Security Centre for Clients

LOOKING AFTER YOU AND YOUR MONEY

Security is an essential part of the business we run and the service we deliver at Transact.

First of all we keep your account secure so that only you, your adviser and designated third parties (such as a discretionary investment manager) are authorised to have access. Then we ensure that we hold your investments securely and in accordance with your instructions – guarding your
privacy and access.

With that in mind, we wanted to share with you some of the steps we take, and also what you can do to keep your data and your investments secure.

How to keep your investments secure

One of our key objectives is to minimise the risks involved in operating in today’s digital world, therefore our business processes are designed with security in mind. To that end:

Keeping your investments secure
  • Your investments are held securely by our own in-house authorised custodian.
  • We follow best practice and the standards established by the National Cyber Security Centre.
  • Data is stored safely – look for the padlock against our domain in the address bar.
  • You can access our website using Secure Sockets Layer (SSL) which provides a level of encryption so that data cannot be intercepted and read between your browser and our servers.
  • We send you notifications and alerts, according to your preferences, to confirm when there has been activity on your account.
  • Please make sure we hold your up-to-date email and postal address so that you don’t miss the notifications we send you. Adding your mobile phone number helps too and makes it easy for you to enable the two-step verification facility when you log in.
  • We verify bank accounts to ensure they are held in your name. This helps us verify your identify and ensures we only pay to a verified account held in your name. You should then make sure your bank account details are kept up to date.
Data Protection
We abide by the UK General Data Protection Regulation and the Data Protection Act 2018 which set out the data protection rules governing how we access and use your data. Appropriate privacy notices are available whenever you share data with us. We look after your data in line with these notices and have detailed processes and procedures in place to protect your data when it is in our care.
Fraud awareness update
According to the Office of National Statistics and UK Finance, from July 2020 to July 2021, reported losses caused by fraud and cybercrime was £2.7 billion. More than £335 million was lost in the first half of 2021 to bank transfer scams and this trend continued throughout 2021 and into 2022.

In our experience, no individual or financial institution is immune to fraudsters and criminals. Fraudsters are constantly evolving and developing new methods to circumvent anti-fraud controls and defraud clients. It is therefore important that you and us at Transact continually review and establish controls as well as keep update-to-date with current fraud risks, in order to keep your money safe.

In 2022 we have continued to see an increase in impersonation scams involving fraudsters targeting bank accounts, payments and payment details.

Below are some best practices and advice which can help reduce the risk of fraud:

  • Where possible send money electronically and avoid posting cheques if possible. Transact’s bank details can be found via our website or on portfolio opening documents.
  • Be wary of any bank details sent to you via email and always conduct your own checks, such as checking websites or by calling the intended payee.
  • Be aware of warning messages prior to making payments via your online banking. The majority of large banks have now implemented the confirmation of payee service which helps to make sure payments aren’t sent to the wrong bank account.
  • If it is necessary to send a cheque or other important documents via post send these by recorded delivery to ensure they reach the intended recipient.
  • Never give your bank passwords or verification codes out over the phone – financial institutions will never ask for these.


Video guides

Below is a suite of videos giving you an introduction plus information covering common scams, some top tips and the security Transact Online provides. These videos introduce you to George Quigley. George is a certified security and data privacy professional with extensive experience gained across consulting, advisory and audit roles. He is also the director at Foulkon Ltd, specialists in cyber security, and provides some very useful insights to help you feel safe and secure online.

Transact Videos

What you can do to improve security

Follow the simple steps below to make your personal data and investments more secure. Visit: ncsc.gov.uk/cyberaware/home for more guidance on improving your personal cyber security.

Security tips
  • Never share your full password or your access details with anyone.
  • Ensure you use unique, strong passwords for all your online accounts such as emails and banking. Use a combination of uppercase and lowercase letters, numbers and special symbols.
  • Add two-step verification to your Transact Online (TOL) account.
  • Add two-step verification to your personal email accounts such as Gmail or Hotmail.
  • Check the email address of the sender before you reply – it may be very close but not correct.
  • Only open email attachments that you are expecting and never click on links that look suspicious – if you hover your cursor over the link you will see the URL of the website it will take you to so you can check if the details are correct.
  • Do not provide personal details unless you have checked-out whoever is asking.
  • Beware of phishing scams trying to gain snippets of your personal data in order to build a “bigger picture” of you.
  • Keep your anti-virus software up to date.
  • Check the content of your email account regularly – fraudsters may create hidden folders to hide fraudulent activity. Check and clear your spam folder regularly.
  • Be wary of your environment when accessing your account. Make sure no one can see your screen and limit use in public places, or anywhere that Wi-Fi is not secure.
  • Log out and close down sessions securely.
Identity Theft
  • Check your online accounts and email notifications regularly.
  • Act quickly and investigate anything that looks out of the ordinary.
  • Keep your personal valuable documents in a safe and secure place.
  • Discard paper correspondence carefully using, for example, a shredding machine.
  • Remove any data from all devices that you pass on or throw away.
  • Run a credit check report to see if any credit or loans have been applied for in your name.
  • Inform your bank as most fraudsters will target your bank accounts. Your bank will be responsible for investigating this and reporting it to the police.
  • Refer to action fraud: https://www.actionfraud.police.uk/a-z-of-fraud/identity-fraud-andidentity

