skip to content

Security FAQs

Frequently Asked Security Questions

Could someone withdraw money from my account?


Your account can’t be accessed without the Customer Number, Digipass and 5 digit PIN. Providing you keep this information safe, it is unlikely anyone could log into your account and withdraw money. 

But even if someone was able to get hold of your details and log into your account, funds can only be transferred back to the nominated bank account in your name.

What other security precautions can I take?


Here are some security precautions anyone can adopt to increase their own level of online security.

1. Protect your Digipass and PIN number
  • Don’t write your PIN code down. 
  • If you have to write it down, don’t store it with the Digipass and customer number. 
  • Keep your Digipass and customer number separate. 
  • Do not store your customer number or PIN code near your computer. 
  • Notify us if your Digipass is lost or stolen. 
  • Call us immediately if you are asked to return your Digipass or send it to another address. 
2. Never send account information via regular email
  • Use our secure e-mail function if you need to include account information in your message.
  • We will NEVER send you an email requesting your personal access details. If you ever receive such an email please notify us as soon as possible.

3. Use updated Anti-Virus Software

Protect your computer from viruses by installing and regularly updating firewall and anti-virus software. 

4. Scan your computer for Spyware regularly

Spyware and adware are programs that look in on your web viewing activity and potentially relay information to a disreputable source. Perform an internet search for "spyware" or "adware" to find free spyware removal programs. Just make sure that your removal program is not blocking or removing wanted items and, if it is, consider turning it off for some websites.

5. Avoid downloading programs from unknown sources

Downloads may contain hidden programs that can compromise your computer's security. Likewise, e-mail attachments from unknown senders may contain harmful viruses.

We maintain high security standards to ensure your money is protected at all times. If you have any questions or concerns, please call us on 0800 22 44 33 or email

What if I suspect that my internet banking has been compromised?


Call us on 0800 22 44 33 (+64 4 8192870) between 8am-6pm, Monday to Friday. You can also email outside of business hours.

How do I identify a phishing email or fake website?

Fake emails and websites can look very realistic but there are a few tell-tales signs to look out for:
  • Requests for confidential information. We will never ask you to provide your customer number, account number or PIN code via email. 
  • An unusual website URL - Look out for a “padlock” icon next to the URL to ensure you are in an encrypted secure session. If you receive a message along the lines of 'Error! Hyperlink reference not valid.’ this usually means something’s not right. 
  • Grammar and spelling errors - These can be deliberate (to get around spam filters) but are usually unintentional errors made by the fraudsters. 
  • Suspicious logos and links - If you hover your mouse over links in the email, they may not point to your bank's website but to some other third party website you don’t recognise.
  • The email doesn’t address you by name - We won’t send you emails starting with ‘Dear customer’. 
  • The tone of the email is urgent and encourages you to take immediate action e.g. verifying your online banking details. 

If you receive any emails that appear to be from RaboDirect but seem suspicious, please feel free to call us on 0800 22 44 33 or email It’s better to be safe than sorry.

What should I do if I receive a phishing email?

First of all, don't panic.
  • Do not respond to the email. This is important because the fraudster will then know that your email address is a real one.
  • Do not click on any links in the email. This might download spyware programs to your computer.
  • Contact the bank or company the email appears to be from and advise them.