  • If you're using a mouse, you can hover over links to see the URL – if it's different to what you expect, don't open it.
  • You may want different email addresses for different purposes. You could have one for your bank to use, another for family and friends, and maybe one for newsletters.

If you're concerned about an email:

  • Call the sender to check they sent the email. Use a number from their website rather than any numbers in the email.
  • Forward suspicious emails claiming to be from AA Credit Cards to [email protected] Send any other suspicious emails claiming to be from the AA to [email protected] and then delete them.
  • Don't reply to the email, fill out any forms, or follow any instructions given.
  • Never open any links from suspicious emails as they may take you to fake websites.
  • Don't open any attachments as they could infect your device with malicious software.

Your email address can be found from sources available publicly, or through randomly generated lists. If you get an email claiming to be from us, it doesn't mean your personal details have been gathered from our systems.


Fraudsters may try to trick you into sharing confidential information over the phone, which is known as vishing, or smishing when they use text messages. They'll claim to be from a reputable organisation and may say your account has been hacked.

When someone has called your landline, they can stay on the line even if you hang up. It's best to use a different line, such as your mobile, to report the incident to us, or wait at least 10 minutes then call someone you know to make sure the fraudsters aren't still on the line.

If don't know whether a call or text is from us, report it and don't act on it until it's been confirmed as genuine.

  • We will never ask you to transfer money to a new account – ignore any calls or texts asking you to do so even if they claim to be from the AA.
  • Never allow a cold caller to take remote access of your computer even if they claim to be from a reputable IT organisation and offering help.
  • Don't respond to suspicious text messages or open any links, as these may lead to malicious content.


Using strong passwords is essential to protect your information and identity. The best security in the world is useless if a fraudster has access to your username and password.

Strong passwords can take years to crack; weak passwords can be cracked in less than 5 minutes.

  • Use more than 8 characters – length and complexity make it difficult for hackers to decipher.
  • Try random words made up of a combination of upper and lowercase letters, numbers and symbols.
  • Don't use the same password across different accounts as one successful attack could leave all your information at risk.
  • Passwords should be easy for you to remember, but difficult for someone to guess so avoid birthdays and pet names.
  • Use finger print detection for mobile devices and use a PIN with more than 4 numbers where possible.
  • Never share your usernames or passwords.
  • Don't let web browsers remember your passwords as this can be a risk.

To create your own unique password, you could:

  • Replace letters with numbers and symbols in a movie title or character you like such as [email protected] – a variation of Spiderman.
  • Use a line of a song that other people wouldn't associate with you such as fly1ngw1Th0Utw!nGs!
  • Think of a phrase such as "Consider yourself at home" and take the first character from each word – CYAH. Then combine this with numbers and symbols- [email protected]

While our tips can help you create passwords, make sure you don't use our examples.

Public Wi-Fi

Public Wi-Fi networks or hotspots mean we can get online in places like cafés, hotels and parks – while this is very convenient, there are security risks.

When you use public Wi-Fi, you can't be sure who set up the network and you don't know who's connected to it. Malicious users could intercept whatever you're doing online including capturing your passwords and reading private emails.

  • Use 3G or 4G instead of public Wi-Fi when entering personal information where possible.
  • If you see anything suspicious while using public Wi-Fi, tell someone working at place you're using the Wi-Fi.
  • Don't install any system or application updates on your phone or computer while using public Wi-Fi.

Protecting your device

As there are a number of potential threats online, you need to protect your devices such as mobiles, tablets, laptops or PCs. This will help prevent your device being infected with malicious software, which may lead to fraud and identity theft.

  • Keep software up-to-date on your devices especially anti-virus software.
  • Use the official App Store or Google Play store to download apps – be wary opening links to download apps.
  • If your smart phone or tablet is lost or stolen, you should remotely wipe its data.
  • Secure access to your device using a strong PIN, password, passcode or fingerprint detection.
  • Clear all data on your device before selling it.
  • Recognise the signs your computer may have become infected.
  • If you think your device may be infected, don't log in to any online banking until all malicious software has been removed.

You may notice these symptoms if your device is infected:

  • Applications not working properly.
  • Date of last login not matching the date you last logged in.
  • System slowing down, freezing or crashing.
  • Unusual error messages.
  • Your browser toolbar changing.
  • System performance deteriorating unexpectedly.
  • An increase in the number of files on the system when you haven't added any.
  • Printing not working correctly.
  • Distortion on screen.
  • File size changing for no apparent reason.

Shopping online

It's great having the freedom to shop, bank, book travel and make payments online but it's important to check you're using a reputable website. Today's cybercriminals are highly skilled at creating fake websites, and they'll try hard to persuade you to share personal information and make payments.

  • Go directly to sites or find them a search engine such as Google.
  • Don't follow suspicious links on websites or in emails.
  • Check the web address is what you expected and is spelled right.
  • Make sure web pages are encrypted when entering login details or personal information.

An encrypted web page should have:

  • The web address changing from http to https.
  • A closed padlock icon.
  • The address bar may be green.

Use trusted retailers – look for independent reviews if you're not familiar with the site.

Social media

To protect yourself and your details, take care when using social media. The more information you post online, the easier it is for fraudsters to use it and it's difficult to keep track of it you want to delete it. Knowing details such as your full date of birth and where you were born, could help fraudsters access your accounts.

  • Use the privacy and security settings on social networks to control who sees what you post – don't rely on default settings
  • Be careful how much personal information you give on social networking sites.
  • Make passwords long and strong.
  • When in doubt, throw it out – even if you think you know the source, delete anything that looks suspicious.

Credit and debit cards

As with all financial transactions, you should be careful when using your credit or debit card.

  • Avoid letting your card out of sight when using it to pay.
  • When making a contactless payment, check the amount you're paying is correct before tapping your card on the payment device.
  • Always cover your card PIN when entering it on the keypad.
  • Don't choose a PIN that might be easily guessed such as your date of birth, numbers in order (5432 or 1234), or 4 of the same numbers (1111).
  • Never reveal any of your banking details such as your card number, PIN or full password if requested by email or over the phone.
  • When shopping online, check you're using a legitimate website before entering card details.

Cash machine

Cash machines can be targeted by criminals, so protect yourself when using them.

  • Be aware of your surroundings and make sure no one's trying to distract you or look over your shoulder.
  • Make sure there are no obvious signs that the cash machine has been damaged or tampered with.
  • Check other people in the queue are a reasonable distance behind you.
  • Shield the keypad with your hand to prevent hidden cameras or people from capturing your PIN.
  • Never reveal your PIN to anyone.
  • Use cash machines which are in clear view and well lit – if you're suspicious, walk away.
  • If your card is kept by a cash machine, report it immediately.
  • Keep our lost or stolen card phone number in your mobile phone contacts.

Identity theft

Identity theft occurs when someone steals your personal information and uses it to impersonate you. They can carry out fraudulent activity such as using your bank accounts, opening a credit card account in your name, or getting payment from a supplier.

  • Be careful when posting personal information online, including on social media.
  • Never give your card PIN to anyone.
  • Cancel lost or stolen credit cards immediately.
  • Lock all valuable documents away.
  • Delete all information on any devices before selling them.
  • Shred confidential information such as bank statements or cheque books before you throw them away.
  • Tell all service providers of any address changes, and set up a postal redirect.

How we protect you

Logging on

  • When logging on to your online account, we'll ask for your password. This information is encrypted during the login process and will remain a secret as long as you don't share it with anyone.

Access to data

  • Online customers need to use a secure browser to access account information and carry out transactions.
  • Our website is protected by a firewall, which blocks unauthorized access to your data.

Authorising payments

  • Payments are authorised using a Digital Certificate and password.

Logging out

  • If you don't use your online banking session for a while, it'll automatically timeout. You'll need to log in again to start a new session.

Reporting security concerns

If you think you've received a fraudulent email, text or call, report it immediately. Similarly, if you've been asked to give personal or banking information, such as username or pin, in an unusual way like a pop-up or web page, report it immediately. Don't reply to the message or follow any instructions, regardless of how genuine it may seem, until you know it's safe.

To report suspicious emails claiming to be from AA Credit Cards, send them to [email protected] Send any other suspicious emails claiming to be from the AA to [email protected] and then delete the emails.

Report a lost or stolen credit card

Call 0345 600 5606
From outside the UK on +44117 456 9835
Lines are open 24 hours.

Report cash machine fraud

Call 0345 309 8099
From outside the UK on +353 567 757 007
Lines are open 24 hours.

Mortgage enquiries

Call 0345 300 8000
Lines are open Monday to Friday 8:30am to 6pm.

Member or Easy Saver savings accounts and general enquiries

Call 0345 266 0001
Lines are open Monday to Friday 8am to 8pm, Saturday 9am to 5pm, bank holidays 10am to 5pm.

ISA enquiries

Call 0333 220 5069
Lines are open Monday to Friday 9am to 7pm, Saturday 9am to 1pm.