Scams to be aware of

X

We have seen an increase in the number of fraudulent attempts that originate from clients’ personal email accounts and computers being compromised. Over the last year we have identified that there has been an increase in the following types of fraud:

  • A client’s email is compromised – the fraudster impersonates the client by contacting the client’s adviser about withdrawals and attempts to divert the money to their own bank account.
  • An adviser’s email is compromised – the fraudster impersonates the adviser by sending the client their own bank account details but presenting them as the Transact bank account details.

Since Omicron, a new variant of the COVID-19 virus, became prevalent there have been cybercriminals creating Omicron-themed phishing scams.

In one phishing email, cybercriminals impersonate the United Kingdom’s National Health Service (NHS). The email appears to be an offer for a new COVID-19 Omicron PCR test. If you click the link within the email, you’re sent to an NHS look-alike website where you are asked to provide your personal details and payment information. Any information you enter on this fake webpage is delivered straight to the cybercriminals.

Follow these tips to avoid similar phishing attacks:

  • Although the scam is to impersonate the NHS, you may also see hackers from other countries using a similar scam. Watch out for suspicious emails from both local and global health organisations.
  • Never click on a link within an email that you weren’t expecting, even if the email appears to come from an organization you recognise.
  • Stay informed about the Omicron variant by following local news and other trusted sources.
X

We have seen an increase in the number of fraudulent attempts that originate from clients’ personal email accounts and computers being compromised. Over the last year we have identified that there has been an increase in the following types of fraud:

  • A client’s email is compromised – the fraudster impersonates the client by contacting the client’s adviser about withdrawals and attempts to divert the money to their own bank account.
  • An adviser’s email is compromised – the fraudster impersonates the adviser by sending the client their own bank account details but presenting them as the Transact bank account details.

Since Omicron, a new variant of the COVID-19 virus, became prevalent there have been cybercriminals creating Omicron-themed phishing scams.

In one phishing email, cybercriminals impersonate the United Kingdom’s National Health Service (NHS). The email appears to be an offer for a new COVID-19 Omicron PCR test. If you click the link within the email, you’re sent to an NHS look-alike website where you are asked to provide your personal details and payment information. Any information you enter on this fake webpage is delivered straight to the cybercriminals.

Follow these tips to avoid similar phishing attacks:

  • Although the scam is to impersonate the NHS, you may also see hackers from other countries using a similar scam. Watch out for suspicious emails from both local and global health organisations.
  • Never click on a link within an email that you weren’t expecting, even if the email appears to come from an organization you recognise.
  • Stay informed about the Omicron variant by following local news and other trusted sources.
X

We have seen an increase in the number of fraudulent attempts that have originated from unknown numbers sending SMS messages purporting to be from a financial institution such as HSBC. The messages aim to make their target alarmed and take action to stop the proposed scenario. One such example is a message declaring a new payee has been setup on your account and if this was not you, please click the following link. The link would then either request your bank account details or scalp information off your device.

If you do have any concerns then please contact the financial institutions using trusted details, e.g. a phone number which you have located on their genuine website. Please remember a financial institution will never ask you for sensitive information via SMS or email.

X

We have seen an increase in the number of fraudulent attempts that have originated from unknown numbers sending SMS messages purporting to be from a financial institution such as HSBC. The messages aim to make their target alarmed and take action to stop the proposed scenario. One such example is a message declaring a new payee has been setup on your account and if this was not you, please click the following link. The link would then either request your bank account details or scalp information off your device.

If you do have any concerns then please contact the financial institutions using trusted details, e.g. a phone number which you have located on their genuine website. Please remember a financial institution will never ask you for sensitive information via SMS or email.

X
  • Refer to Transact Online (TOL) in the first instance where possible. If you cannot find what you are looking for then speak to your adviser or contact us
  • Ensure you keep your portfolio information up to date in the event you move address or change any personal data such as your contact details
  • Proceed with caution when receiving payment information such as Transact’s bank details via email. Consider the following:
    Are the details the same as per TOL and Transact forms?
    Have you previously paid into this account and are the details the same?
    Have you spoken with your adviser?
  • Ensure the back account name matches before sending any payments. The majority of UK banks now match the payee name against the bank account you’ve entered. If you receive any warning prior to proceeding you should re-check the bank details entered. Do not send money unless you are certain the bank details relate to the genuine person or business
  • Ensure your passwords are secure and complex. Passwords should not be easily guessable. Never share your password or account detail
  • Add two-step verification on your TOL and email accounts
  • Ask yourself “Is this activity uncharacteristic, written badly or simply odd?” When checking communications from your adviser;
    check email trails. Fraudsters tend to use old emails and change the subject in order to obtain information;
  • Always check the email address. Fraudsters will often set up fake accounts with very similar email addresses;
  • Only open email attachments that you are expecting and never click on links that look suspicious – if you hover your cursor over the link you will see the URL of the website it will take you to so you can check if the details are correct;
  • Do not send personal or sensitive information in the body of emails;
  • Keep your anti-virus software up to date.
X
  • Refer to Transact Online (TOL) in the first instance where possible. If you cannot find what you are looking for then speak to your adviser or contact us
  • Ensure you keep your portfolio information up to date in the event you move address or change any personal data such as your contact details
  • Proceed with caution when receiving payment information such as Transact’s bank details via email. Consider the following:
    Are the details the same as per TOL and Transact forms?
    Have you previously paid into this account and are the details the same?
    Have you spoken with your adviser?
  • Ensure the back account name matches before sending any payments. The majority of UK banks now match the payee name against the bank account you’ve entered. If you receive any warning prior to proceeding you should re-check the bank details entered. Do not send money unless you are certain the bank details relate to the genuine person or business
  • Ensure your passwords are secure and complex. Passwords should not be easily guessable. Never share your password or account detail
  • Add two-step verification on your TOL and email accounts
  • Ask yourself “Is this activity uncharacteristic, written badly or simply odd?” When checking communications from your adviser;
    check email trails. Fraudsters tend to use old emails and change the subject in order to obtain information;
  • Always check the email address. Fraudsters will often set up fake accounts with very similar email addresses;
  • Only open email attachments that you are expecting and never click on links that look suspicious – if you hover your cursor over the link you will see the URL of the website it will take you to so you can check if the details are correct;
  • Do not send personal or sensitive information in the body of emails;
  • Keep your anti-virus software up to date.

Scammers targetting retirement pots

According to a FCA press release, across the industry a total of £2,241,774 has been reportedly lost to pension scammers since the start of 2021 (January 2021 – May 2021). The average loss this year was £50,949, according to complaints filed with Action Fraud. More than double last year’s average (£23,689). The FCA press release states that some victims of pensions scams are reluctant to report that they have been scammed or do not realise they have been scammed until years later, so the total amount lost may be much higher.

Five common warning signs of a pension scam, according to the FCA
  1. Being offered a free pension review out of the blue.
  2. Being offered guaranteed higher returns – claiming they can get you better returns on your pension savings.
  3. Offered to help to release cash from your pension, even though you’re under 55.
  4. High-pressure sales tactics – scammers may try to pressure you with ‘time-limited offers,’ or even send a courier to your door to wait while you sign documents.
  5. Unusual investments which tend to be unregulated and high risk.
What you can do to protect your pension
  • Be cautious of any out of the blue free pension advice or review (remember if it sounds too good to be true it probably is).
  • Check if the person providing advice is regulated. The FCA regulates firms and individuals that provide financial advice.
  • Don’t be rushed or pressured to make a decision, this even means turning down an amazing deal.
  • Seek impartial advice or information prior to making any financial decisions.
  • Check if the scheme is registered with HMRC.
  • Do not click on suspicious ad pop-ups when browsing the internet or suspicious emails as these can be used to harvest your personal information which can lead to a bigger scam.
  • Do not give out personal or account information.
  • Never share passwords to any of your online accounts.

We share only a small level of detail of the security measures we have in place. That way, you can be confident that your investments are safe, and fraudsters can’t use what we share to their advantage. However, if you would like to know more or have any specific questions, please do call and we will address your queries.

If at any time you suspect the security of your account has been compromised, then please contact us immediately. We will act swiftly to lockdown your account, minimise the impact where we can, and prevent further harm.

Additional resources