Security & fraud
Your security is our priority
At Redpin we’re committed to helping you protect yourself against fraud.
Our group companies have internal measures in place to help keep your transfers secure and protect you from fraud, but there are important steps you need to take to defend yourself from external threats. We rely on you to check that the person you’re paying is genuine and that the account details you’ve been given are correct. Fraud has become a big risk for everyone. Unfortunately, we can’t always recoup money that’s been sent to a criminal.
Security
Password security
You need a password for just about everything these days. When you’ve got so many logins to remember it’s easy to fall back on the same old memorable words and phrases.
But, as tempting as it is, using your birthday or pet’s name just won’t cut it if you want to keep your account secure.
Here are our top tips for creating super-secure passwords.
Use 12 characters minimum
There are no set parameters about the ideal password length, but 12-14 characters is generally a good rule of thumb.
Include a mixture of numbers, symbols, capital letters and lower case letters
Sites don’t ask for convoluted passwords to be tedious – a mixture of different character types makes your password harder to crack for fraudsters’ software.
Don’t get personal
In the age of information, your birthdate, place of birth and cat’s name are all too easy to find online. Passwords based on key personal information are far easier to work out than passwords based on seemingly random words or phrases.
But, even if personal stats play no part in your passwords, it’s important to have as much control as possible over what information is accessible online.
Check the privacy settings on social accounts, read privacy policies on websites you frequent (particularly if you have a profile of some sort on them) and think twice before taking part in online surveys and quizzes that ask for access to your social media profiles.
Make it a strong one
When it comes to creating a password think outside the box and use an unusual combination of words (replacing letters with special characters and numbers which aren’t like the original letter).
For example, bLuesWan37?? fits all these requirements and would take a computer 63,000 years to crack. Two random words will give you a pretty strong password, but three is even better. bLuesWan37??Guit@r would take 380 quadrillion years of computer cracking time!
Check your password strength
If in doubt about the strength of your password, run it through a secure, reputable online checker. It will tell you how long your password would take to crack, giving you the opportunity to try out different combinations until you’ve got the Fort Knox of passwords.
Use a variety of passwords
Creating these super secure passwords and having to remember confusing combinations makes it tempting to use one for multiple platforms – but in doing that you undo all the good of creating a secure password in the first place.
If a fraudster gets hold of a password for one account, they’ll be able to access many. Use a variety of passwords to guard against breaches and to minimise damage if one of your accounts is compromised.
Sharing is bad (when it comes to passwords)
Never, ever share your password with anyone. One of the issues with having complicated passwords is that people are tempted to write them down so they don’t forget them – resist that impulse and try to commit new passwords to memory.
You should also set a reminder to change your password frequently.
At Redpin, we will never ask for your password, and you shouldn’t share it with us even if it appears that we’ve asked you to.
If you have any concerns that your password is no longer secure, change it immediately.
Changing your password is simple, just follow this link.
Computer, mobile and tablet security
Everyday web use could expose you to opportunistic fraudsters if you don’t take steps to protect yourself.
Here are some simple tips for keeping on top of computer, mobile and tablet security.
Keep your computer healthy
Make sure you have active anti-virus software, and that your software and applications are regularly updated (patches and updates often address security issues in programmes and applications).
The P-word
Make sure your home wi-fi is password-protected – and be sure to use our tips in the password security section to make it a strong one.
Forget me, forget me not
If you’re using a computer which isn’t yours don’t tick the ‘Remember me’ option, and make sure you log out once you’re finished.
Public safety announcement
When connecting to a public network (in a bar or café, for example), make sure it’s one you trust. We recommend not connecting to public access networks whenever possible as they’re often a target for cyber criminals. If you’re in any doubt when you’re out, it’s better to connect using mobile data than public wi-fi.
Additionally, if you’re logging in to secure sites in public check your surroundings thoroughly to make sure no one is looking over your shoulder.
Click bait
When generally browsing the web, be careful not to click on any suspicious looking links or pop-ups.
Typical fraudster tactics include offers of prizes, threats, urgency or even blackmail, with messages like ‘You’ve won £1000! Click here to claim’, ‘your computer is under attack! Click here...’, ‘do this or your account will be restricted…’, or ‘you’ve accessed illegal content, click here to avoid legal action…’
Select security information carefully
When setting ‘security information’ (like answers to security or forgotten password questions) always be aware that any information you’ve shared via social media (or other web resources) may well be accessible to hackers and fraudsters.
Where possible pick questions that only you are likely to know the answer to.
The genuine article
If you’re visiting our website always type the address directly into the search bar or select it from a web search, and make sure you’re checking for these signs of authenticity:
Invalid security certificates popping up in your browser could be a warning that you’re visiting an untrustworthy site. Ours are always valid.
