Skip to content

Security

Our promise

"Capital One promise to protect you from fraud, monitor your account and resolve any problems"

Becoming a Capital One customer means you receive a range of free services to help protect you against fraud and identity theft. Your safety and security are our top priority. We're committed to protecting your personal financial information.

Return to Safety and security centre

How we protect you

Firewalls and encryption

We're serious about protecting your data. Sophisticated firewalls keep potential threats out, while intrusion detection software tells us when someone is trying to get unauthorised access to our systems. All of our customer data is also encrypted, meaning only you and Capital One can see your personal information.

Multi-Factor Authentication

One way we help keep your information safe is by using multi-factor authentication. This adds a second level of security on top of your usual password. This could be a security question, a one-off code sent to your phone or even your fingerprint to access our app, just so we can be sure it's really you.

Protecting yourself

Here are some key points to remember to ensure your Capital One account remains safe and secure:

  • 'P' in PIN stands for 'Personal' - we will never ask for this when we speak to, or email you, so never provide it to anyone who asks for your PIN

  • Know who's receiving your details - your financial details are only for those people you trust

  • Passwords of steel - use secure passwords and don't use the same password on different websites

  • Treat computers to a spa day - install, update and regularly run anti-virus software on your personal devices

  • Delete odd looking emails - don't open attachments or click on links in emails from unknown senders and never give out your details if you have clicked on an email link

Lost or stolen card fraud

Don't know where your credit or debit card is? Is it lost or stolen? Someone could be trying to use it, posing as you so it's important to act quickly. Call your card issuer so they can turn off your card and send you a replacement.

Memorise your PIN

Don't write it down, that makes it too easy for others to find and use.

Do you need to carry all those cards?

If you carry cards that you don't use consider leaving them in a safe place at home, this reduces the risk of losing them and not realising.

Email security

Emails that ask for a reply or link to a website asking for personal information, like usernames, passwords and credit card details are probably trying to trick you into giving up this information. This type of scam, where emails, texts or phone calls can appear to be from your bank or another trusted organisation, is called 'phishing'.

3 Types of Phishing Scams

Suspicious emails - Be careful what you click on

Not all emails can be trusted. Emails that sound too good to be true or claim your account has been compromised and want you to re-confirm your security details, they're probably fraudulent. If you're not sure an email is genuine don't click any links or open any attachments. If you need to check, go directly to the relevant website using a trusted web address or use a secure app.

Suspicious phone calls - Don't give out your personal information

If an unknown number calls you directly and asks you to provide personal information like your credit card information or login details, don't give them. Instead you should hang up the phone and call the company directly on a trusted number to check the request is legitimate

Suspicious text messages - Keep your details to yourself

If you get a text message that appears to be from a genuine company asking for your personal information don't reply or click any links in the message. A legitimate business will never ask you to reveal your card number, username, password, or National Insurance number via text message

If you get a suspicious email, phone call or text message claiming to be from Capital One, please let us know:

  • Forward any suspicious emails to ukecrime@capitalone.com

  • Report any suspect phone calls to ukecrime@capitalone.com. Remember to include the number and the information the person was trying to get.

  • If you get a suspicious text, take a screenshot of the message and send it to ukecrime@capitalone.com. Include the sending phone number and the content of the message, then delete the text message from your phone.

How to recognise a real Capital One email

  • We'll always quote the last 4 digits of your account number

  • We'll never ask for personal details about you or your account

  • We'll never ask for your PIN or online password

It’s a good idea to regularly check your account for suspicious transactions or changes you weren't expecting. If you think you've been tricked by a phishing email claiming to be from Capital One forward it to us atukecrime@capitalone.comand call us using the number on the back of your credit card to secure your account.

Using public internet access

To stay safe whenever you use your card here's a few tips for when you're using the internet in public, such as coffee houses, hotels or restaurants.

Only shop on your personal devices

When you use public networks or computers you've no way of knowing if the computer is infected or whether the network is secure. It's safer to shop online from home or on your phone, with security protection installed.

Always sign out

Don't leave a browser open or signed in to your account on a public computer. Always log off and shut down when you've finished, and don't choose the 'remember me' feature for your username and password. If you leave yourself signed in, or save your sign-in details, your account will be accessible to the next person who uses the computer.

Check for Secure Sites

Look for an 'https' or a lock symbol next to the site's URL in the address bar of the browser you're using. Sometimes the address bar will also turn green. This is to show that the web page you're looking at is encrypted and secure.

Device security

It's important to protect your smart mobile phone and computer from security threats, so you can minimise the risks and feel confident about internet banking and shopping. Here's some information about the threats and how to protect against them.

Mobile security

Today's mobile technology makes fraud easier, especially through mobile malicious software, also known as malware. This lets criminals take control by downloading software onto your mobile, normally by tricking you through hoax texts, fake mobile apps, or by hacking your mobile through unprotected wi-fi connections.

Keep your mobile infection free

If your phone is infected, fraudsters could make calls (e.g. to premium rate numbers), access internet banking, social networking and online shopping. In places with unsecure wi-fi, they could access personal information and even your cash. It's like a fraudster having your debit card and PIN, and you may not realise it until it's too late.

Top tips

Make your phone useless to others

Locking mobile devices prevents access to any information you have stored in the event of you losing that device.

Don't feel blue

Turn off your bluetooth when you're not using it to stop unwanted messages that could contain malware.

Block premium calls and texts

By getting your phone company to block your phone from making premium calls and texts it stops potential criminals using it for this purpose, and means no accidental high costs by yourself.

Be app-aware

Ensure you trust the source of the app you're downloading and that you know it's not going to damage your device.

Computer Security

Keep the doctor away

Install anti-virus and anti-spyware software on your computer or laptop. This scans your computer to detect and remove software that can damage it. There are free and subscription-based services.

Microsoft protection

Microsoft offers a simple, free anti-virus programme to all genuine Windows users

Security Essentialsopens in a new tab

Have a regular detox

Run anti-virus scans regularly, just installing it isn't enough. You can set it to run and update automatically so you don't need to remember and the same goes for your internet browser and operating system.

Free check up now!

Scan your computer for malware (malicious software) free with Eset, a third party who provide this service. Scan nowopens in a new tab

For expert tips on how to protect your computer, and what to do if a virus attacks it, visit Get Safe Onlineopens in a new tab

Please note: we've provided these links to help make your online experience safe and more secure. We can't accept responsibility or liability for the content or availability of these sites

Phone and investment scams

Avoiding being conned on the phone

Fraudsters can call claiming to be a company you trust, asking for personal security information, or perhaps suggesting you download software from their site. They may even try to persuade you to hand over your credit card number or PIN. Examples we've heard include the fraudster saying you card needs to be returned, and that a courier will pick it up, with your PIN. Capital One would never do this.

Investment scams - too good to be true

There are businesses who use high-pressure sales to sell 'guaranteed' investments promising huge returns. These so-called 'investments' are worthless, over-valued or fictional stock in unquoted companies. These investments can often look and sound legitimate. They can mention companies you've heard of, register a UK address or phone numbers and create convincing websites. If they think there's any chance of a sale, they will persist, for months if necessary, and have caught out even seasoned investors. According to the FCA, investment scam victims lose on average £20,000. The bottom line is that if an opportunity sounds too good to be true, then it certainly is.

Report scams

Report a Suspected Vulnerability

Capital One is committed to maintaining the security of our systems and our customers' information. We really appreciate and encourage security researchers getting in touch to tell us about potential vulnerabilities found in any application, system, or asset belonging to Capital One.

For more information on how to submit potential vulnerabilities, visit our Responsible Disclosure Program.