Skip to content
Log in

Your security online

How to keep yourself safe and secure online.

Steps we take to protect you


Email communication

Principality has taken steps to secure our email. However there are always risks to communicating via this method. If you choose to communicate with us via email, you confirm you accept the risk of doing so.


Your data

Any information we collect and pass on, if you have opted in to do so, is secured at the same regulatory level. Some of our services are provided by suppliers who are either outside the European Economic Area (EEA) or may transfer your personal information outside the EEA (for example, fraud-prevention agencies, email services, cloud-hosting services, back-up servers or disaster-recovery services). Our contracts with these suppliers’ state that they must meet the same standards of protection as required in the EEA.

PBS website domain

Secure connection

Any information you send to us when you're on our website is transmitted using HTTPS, which is a secure connection. Information you send or receive through Your Account is kept secure through encryption. This stops unauthorised individuals from accessing your data.

If you are unsure if HTTPS is active, look out for “https” at the start of the web address and the Padlock located in your web address bar.

Note: The padlock may be displayed differently across each browser.

If you do not see “https” or a padlock, it’s advised that you don’t continue or enter sensitive information e.g. username and password and you exit the site. This is because it could be a website impersonating Principality. 



If you see http instead of https at the start of the website address/url, this is an unsecure webpage, and you should not share personal information. 

Keeping yourself safe online

We want you to stay safe when using Your Account

All UK banks and building societies carry out extra security checks commonly known as Strong Customer Authentication (SCA). SCA is designed to help us all fight fraud and improve the security of online payments. This process makes sure it’s really you and is known as two-factor authentication (2FA), which asks a customer for two of the three categories shown below to verify yourself.


1. Something you know

Password: A strong password should have 10 or more characters; including capital letters, symbols and numbers.
Security question: Your Account-registered customers must select 3 security questions, in case they forget their password.


2. Something you have
We will send a passcode to your mobile phone when you log in to Your Account, so it’s important we’ve got the right number. This mobile phone must be yours and not shared with anyone else. If we don’t have your current number, we cannot send you a passcode and you won’t be able to log in.

3. Something you are
Some high street banks have started to use biometric security e.g. something you are. This can be retinal or facial scans, voice recognition, or fingerprints. Most mobile phones have some form of biometric options available for security purposes. Currently Principality’s SCA only uses the first two categories when you log in to Your Account and when you move money to your linked account. 

Passwords are a crucial part of computer security. Weak passwords can now be instantly compromised by malicious individuals with automated software.

What can you do to create a strong password?


Do:

  • Use 10 or more alphanumeric characters, your password ideally should be as long as possible, whilst remaining memorable.
  • Use at least one capital letter.
  • Use at least one number.
  • Use at least one special character (e.g. @, #, $, %, * and +).
  • Use a phrase that contains unrelated words. For example, you could combine 3 words together, pizza, snow, and car to create pizz@sn0wCar!
  • Change your password straight away if you think someone knows it.


Don’t:

  • Use personal information (birthdays, addresses, phone numbers and names of family or pets).
  • Recycle passwords (e.g. Password1 to Password2).
  • Share passwords with friends, family, or colleagues.
  • Share your password with businesses - legitimate businesses including Principality will never ask you for your password.
  • Write down passwords.
  • Use the same password across multiple accounts.
  • Use work-related information such as building names, system commands, companies, hardware, or software.

Using an unsecure connection can mean that people can listen in on your internet activity, which could include personal sensitive data.

Using websites with the padlock symbol in your web address bar, will help protect your information.


Make sure you:

  • Close the browser once you complete your transaction or wish to take a break (most genuine online services will time you out).
  • Don’t use a public computer to access your online accounts because you cannot be certain it’s safe and secure. It could be infected with a virus that will try to collect your password or other personal information.
  • Use an email account that is not shared with other family members to keep your communications confidential.


Connecting to a public Wi-Fi network can be useful, however it does pose security risks:


  • If the connection is unsecure, anyone in nearby area also connected to the public Wi-Fi network could potentially monitor and access the information sent between your device and the network, so don’t conduct sensitive business while connected.
  • If you have Wi-Fi at home, you should change the default password assigned to your wireless router provided by your supplier. You can check your supplier manual on how to do this.

Software and app companies continually develop their products by releasing security updates to make them more secure. These updates are primarily to fix any vulnerabilities that cyber criminals could exploit to access your personal sensitive data.

Malware, like viruses, trojans, adware or spyware among others, infect your computer with malicious software that could steal your personal information. Installing security updates as soon as possible will reduce the risk of your data being stolen.

You will receive prompts and notifications on your device to inform you of an update.

If you haven’t been prompted to update your web browser by the browser itself, you can check What is My Browser? to see what version you’re using and, if necessary, download and install the latest one. Please note we are not responsible for any information on external websites.


Tips to help protect your device:

  • Keep all software and applications up to date.
  • Avoid conducting personal tasks when connected to unsecured Wi-Fi points (such as online banking or email).
  • Be wary of what you’re downloading, not all applications are legitimate and safe.
  • De-activate Bluetooth capability when not in use.

    Antivirus protection
    Antivirus software detects, prevents, and removes malware. Malware is malicious software that is designed to disrupt, damage, or gain authorized access to a computer system. However, antivirus is only effective if it is kept up to date. Most antivirus software includes an auto-update feature. It is recommended that this is always enabled. 

    Fire wall protection
    A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Your computer will have a built-in firewall that must not be turned off or have its settings amended unless you know what you are doing.

Our official social media channels are:

Linkedin: Principality-Building-Society
Facebook: PrincipalityBS
X (formerly Twitter): @PrincipalityBS
Instagram: principalitybs
Tik Tok: principalitybs
 
We sometimes run competitions on our social media channels. We will only use the above social media channels to run these competitions.   

Any communication that does not come from our official channels is not Principality Building Society and should be disregarded.  

Please note we will never ask you to supply any personal or sensitive information via our social media channels, including links to login pages, or to confirm bank details. If you receive information that you think is not from Principality Building Society, please email phishing@principality.co.uk.