Online account security

Fraudsters can send emails and texts to try to scam you. Their goal is to steal your details and money. Knowing what to look out for can help stop you falling for a scam.

Scam messages often include a link to a fake site or a number to call a bogus company.

In this guide we'll show you how to spot these and how we protect you.

For more about how we recognise your computer, please read our privacy policy.

Know it's us when you log in

  • Before you enter any details, look out for the genuine address of Online Card Services, starting with: https://online.mbna.co.uk/personal/logon/login.
  • Before you fill in personal or banking details on a site, look for the closed padlock image. You can find it in the browser bar. It means the link to the site is secure.
  • A secure site will also have https:// at the start of its address.
  • But please note, these do not mean a site is genuine. So make sure you're happy with a site before you log on, fill in any details or pay.
  • Never enter your bank PIN or password on a site or in an email.


Check the address

  • The address used by a fake site may be very similar to our genuine website addresses. Look closely for spelling differences or the use of symbols, e.g. www.mdna.co.uk, www.mbna@banking.co.uk or www.verify-mbna.co.uk.
  • Sometimes fraudsters hide the address of their fake site. To check this, rest your cursor over a link in an email but don't click on it. A box will pop up showing you where you'll go if you click on it. Do you recognise it as a genuine address? If not, it might mean it's a scam.


How to protect yourself

  • Register with Online Card Services so you can check your account regularly for unusual transactions. Please tell us as soon as you notice anything that doesn't look right.
  • Review your statements on a regular basis.
  • Get in touch with us straight away if you can’t find your card.
  • We’ll never send an email or text with a link that asks you to log on or to give your account details. If you get an email or text like this, don’t reply or click on anything, just delete it.
  • If we send you an email, it will always greet you by title and surname, as in Dear Mrs Smith. And we always include part of your main account number, or part of your postcode if you don't have an account number yet.
  • If your personal details change, let us know and we can update our records. That means we can contact you as soon as possible if we think there is any fraudulent activity on your account. If we call you, we’ll confirm that it's you by asking you questions about your credit file or details from your passport or driving licence. We’ll never ask you for your log in details.
  • If you have a credit card, you can change your details at Online Card Services. If you have a loan account, to update your details call us on 0330 678 1430. We’re here to help 8am to 10pm, 7 days a week. Standard network charges may apply.
  • If you move house, tell your bank, credit card and utility providers. Let them know even if you're only moving for a short time. You might like to use the Royal Mail Redirection service. Also tell your providers if you change your work, home or mobile phone numbers.
  • Think about registering with the mail preference service at mpsonline.org.uk. This can stop you receiving marketing material which you don't want.
  • Shred all confidential letters and paper statements. This helps stop anyone piecing together information about you.
  • Before you buy anything online, check for the prefix ‘https://’, in the website address. This shows the site is secure. But please note, it doesn’t mean a site is genuine. So make sure you're happy with a site before you log on, fill in any details or pay.


Keeping your devices safe

  • Use a spam filter to help block scam emails.
  • Use an anti-virus - Install it and keep it up-to-date. Try to scan for viruses at least once a week and follow the advice. It should tell you when a site is unsafe to visit, or a file is unsafe to open.
  • Use a firewall - Keep it on at all times. A device won’t be as secure if you turn it off.
  • Keep up to date - Make sure you update your device's operating system, internet browser and software as soon as updates are available. This will help to protect them from the latest scams.


Use different passwords

  • It’s safer to use a different, strong password for each account than to use the same one all the time.
  • You can use your browser or password manager to help you remember them all. Your browser settings should let you save each password. But make sure your device is kept up to date.
  • Create a strong password by choosing three random words. And to keep it safe from other people, don’t share it or write it down.
  • To make a password even harder to guess, you can add numbers or special characters. The longer the password, the stronger it is.
  • Your first line of defence is your email account. It can hold a lot of your personal details and be used to get into your other online accounts. If you don’t have one already, pick a new strong password for your email account. Then do the same for all your other accounts, like your social media accounts and Online Card Services.
  • If you think someone else knows your Online Card Services details contact us now.


Social media security

  • What you share on social media can be seen by lots of people. So keep important details private to stop them being used by others.
  • Don’t use your personal details to create a password. Fraudsters may search through your social media to help them guess your passwords or to try to steal your identity.
  • Only connect with people you know. If you’re not sure who someone is, don’t connect with them.
  • Fraudsters can open fake accounts or break into other people’s accounts to send scam messages. They can pretend to be a friend or your family. And they often ask for money or banking details. If you get a message like this, call the sender on a number you trust to make sure it’s real. Don’t use a number from a message as this could be part of a scam.
  • If you have to register for a site or to enter a competition or quiz, make sure it’s safe before you give any personal details.
  • And be careful what you click on. Fraudsters can use links within a message to send you to a fake site or to put a virus on your device.


Think you’ve fallen for a scam?

If your MBNA credit card account has been used without your knowledge or someone knows your Online Card Services password, call us immediately on 0800 587 0997 (+44 1244 757 236 from outside the UK). Standard network charges may apply.

Report it to Action Fraud

Call 0300 123 2040. Lines are open Mon-Fri, 8am-8pm. Text phone users can ring 0300 123 2050. Again, standard network charges may apply.

They’ll log the incident and provide you with a crime reference number if needed. Action Fraud collect data from across the UK to help banks and other businesses combat fraud.

Security features

  • You can set your own username and password to use to log in. Our log in system is our first line of security.

  • We use state-of-the-art 128-bit encryption to send all data between your computer and our secure site. This means your data can't be read by anyone else.

  • We’ll log you out of Online Card Services if you haven't been active on screen for a set amount of time.

  • We can block access to your account if your details are entered wrongly.

  • Each time you use Online Card Services this is in a secure session. This is shown by a padlock symbol at the bottom of your screen.

  • You need to take care when you use Online Card Services or the MBNA Card Services App.

    We'll refund any money you lose by any fraudulent transactions on your card, if you do all you can to keep your details and devices safe.

    But we may not give you a refund if you help a scam to take place by a careless or fraudulent act.

    If you follow our advice, it will help you to avoid scams and help us to consider a refund.

    Log in and out safely

    • Don’t let anyone else have access to your app.
    • Log out after each time you use Online Card Services.

    Keep your login details private

    • Never share your banking login details. These include your user ID, password, and memorable information. We’ll never contact you to ask for them.
    • The only time you can share your banking login details is under a legal agreement. This includes anyone you have a joint account with.
    • You should not store your login details where they can be found by other people.
    • Tell us right away if you think anyone else knows these.
    • Never allow someone to gain remote access to your device while you’re using Online Card Services or your app. Fraudsters can pretend to be us or other well known companies to steal your details and money.

    Protect your device

    • Install an anti-virus on every device where you use your app or Online Card Services. Keep it up-to-date and run a scan at least once a week.
    • Update your web browser and operating system as soon as updates are available.

    For more guidance on using our online services, please read the terms and conditions.