Online security at Raisin UK

Your online security is important to us. Keeping your personal data secure when using raisin.co.uk and the online customer portal is our first priority. This page gives top tips to staying safe online and details what we do to keep your details and money secure.

Our site is protected by industry standard SSL Secure Sites Certificates to ensure any data you share with us is secure across our entire site. Look for the padlock displayed at the top of the screen in your address bar, this indicates that you have a secure connection with us and you can rest assured that any information you supply is encrypted and cannot be read by anyone else.

We always place your security first. To ensure maximum security, we have made a simple list of security to-do’s you can follow:

• Never divulge personal details like your Raisin UK Account password, mobile verification code or one-time passwords (OTP) in any medium, including over the phone, by text or by email.
• Raisin UK will never ask you for any of the sensitive details mentioned above.
• Raisin does not ask for confirmation, verification or changing of your personal details, password or mTAN by email!
• Create a strong password with at least 8 characters that include a combination of mixed uppercase and lowercase letters and numbers.
• Change your passwords frequently.
• In passwords, do not use combinations that have a private or easily-guessed reference such as your name, date of birth, telephone number, postal code or similar.
• We will never contact you to ask you to grant us remote access to your computer or mobile device, or install any remote access software such as Teamviewer, Anydesk, etc. If you receive these instructions, please ignore them and report this securely to us through your Raisin UK Account.
• Payments should only be sent to your Transaction Account. Your Transaction Account details can be found by logging into your Raisin UK Account and hovering over your initials in the upper left corner. You will only ever transfer funds to these account details when using Raisin UK’s services, so please ignore any requests to transfer funds to anywhere else.
• Our Customer Services team can only be reached via Postbox, email or by calling us directly. Please do not engage with phone numbers or social media accounts that claim to be from our support team. If you receive such a call, politely decline it and call us back using the numbers provided on our website.

• Do not use public or other unsecured computers for logging into your Raisin UK Account
• Review your account balances and transactions regularly to confirm payments and other transaction data. If you spot a problem, immediately report any suspicious transactions to the Raisin UK Customer Services team.
• Never leave a computer unattended while using Raisin UK’s banking services.
• Use an Antivirus solution on your PCs.
• Always install the latest operating system and application updates.
• If possible, use a password manager solution to secure, store and manage your passwords.
• Always use a Firewall on your PCs or laptops.

The widespread use of mobile phones and apps for banking means more convenience for customers and better ways to monitor account activity. Unfortunately, it also means there are more risks and opportunities for fraud and security risks.

Raisin UK provides a secure environment for mobile banking by keeping online banking services up-to-date to protect customers from any fraud or security issues.

As a customer, there are several things you can do to significantly reduce the risk of fraud or security issues:

• The biggest security risk is the loss of your smart phone. We, therefore, recommend setting up a screen lock with a password. This password should consist of numbers and characters so that applications and data are safely protected against unauthorised access. The latest smartphones provide Fingerprint or face ID protection which needs to be enabled for better security. Find out more about creating a strong password.
• Use mobile banking only in trusted WiFi environments or with a secure mobile data connection.
• Be careful with links you receive in SMS or emails. Click links only from trusted sources. Find out more about how to spot a phishing email.
• Do not give applications access to unknown users.
• Always download and install the latest available version of the application from a secure source like the Google Play Store and the Apple App Store.
• Downloading applications from third parties or from unknown sources should be avoided.
• Update your contact telephone number details whenever you change your phone number, to ensure you receive mobile verification codes to your updated number.
• Don’t store sensitive information such as passwords, User IDs etc on your phone or computer outside secure password stores.
• Protect smartphones against viruses and malicious programs. Use Virus scanners or appropriate security programs, which can be found on the Google Play Store or the Apple App Store.

Firewall

Our firewall prevents unauthorised external access to data in our systems.

Multi-level encryption and identification systems

These ensure unauthorised persons cannot enquire about your data, receive it or make it readable. When submitting personal data on the internet via our website, your data is encrypted by SSL (Secure Sockets Layer). This encryption is identifiable because an ‘s’ is added to the ‘http’ of the internet address.

Password protection

Your username and password are your virtual key for accessing your Raisin UK Account. After 15 minutes of inactivity you will automatically be logged out.

Secure personal mailbox

You can find your Raisin UK mailbox by logging into your Raisin UK Account. Your mailbox stores all electronic information you receive from Raisin UK, and you can also send messages to our Customer Services team through this. We will not send security-related information to your personal email address, only to your personal Raisin UK mailbox as this is entirely secure. This guarantees that only you have access, and that communication cannot be accessed by third parties, since messages to and from the mailbox are encrypted. You will receive an email to your registered personal email address when there are new messages in your Raisin UK mailbox.

Mobile verification codes

A mobile verification code is required to authorise orders and transactions in your Raisin UK Account. When you initiate an order or transaction, a mobile verification code is generated and sent by SMS to your mobile phone. You can then enter this in your Raisin UK Account to confirm the order.

Data Encryption

All customer data is encrypted using industry best practices.

Deposit protected banks

Raisin UK works only with FCA-regulated banks and building societies offering deposit protection. Find out more about deposit protection at Raisin UK.

Perimeter Security

We have deployed Defence in Depth Architecture using a network firewall, web application firewall, DDoS protection layer, and a content delivery network. We have strict network segmentation and isolation of environments and services in place.

Standards and Certifications

We have implemented an Internal Control system aligned with industry-standard security controls that helps us protect all our customers’ data in a highly secure manner. We are audited by external certified auditors from a reputed firm for an ISAE 3402 Type 2 audit.

We go through a Privacy Certification Audit every year from reputable third-party auditors. We have implemented industry-standard best practices to ensure the privacy of our customers’ data.

Responsible Disclosure

We at Raisin are committed to our customers' data and privacy. We incorporate a variety of measures throughout our website to ensure our systems remain secure. Our overall data and privacy security allows us to defend our systems from smaller security issues to large-scale attacks.

If you are a security enthusiast or a researcher and you have found a possible security vulnerability on Raisin, we encourage you to report the issue to us responsibly. You can submit a bug report to us via our Vulnerability Disclosure Program with detailed steps required to reproduce the vulnerability.

If a bug is reported to us by you in this manner, we shall put our best efforts into investigating and fixing any legitimate issues in a reasonable time frame. In the rare instances where this might happen, we would request that you not publicly disclose your reports until we have had a reasonable opportunity to identify and remediate the issue and confirm this to you.