Check the URL. Fraudsters try different spellings, characters and punctuation to take you to their ‘fake’ websites. That’s why we recommend navigating with the address bar or a trusted search engine.
Check the address bar or links you hover over contain ‘https://’ – this means the site and links on the page are secure.
Check the locked padlock symbol in the address bar, this indicates that the data shared between you and the site you’re using is encrypted and secure. Some fraudsters have wised up to this and use encryption, so check for all signs of authenticity when visiting a website.
Sending funds securely
When making an overseas payment you should always have confidence in the legitimacy of the recipient of your funds.
Verify your recipient’s information and the reason for transfer, and never be rushed or pushed into moving funds if you aren’t 100% comfortable with the payment.
Email security
We like to talk currency, and we like to make sure our customers have access to all the insights they need to make an informed decision about their currency transfers.
This means we send several different types of email communications to our customers, from daily market updates, to transactional emails and product updates.
You’ve got mail
If you receive an email from Redpin or any Currencies Direct or TorFX company, give it a proper scan and make sure you’re confident it’s been sent by us before clicking any of the links within the email.
If there’s anything unusual about the communication or if you have any concerns at all, check with us by contacting your account manager directly or emailing [email protected].
Things to look out for:
The branding/design looks different – While our style has changed over the years and will continue to evolve, certain characteristics (like our distinctive logo) should always be present.
You’ve received two emails in quick succession giving you alternative instructions – please get in touch with us on the methods mentioned above if you receive conflicting communications.
The email contains a request which seems out-of-the-norm – we never ask for personal details through an email, threaten to change your account if you don’t click on a link, or ask you to provide your login details.
Poor spelling and grammar – we can’t guarantee we’ll never send the occasional typo (we’re only human!) but an email rife with spelling or grammatical errors is a sign that something’s not quite right.
The tone of the email is different – we’re never pushy or threatening. Always take your time when reviewing a communication or acting on one, fraudsters often try to scare you into acting quickly.
You don’t recognise the signature or the address the email’s been sent from – our sender’s addresses end in ‘@currenciesdirect.com’ or ‘’@redpincompany.com’’ or ‘’@torfx.com’’.
Links in the email direct you to unexpected places – our email links typically direct you to our own website. If you have any concerns we recommend that you manually type our web address into the search bar or log into our online service and app directly rather than clicking links within emails.
Unusual attachments – strange instructions to open attachments or download software could be a fraudster trying to sneak malware onto your device.
You’re a winner – If you don’t remember entering a competition, the chances are you didn’t! If a communication claims you’ve won a prize for something you have no memory of, don’t pursue it - contact your account manager or our customer service team and we can verify if the prize is genuine.
Finally, never ever click on email links or attachments unless you’re 100% sure the communication is from a trusted source.
If in doubt, check it out!
Telephone and text message security
Nuisance phone calls or text messages are nothing new, but phone scams can often sound convincing, and fraudsters attempting to contact you over the phone can be persistent.
Never let the person at the end of the phone put you under pressure or make you feel forced into taking fast action, and follow these top tips to protect your phone and text security.
Before you answer a call
Most mobiles are good at highlighting spam calls, but fraudsters are also good at appearing genuine with caller IDs.
If you have any doubts about the number calling you put it through a search engine.
Alternatively, if you think a call is from us but you aren’t certain, check it against the number listed on the ‘Let’s talk’ section of our website.
Once you’ve picked up
No matter what, never give out your passwords or key security information over the phone. It doesn’t matter who the person on the end of the phone claims they are, if they ask for your password or ask you to type anything into your keypad, hang up immediately.
Approach text messages with caution
We only send you SMS messages under specific circumstances – like your One Time Pin to activate your online account or notifications about rate alerts.
If you receive a text message asking you to reply with a password, to call an unfamiliar number, or to click on a link, ignore the message and contact your account manager or our customer services team for verification.
What to expect
Fraudsters prey on fear and cloud your judgement to get what they want. Some of the main tactics to be prepared for are:
Creating panic – they send warnings about suspicious behaviour or indicate that ‘an unknown device has accessed your account’.
Urgency – making you act fast means the fraudster avoids suspicion. Think twice if you’re instructed to ‘call urgently’ after ‘you’ve missed important calls’.
Sounding helpful – using helpful, friendly or professional language to add credibility is another trick, don’t be drawn in.
Following up a text with a phone call – again, fraudsters use this tactic to add credibility.
Online service and app security
While all the measures outlined in our online security section can help you protect your activities from fraud, our online service and app also have several inbuilt features for added protection.
Online service and app
PIN entry – we’ll ask you to enter your PIN at crucial points in the transfer process (like adding a recipient or making a transfer). Never share this with anyone. Our staff will never ask you for this information.
Transactional emails – we’ll send you an email confirming any transactions you make, so you’ll have a record of the latest activity on your account.
