Online Banking Fraud in the UK — What to Do Right Now
Online banking fraud occurs when someone gains unauthorised access to your bank account — whether through phishing, malware, SIM swapping, or credential theft — and makes payments without your knowledge or consent. UK banks are legally required to protect you, but you need to act quickly. Here's what to do.
Immediate Steps — Do These Now
Call your bank's fraud line immediately
Every major UK bank has a 24/7 fraud line. Do not use internet banking to try to undo transactions — call first. The number is on the back of your debit card. If you don't have your card, see our full UK bank fraud numbers guide at /bank-account-hacked-what-to-do.
Ask the bank to freeze the account
Request an immediate freeze to prevent any further transactions while the fraud is investigated.
Ask about a recall on recent payments
If a fraudulent payment was made recently, your bank can attempt to recall it from the recipient bank. Speed matters — the sooner you report, the higher the chance of recovery.
Change your online banking password and PIN
Do this after you've called the fraud line, using a device you're confident is clean of malware.
Types of Online Banking Fraud
Authorised Push Payment (APP) fraud
You were tricked into making a payment yourself, believing it was legitimate (e.g. fake invoice fraud, impersonation of your bank, romance scam leading to transfer). Covered by the APP Fraud Reimbursement Code from October 2024.
Unauthorised payment fraud
A transaction you didn't authorise was made from your account. Banks are legally required to refund unauthorised transactions under the Payment Services Regulations 2017 unless they can prove gross negligence on your part.
Card-not-present fraud
Your card details were used for an online purchase you didn't make. Covered by your card provider's chargeback process.
Your Legal Rights
| Fraud type | Your rights |
|---|---|
| Unauthorised payment | Refund required by law (PSR 2017) unless gross negligence proven |
| APP fraud (tricked into paying) | Reimbursement up to £85,000 under the APP Code (October 2024) |
| Card-not-present fraud | Chargeback via Visa/Mastercard, or Section 75 (credit cards over £100) |
Section 75 of the Consumer Credit Act 1974means your credit card provider is jointly liable with the retailer for purchases between £100 and £30,000. This applies to goods or services — not cash transfers.
Report to Action Fraud
After contacting your bank, report to Action Fraud at actionfraud.police.uk or call 0300 123 2040. You will receive a crime reference number, which you will need if your bank disputes your fraud claim.
Protect yourself going forward
Get a free Security Score and personalised checklist — takes 10 minutes.
Get your free Security ScoreIf Your Bank Refuses to Refund
If your bank refuses to refund and you believe you are entitled under the PSR or APP Code:
- 1Submit a formal complaint to the bank in writing
- 2If unresolved within 8 weeks, escalate to the Financial Ombudsman Service (financial-ombudsman.org.uk) — free to use and legally binding
- 3Keep all records: transaction dates, amounts, correspondence with the bank
Frequently Asked Questions
I was tricked into making a payment to a scammer. Am I entitled to a refund?
Possibly yes. Under the APP Fraud Reimbursement Code (mandatory for UK banks from October 2024), most victims of authorised push payment fraud can claim reimbursement up to £85,000. Report to your bank immediately — do not delay, as banks assess whether you took reasonable precautions.
My bank says I should have known it was a scam. Can they refuse to pay?
Banks can reduce or refuse reimbursement if you ignored a specific fraud warning they gave you at the time of the payment. However, vague warnings don't count — the burden of proof is on the bank. If you believe their refusal is unfair, complain in writing and escalate to the Financial Ombudsman.
How long does online banking fraud investigation take?
Banks must acknowledge your fraud claim within 15 business days and provide a final response within 35 business days under FCA rules. If it takes longer than 8 weeks, you can take your case to the Financial Ombudsman.