Cybercrime has become a major issue in the UK, with 50% of businesses reporting a cyberattack in 2024. This has led to a concentrated effort by authorities to put cyber security laws in place that will protect consumers and businesses alike.
At Remitly, we take financial security very seriously. In addition to helping you send money abroad safely, we provide information to improve the lives and safety of immigrants around the world. If you’re an expat living in the UK, this article will tell you everything you need to know about cyber security laws and safe online banking.
What is Cyber Security?
Cybersecurity is a combination of practices that defend and protect computers and mobile devices from malicious attacks. These practices include formulating policies and laws, creating and installing computer software like antivirus programmes, and making choices that prevent unauthorised access to computers or mobile devices.
Cybersecurity works by:
- Using hardware and software to protect networks from unauthorised access. A firewall, for example, blocks or allows traffic through a computer network, based on set security rules.
- Securing mobile applications to prevent unauthorised access. Bank mobile applications, for example, require passwords and two-step authentication to prove a user’s identity before they can log in.
- Protecting cloud-based systems. Usually, banks store and process client data in the cloud, a remote storage solution that allows businesses to store client files. Practices such as encryption protect this data from cyber criminals.
- Protecting laptops and devices through practices like not opening or clicking suspicious links.
Types of cyber security threats
Malicious individuals attack computers and applications to steal data, damage a company, steal money, and disrupt systems using threats such as these:
- Installing malware or malicious software—such as worms, ransomware, spyware, and viruses—in order to harm a network or computer.
- Phishing, where cybercriminals trick unsuspecting individuals into revealing financial information.
- Distributed Denial-of-Service attacks (DDoS), which prevent legitimate users from accessing a website or service when attackers flood it with internet traffic.
Essential cyber security practices for expats in the UK
At a personal level, protect yourself from cyberattacks by practicing these safe protocols:
- Install antivirus programs
- Use end-to-end encryption
- Avoid clicking on suspicious links
- Don’t log into your accounts over public Wi-Fi connections
- Restrict access to personal computers and devices using password protection
- Use strong passwords and change them regularly
- Use a unique password for every account
- Avoid writing down your passwords in easily accessible locations
- Verify your identity using multi-factor authentication
- Be cautious of phone calls from the bank—scammers trick online banking users by making fake phone calls and requesting them to reveal personal details
- Save the official bank communication channels such as phone numbers and email addresses, so you can identify scam calls and emails
- Don’t save log-in details for online banking
- Update your computer’s or phone’s operating system, web browser, and security software regularly to reduce vulnerabilities
- Monitor your accounts and immediately flag any suspicious activities
Accessing Online Banking in the UK
Online banking in the UK enjoys a huge customer base, where 87% of adults use a form of e-banking. Expats also enjoy the benefits of online banking and money transfer services like Remitly to conveniently send money to friends and family.
To access mobile banking, immigrants must first open a UK bank account, which requires a few compliance checks, as detailed below. Once these issues are out of the way and the bank account is set up, expats can apply for access to digital banking.
What are the legal banking requirements for expats in the UK?
Immigrants are legally required to provide the following documents before opening a bank account in the UK:
- Proof of identity, such as your passport or Biometric Residence Permit (BRP)
- Proof of address in the UK, e.g. a recent utility bill
- Proof of income, e.g. an employment letter
- Proof of studying in the UK, for student accounts
Common banking restrictions for expats
In addition to the legal obligations that require banks to prove the identity of immigrant customers, banks have to comply with immigration checks before opening an account for an expat.
Under the law, UK banks must:
- Confirm the immigration status of new account applicants
- Not open accounts for illegal immigrants
- Confirm that the applicant isn’t on the Home Office’s list of disqualified people
- Not open accounts for applicants in the Home Office’s list of disqualified people
- Restrict access to joint accounts for immigrants in the Home Office’s list of disqualified people
- Close accounts held by immigrants in the Home Office’s list of disqualified people
- Provide details of any accounts held by a disqualified immigrant
What happens when expats fail to comply with banking rules in the UK?
The UK government imposes penalties and consequences when immigrants fail to comply with its banking requirements.
Potential penalties and consequences
- The bank account will be closed
- Regulatory authorities like the Financial Conduct Authority (FCA) will levy penalties and fines on the bank and the expat
- The bank will restrict access to funds
- There will be litigation if the immigrant supplied fraudulent information to open the account
Legal recourse and protection measures
Aggrieved expats can follow legal recourse to appeal by contacting the Home Office.
Cybersecurity and Online Banking
While online banking may come with cyber security risks, the benefits and convenience it offers make it a popular choice. Following basic cyber security protocols can help you keep your money and information safe.
