Internal controls

Add iPortal (https://iportal.barclays.com/) to your bookmarks/favourites and trusted sites. Do not use a search engine to access our digital channels as you may be presented with links to malicious websites (such as fake Barclays sites).

Keep your smart card/smart SIMs secure at all times so only the relevant user can access it. Do not share smart cards. We recommend that you remove your smart card/ SIM from the reader once you have logged in.

Keep access to the mobile app secure at all times and don’t share mobile devices or access to the app itself. The transaction message displayed on your security device will always accurately reflect the activity taking place. If someone asks you to generate a QR code and provide it to them by any method, they are a fraudster.

Ensure that only necessary payment types are included for each role profile. Only include payment types in role profiles that are used by your organisation. Be vigilant when assigning role profiles to each users in line with their duties.

Choose the 'authorisation required'/ 'dual authorisation' option to significantly reduce the risk of fraud, as it makes it more difficult for a rogue administrator, user or third party who has gained access to make fraudulent changes or payments. Use two separate devices to upload and approve the payment instruction.

We strongly recommend that you assess your cyber security. Prevent staff from downloading applications from the internet through role appropriate restrictions and educate them regarding the risks and red flags. Permissions to download applications should be given to only those who need it (i.e. IT administrators).