Online account security

Fraud and identity theft aren’t only a risk to your privacy, but also your finances, knowing what to look for can help prevent you becoming a victim.

Fraudsters use ‘phishing’ or ‘spoofing’ tactics to get sensitive information from you. This usually involves a fake website or email which looks similar to one you’d normally trust. Information you give on a phishing site could be used by criminals to access your account or use your identity fraudulently.

In this guide you’ll find helpful information about protecting yourself and how we protect you.

For more information about how we recognise your computer, please review our privacy policy.

Know it's us when you log in

  • Before you enter any details, look out for the genuine address of Online Card Services, starting with:
  • In ‘https’, the ‘s’ indicates you’re on a secure site - look for this anywhere you enter sensitive information.
  • If you’re on a secure site, click the padlock symbol on your browser to view the site’s certificate.

Check the address

  • The address used by a counterfeit site may be very similar to our genuine website addresses. Look closely for spelling differences or the use of symbols, e.g., or
  • Hidden addresses - rest your cursor over a link in an email (but don't click on it) and a box will pop up showing you the link destination - do you recognise it as a legitimate address? If not, it might mean the sender’s got something to hide.

How to protect yourself

  • Register with Online Card Services so you can check your account regularly for unusual transactions. Please tell us as soon as you notice any unusual transactions or you can’t find your card.
  • Review your statements on a regular basis.
  • Don’t reply to emails asking you to provide personal information or verify your account. We’ll never request sensitive information in unsecured communications like email.
  • So you know emails we send you are genuine, we'll always quote the last 4 digits of your account number and / or part of your post code. We'll also always greet you personally with your title and surname. If your personal details change, let us know so we can update our records and contact you as soon as possible if we suspect your account is being abused. If you have a credit card, you can make any changes at Online Card Services. If you have a loan account, to update your details call us on 0330 678 1430. We’re here to help 8am to 10pm, 7 days a week. Standard network charges may apply.
  • If you move house (even temporarily), tell your bank, credit card and utility providers. You might like to use the Royal Mail Redirection service. Also tell your providers if you change your work, home or mobile telephone numbers.
  • Consider registering with the mail preference service at to prevent unsolicited marketing material being delivered to you. 
  • Use a spam filter to help block ‘phishing’ emails.
  • Keep your anti-virus software up-to-date. Don’t switch off your firewall, and be careful what you download.
  • Use the latest version of an internet browser, such as Internet Explorer or Firefox.
  • Choose strong passwords with a mix of several letters and numbers. Use different passwords for different websites and never reveal them to anyone.
  • Shred all confidential letters and paper statements to stop anyone piecing together information about you.
  • Always log off Online Card Services before walking away from your computer or accessing other websites.
  • Before you buy anything online, check for the prefix ‘https://’, in the website address, which indicates the site is secure.
  • Update the operating system (OS) on a device as often as you can. If your computer uses an older OS like Windows 7, XP, Vista or 2000, it won’t get security updates. Similarly, If your mobile device uses Android 7.0 or below, Google no longer sends security updates.

Social media security

  • Think twice before sharing information online. Could someone use the information to guess your passwords or commit identity theft?
  • Set your social media accounts to private and check your settings regularly.
  • Only connect with people you know in real life on social media, as your friends’ real accounts might be cloned by a fraudster.
  • Check a person’s identity if you get an unusual request on social media or by email as accounts might have been hacked by a fraudster.
  • Be careful when you register on websites and forums. Personal information, like your date of birth, mobile number, address and information about your family can be used for identity theft and to hack your account.

Think you’re a victim of online fraud?

If your MBNA credit card account has been used without your knowledge or someone knows your Online Card Services password, call us immediately on 0800 587 0997 (+44 1244 757 236 from outside the UK). Standard network charges may apply.

Report it to Action Fraud

Call 0300 123 2040. Lines are open Mon-Fri, 8am-8pm. Text phone users can ring 0300 123 2050. Again, standard network charges may apply.

They’ll log the incident and provide you with a crime reference number if needed. Action Fraud collect data from across the UK to help banks and other businesses combat fraud.

Security features