Your Security Online

Online security is our number one priority

You probably already know a lot about staying safe online but it does no harm to remind us of the steps we should be taking to protect ourselves. Online security is our number one priority, so here’s how we keep you safe and what you can do to keep yourself secure and aware of dangers online.

Steps we take to protect you

When you use our site, we ensure that any information you send us is transmitted using a secure connection – called HTTPS. Any sensitive information you send or receive via Your Account will be kept secure through encryption. This means that no unauthorised individual can access your data.
If you are unsure if HTTPS is active, look out for “https” at the start of the web address and the Padlock located in your web address bar.

Secure website padlock example

Note: The Padlock may be displayed differently across each browser. 

If you do not see “https” or a Padlock, then it is advised not to continue; especially when entering sensitive information such as usernames and passwords.

The majority of email providers have adopted appropriate security controls to protect your information but we cannot guarantee the security of your specific provider. If you do choose to receive information by email you do so at your own risk. Read Phishing below for more details. 

Any information we collect and pass on, if you have opted in to do so, is secured at the same regulatory level. Some of our services are provided by suppliers who are either outside the European Economic Area (EEA) or may transfer your personal information outside the EEA (for example, fraud-prevention agencies, email services, cloud-hosting services, back-up servers or disaster-recovery services). Our contracts with these suppliers’ state that they must meet the same standards of protection as required in the EEA.

Use a secure network

Using an unsecure connection can mean that people can eavesdrop on your internet activity, which could include personal sensitive data. Use websites with the padlock symbol in your web address bar, as mentioned above, so your information is secure from snooping. Likewise, you should:

  • Ensure that the equipment you are using to access our online services cannot be overlooked by another person
  • When you have completed your transaction or wish to take a break, log-off from the service and close down your Internet browser
  • Do not use a public computer to access your online accounts because you cannot be certain that the public computer is safe and secure. It could be infected with a virus that will try to collect your password or other personal information
  • Using an email account that is not shared with other family members will help keep your communications confidential

Connecting to a public Wi-Fi network can be very useful, however it does pose security risks:

  • If the connection is unsecure, anyone nearby area also connected to the public Wi-Fi network could potentially monitor and access the information sent between your device and the network
  • If you have Wi-Fi at home, you should change the default password assigned to your wireless router provided by your supplier. You can change the password by following the instructions provided by your supplier through the manual.


Passwords are a crucial part of computer security. Weak passwords can now be instantly compromised by malicious individuals or automated software. 

What can you to do create a strong password?


  • Use 8 or more alphanumeric characters, your password ideally should be as long as possible, whilst remaining memorable
  • Use UPPER and lower case letters
  • Use at least one number
  • Use at least one special character (@, #, $, %, * and +)
  • Use a phrase that contains unrelated words - For example, you could combine 3 words together, pizza, snow and car to create pizz@sn0wCar


  • Don’t use personal information (Birthdays, addresses, phone numbers and names of family or pets) 
  • Don’t recycle passwords (e.g. Password1 to Password2) 
  • Don’t write or share passwords with friends, family or colleagues and change your password straight away if you think someone knows it
  • Don’t write down passwords 
  • Don’t use the same password across multiple accounts 
  • Do not use work-related information such as building names, system commands, companies, hardware or software

If you believe your ‘Your Account’ password has been compromised, report it immediately.


Phishing emails, (fake emails trying to steal your data) are more commonplace these days, and spotting them is easy when you understand what to look out for. Phishing emails are sent out to try and trick you into disclosing your personal sensitive information. These emails can pretend to be from your bank, your social media sites or eCommerce sites.

What to look out for if you think you’ve received a phishing email:

  • Check the actual sender – the sender email address and name may not match.
  • Be suspicious of attachments – attachments could contain malware that will infect your device when opened. Only open attachments you are expecting and trust.
  • Check grammar and spelling – poor spelling and grammar is a key sign of Phishing.
  • Be aware of urgent decisions – phishing emails to try pressure you into clicking links within a certain time period
  • Be careful with links – malicious links can be masked using legitimate web addresses. You can hover over the link and see if it matches its true destination.

We will never ask you to:

  • Disclose your online banking details
  • Move money or transfer funds to a new sort code and account number
  • Complete an action in a threatening way – phishing emails contain threats of account closures or suspension
  • Send us personally sensitive information or security information such as passwords via email

Don’t rush into opening an email or answering a call if you are concerned it is not legitimate. If you are ever in doubt about whether an email is genuine, do not click on the link or open any attachments. It could be a phishing scam or trojan: both are disguised as something useful but when activated, can cause loss, damage or even theft of data. Please forward it to us at Likewise, if you are concerned about a phone call you have received, contact us via the number on our website or visit your local branch. We will never ask for your full password over the phone.

We will investigate every email and call and ensure that bogus websites are closed down as quickly as possible. Personal information supplied will be held in accordance with our Privacy Policy.

You can read more about phishing here


Keeping your software up-to-date

Software and app companies are continually developing their products to be more secure by releasing security updates. These updates are primarily to fix any vulnerabilities that cyber criminals could exploit to access your personal sensitive data. Malware, like viruses, trojans, adware or spyware among others, infects your computer with malicious software that could steal your personal information. Therefore, installing these security updates as soon as possible will reduce the risk of your data being stolen. You will receive prompts and notifications on your device to inform you of an update.

If you haven’t been prompted to update your web browser by the browser itself, you can check the What Browser? Website to see what version you’re using and, if necessary, download and install the latest one.

A few tips to help protect your device:

  • Keep all software and applications up to date
  • Avoid conducting personal tasks when connected to unsecured Wi-Fi points (such as online banking or email)
  • Be wary of what you’re downloading, not all applications are legitimate and safe
  • De-activate Bluetooth capability when not in use
Antivirus and Firewall protection 

Antivirus software detects, prevents and removes malware. Malware is malicious software that is designed to disrupt, damage, or gain authorized access to a computer system. However, antivirus is only effective if it is kept up to date. Most antivirus software includes an auto-update feature. It is recommended that this is enabled at all times.

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Your computer will have a built in firewall that must not be turned off or have its settings amended unless you know what you are doing.

Your Account

Having issues logging into Your Account?

If you have experienced issues logging into Your Account or accessing some of the pages once you have logged in, then your browser may be out of date. For your security and safety, we recommend that you use the latest version of your browser. Read Keeping your software up-to-date if you think you might not have the latest version of your browser. 

What do I do if I still can't access or have limited access on our website?

Sometimes disabling or customising functions on your browser can cause problems when trying to access our site.  You can check what’s been disabled or enabled by looking into your internet browser setting menu. 

Check your browser settings:

JavaScript enabled? Yes

Can access secure sites? Yes

Images enabled Yes

More advice

Find out more about the different types of fraud and how to protect yourself from it.

You may find the following websites useful:

  • If you have any questions or comments, or want more information, you can call us. See our Contact Us page for more details. Or you can contact our Data Protection Officer as follows. Email: Post: Principality Data Protection Officer Principality Building Society PO Box 89 Principality Buildings Queen Street Cardiff CF10 1UA

Your Queries

If you have any concerns or queries about your privacy and security, please call us on 0330 333 4000. Lines open 8am-8pm weekdays and 9am-1pm Saturdays.
Alternatively, you can write to us: 

Customer Contact Centre, Principality Building Society, PO Box 89, Queen Street, Cardiff, CF10 1UA


Principality. Where home matters.