Your activity – You can view your recent and historic activity within the app and our online service.
You can also check all the devices that have accessed your account.
App only
Passwordless login – we’ll send a magic link to the email address you registered with, allowing you to log in securely without the need for a password.
Biometric authentication – depending on the handset you own, you can secure your app with touch or face ID.
Fraud
Reporting fraud
If you notice something suspicious or think you may have been a victim of fraud, please let us know as soon as possible by contacting us on +44 (0) 20 7847 9400 or [email protected].
Protecting yourself from fraud
We’re confident in the security systems we have in place but it’s vital that you stay vigilant too.
Our Fraud FAQs provide lots of useful information about protecting yourself from fraud, while our Help with fraud section has links to useful organisations.
Remember, an offer being too good to be true, being asked to send money out of the blue or being put under time pressure can all be warning signs. Never send a payment if you have any concerns and contact us immediately if you do – we’re here to help!
We can accept no responsibility for funds being sent to the wrong account based on the content of a fraudulent email, so always verify that any payment details sent or received by email are genuine, using a trusted source.
Fraud FAQs
I think I’m the victim of a scam in connection with my account. What do I do?
Contact us as soon as possible on +44 (0) 20 7847 9400 or [email protected]. Our customer services team are on hand to help 24/7.
You can also report fraud to the police via Action Fraud using their on-line reporting tool or by calling 0300 123 2040.
If you’re not based in the UK, inform the police or anti-fraud authorities in your own country.
I’ve lost my Currencies Direct multi-currency debit-card, what do I do?
If you’ve lost your Currencies Direct card you can freeze it immediately and report it as lost/stolen in the Currencies Direct App.
What can I do to protect myself against fraud?
These are some key actions you can take…
Keep all your personal ID documents (passport etc.) locked away and secure. The details in these documents can be used to steal your identity. Be extremely careful about who you share your personal details with as they can be used to set up accounts in your name.
Never share answers to security questions or passwords with anyone and don’t write them down.
If you’re sending money to us or to anyone else, double-check the bank account details before making the payment. Do this by getting the details direct from a trusted source. You can access our bank details securely through our online service and app. Consider sending a small payment first to check that the money has gone to the correct account.
If you’re buying property or making an investment, check the validity of the property or investment opportunity. Be wary of glossy brochures, celebrity endorsements and big promises.
Visit the Take Five to Stop Fraud website and read their advice on protecting yourself from scams.
The above isn’t a full list but it gives you an idea of the type of questions you should be asking. You’ll find more on this in our Scams to watch out for section.
How do I spot someone trying to de-fraud me?
We’ve listed a range of red flags based on different transfer requirements in our Scams to watch out for section. It’s crucial that you take the time to check that your payment isn’t falling into the wrong hands.
Scams to watch out for
The red flags and warning signs to look out for can differ depending on the reason for your payment. Below are some of the main things to be wary of.
Payments to friends, family, or someone you’re in a relationship with
Instances of relationship fraud have increased enormously in recent years.
Be particularly careful about sending money to someone you’ve never met in person, especially if you made contact via a dating app. Are they now asking for help with medical fees, housing or travel costs? Are they genuine?
Also beware impersonation scams, where you’re asked to send money to a family member who’s in trouble. Always contact that relation independently to check that a fraudster hasn’t got hold of their phone or hacked their social media accounts.
Making payment for goods or services
Have you checked that the goods exist, and that the supplier is genuine?
Be wary if you’re asked to pay a deposit or a big fee up-front as this could be an advance fee scam. Where possible, always check online reviews and get an invoice before paying anything.
Have you met the supplier? Do they have a registered business address? Are the contact details given by the supplier vague (maybe just a PO Box and a mobile or premium number)? Always verify that the person or business you’re dealing with is legitimate before sending a payment.
Paying estate agent or legal fees or some other bill
Fraudsters can intercept payments and redirect money to their own accounts, often by sending out a false invoice or email featuring their own account details. Make sure that the account details you’re paying into are genuine and think about sending a small payment first to check that the money has gone to the right place. This type of fraud is a particular risk in the property and real estate sector.
Funding an investment
If an investment sounds too good to be true (high returns and low risk), it could turn out to be a scam.
Be wary of dealing with any company that approaches you out of the blue and always check that the property or investment you’re buying exists.
Is the broker willing to supply his/her copy ID? Does the company promoting the investment have a registered business address? Are the contact details vague (maybe just a PO Box and a mobile or premium number?) What do the online reviews say?
Are you being put under pressure to buy? Always check the FCA Register to see if there are any warnings about the individual or company you’re dealing with and look at the FCA’s Warning List. Seek advice from an FCA regulated firm before going ahead.
Who else can help?
You can get additional help and advice on fraud from the following organisations: