How we protect you

A new voluntary code was launched to help protect customers from APP scams. M&S Bank is pleased to be amongst the first banks to sign up to the APP code and is committed to protecting our customers from fraud and scams.

If you have been a victim of an APP scam, beware if someone contacts you and tells you they can help with your claim, it may be a further scam. Please contact us yourself so that we can investigate your case.

For more information on the new voluntary code, visit the Lending Standards Board website.

CoP is a name checking service to help protect against authorised push payment (APP) scams and reduce the number of payments which are made by mistake. When you set up a new payment or amend an existing payment, it lets you check you're paying the right person or business so you can see if the name matches who they say they are. CoP also lets a person or business sending you a payment check your name matches your account. It is important, when sharing details to set up a new payment, that you provide the FULL name on your account.

We're working closely with other industry participants to introduce the new CoP service in a consistent way. This means:

• we're now able to respond to CoP requests sent by other banks for payments made to our customers
• we're working to request CoP checks from other banks for payments sent by our customers

Find out more information about CoP by visiting the UK Finance website

When you first register for Internet Banking, you'll be asked to set up a password. We make sure you can only use strong passwords that must have a mix of letters and numbers. This makes it difficult for anyone to guess your password.

M&S PASS provides you with an extra layer of protection against online fraud. An M&S PASS generates a unique, single use security code that you'll need to enter when you sign in to Internet Banking, and also when you verify certain transactions when using Internet Banking. To generate the code, you need a PIN known only by you - or you can use Touch ID, Face ID or Android Fingerprint if your device has these features. The M&S PASS is a type of two-factor authentication that lets us know it's you that's accessing your account, and nobody else. You can either use a Digital M&S PASS (part of the M&S Banking App) or a physical M&S PASS (a device that looks a bit like a mini calculator).

When you sign in to Internet Banking you can be assured any information you give or access is secure. Equally, when you fill in one of our online forms, your details are stored securely on our site. One indicator that shows you're in a secure area is if the web address starts with https:// and there's a closed padlock at the top of the page as part of the address bar (this doesn't guarantee security).

If you forget to log out of your account or your computer remains inactive for a period of time, the session will end automatically, logging you out.

After a number of unsuccessful attempts to enter your sign-in details, we'll suspend online access to your account – just in case someone other than you (or someone authorised to act on your behalf) is trying to log in. If your security details have been locked, you can reset them by following the instructions on our 'How to reset your password' page. Alternatively, you can call our Customer Services team any time on 0345 900 0900.

Using your physical characteristics like your fingerprint or face we can check that it is actually you who is tying to access your account. Your face and fingerprint are always with you and unique to you. While they can be similar, no two are exactly the same. If someone obtains your passcode, it could be remembered and used by another person but your fingerprint and face are incredibly difficult for someone else to reproduce and use. Your fingerprint or facial data is never stored by M&S Bank or in the M&S Banking App. Find out more about fingerprint and facial recognition.

Your M&S Banking App has the digital M&S PASS built in and provides you with an extra layer of protection against online fraud. You can use the app to generate unique, single use security codes that you'll need to enter when you sign in to Internet Banking. Your digital M&S PASS can also be used to verify transactions you make online. To generate the code, you need either your digital PASS PIN known only by you - or you can use fingerprint and facial recognition if your device is compatible. Find out more about the M&S Banking App.

Switch on spend notifications and we will send a push notification to your registered device every time your card is used to make a purchase. This means you’ll be able to spot any unrecognised transactions before you receive your monthly statement. How to set up spend notifications.

To protect you from fraud, banking regulations have changed meaning that additional security checks need to be carried out when you make a purchase online and you can use our app to verify these payments. Learn more about how to verify your payments.

Spend Safe, our fraud detection system, protects your M&S Bank cards. It monitors your spending patterns and identifies any suspicious or unusual activity on your account. If we're concerned about any activity, we may contact you to check that it's genuine.

From time to time, we may ask for additional information to verify your identity and address - See our list of acceptable documents.

To further enhance card security, the One-Time Passcode (OTP) service provides a more secure online shopping experience for Visa and Mastercard® users. When making online purchases, you will receive a 6-digit OTP for some purchases, via text message to your registered mobile number. The OTP will need to be entered to complete the online transaction.

Find out what we do with the information you provide us with.

We use cookies on our website to make it safer and easier for you to use. You can find out more about how we do this.