Reasons expats use online banking
Online/mobile banking is useful for immigrants because they enjoy many benefits:
- The convenience of accessing banking services anywhere, anytime, through mobile devices and computers
- Easier bill payment with automatic payments for items such as utility bills
- Real-time account monitoring and management when they access their accounts anytime to view debit and credit, debt repayments, transaction history, and edit automatic payments
- Sending money internationally by linking your bank with a service like Remitly
Cybersecurity issues for immigrants using online banking
Digitally accessing your bank has many benefits. But it can also expose you to cyber security issues because, during the process, the bank accesses and processes critical information such as names, credit card details, birth dates, addresses, telephone numbers, bank accounts, and account activity.
The safety practices we’ve discussed may suffice at a personal level, but banks also provide additional cyber security measures to protect you. In the UK, businesses protect their customers from cyberattacks by adhering to government cyber security laws and practices.
What Expats Need to Know about UK Cyber Security Laws for Online Banking
The UK government has enacted cyber security regulations and laws that protect online banking users from cyberattacks.
Major cyber security laws and regulations in the UK
- The UK General Data Protection Regulation (UK-GDPR), the UK’s version of the European GDPR, guides how businesses collect, process, store, and transmit personal data.
- The Data Protection Act 2018 guides UK private and public entities on how to process personal data.
- The Computer Misuse Act 1990 protects users from unauthorised data access and modification.
- The Security of Network & Information Systems (NIS) Regulations 2018 guide digital service providers such as search engines on legal measures they can take to strengthen the digital and physical security of their critical infrastructure.
- The Telecommunications (Security) Act 2021 guides telecommunication industry players in preparing and defending their systems from cyberattacks.
- The Digital Economy Act 2017 regulates access to age-appropriate content online, sets the minimum broadband connectivity to promote digital businesses, and controls data sharing between government agencies to safeguard privacy.
- The Investigatory Powers Act 2016 guides digital surveillance by British police and intelligence agencies to keep UK residents safer.
- The UK Operational Resilience Framework has been established by the Financial Conduct Authority (FCA) to guide financial institutions in identifying critical services, setting tolerances, and implementing mitigation strategies to cushion their customers from incidences and effects of data breaches.
- The UK Cyber Security and Resilience Act is currently a bill in the UK parliament. It seeks to fortify how the UK protects itself and bounces back after cyberattacks. The bill intends to empower regulators in enforcing cyber security measures, increase mandatory incident reporting for more reliable threat intelligence, increase regulatory reach, and apply a risk-based approach to cyber security.
How banks in the UK keep you safe online
The UK government has a regulatory body to enforce compliance with its cyber security laws and regulations. The Financial Services Act of 2012 established the Financial Conduct Authority (FCA) in 2013, to regulate over 50,000 financial institutions, including banks.
The FCA also guides financial institutions on cyber security and customer data protection. The regulatory body requires banks to:
- Set up systems and controls to avoid customer data breaches
- Protect client data obtained during market and customer experience research
- Regularly review staff rights to data access, ensuring that only authorised personnel access data necessary for their level
- Regularly vet staff with access to a lot of customer data
- Control access to sensitive customer data
- Dispose of data responsibly
- Ensure third-party vendors e.g., data destruction services comply with cyber security laws
- Train staff on cyber security risks
- Only use encrypted devices to take and handle customer information offsite
- Allow third parties to access only data necessary for the job
Reporting Cybercrime in the UK
Despite these measures, cybercrime may still affect online banking customers. If you experience a cybercrime, the government has clear steps on how to report it.
Steps to report cyber threats in the UK
- Call Action Fraud, the UK’s cybercrime reporting centre.
- File a report with the National Cyber Security Centre (NCSC).
- Report a breach of personal data with the Information Commissioner’s Office (ICO).
- File a report with the National Crime Agency (NCA), the UK’s lead agency against cybercrime. The NCA collaborates with international partners to disrupt and destroy cybercrime networks, sites, and individuals involved in cyberattacks.
FAQs
What is cyber security?
Cyber security is a combination of practices that defend and protect computers and mobile devices from malicious attacks.
How does cyber security affect online banking in the UK?
Through online banking, the bank accesses and processes critical information such as names, credit card details, birth dates, addresses, telephone numbers, bank accounts, and account activity. Cybercriminals may penetrate weak systems, steal customer information and use it to extort bank customers or sell this data to malicious people.
What are the cyber security laws in the UK?
The UK government has several laws protecting consumers and businesses from cybercrime. They include the UK General Data Protection Regulation, Data Protection Act 2018, Computer Misuse Act 1990, Network and Information Systems Regulations (NIS) 2018), Telecommunications (Security) Act 2021, Digital Economy Act 2017, Investigatory Powers Act 2016, the UK Operational Resilience Framework, and the UK Cyber Security and Resilience Act.
European Union cyber security laws also apply to UK financial institutions operating in the EU.
How do I report cybercrime in the UK?
You can file a report or call Action Fraud, the National Cyber Security Centre (NCSC), the Information Commissioner’s Office (ICO), or the National Crime Agency (NCA).