Is it safe to share my online banking password with someone who calls me?
No bank, regulator, or financial authority will ever ask for your full online banking password over the phone. Any caller requesting it is attempting fraud.
Last reviewed: 10 June 2026
Explanation
Banks and financial institutions operate on a foundational security principle: their staff do not and cannot ask for your full password. This is not just policy — it is a structural design choice. Bank staff access your account through internal systems that do not require your password. If they needed to verify your identity, they use partial security information, memorable words, or knowledge-based questions — never your complete login credential.
The most common scenario is an impersonation call: the caller claims to be from your bank's fraud department, says your account has been compromised, and says they need your password to freeze the account or verify your identity before stopping the fraudulent activity. The urgency and the apparent concern for your wellbeing are designed to create compliance without reflection.
Legitimate bank fraud teams operate in exactly the opposite way: they freeze accounts proactively and then contact you to verify legitimate transactions. They do not call you first and ask you to provide credentials. If you are ever unsure whether a caller is genuine, hang up, wait five minutes, and call your bank directly on the number printed on your card or on the bank's official website.
The same principle applies to one-time passcodes sent by your bank. A legitimate bank fraud team will never ask you to read out an OTP. These codes are the second factor in your authentication — they are meant to be private. A caller asking for an OTP is attempting to use your credentials to access your account in real time.
Common red flags
- Caller asks for your full password, PIN, or the complete one-time passcode sent to your phone
- Caller says your account has been hacked and you must act immediately
- Caller instructs you to transfer money to a 'safe account' they provide
- Call is unexpected and the caller knew some details about you (creates false trust)
- Caller asks you not to hang up, speak to anyone, or visit a branch
- The caller ID shows your bank's official number (this can be spoofed)
What to do now
- Hang up immediately without sharing any information
- Call your bank on the official number from the back of your card or the bank's official website
- If you already shared your password, call your bank immediately on the official number to report it
- Change your banking password from a secure device as quickly as possible
- Check recent transactions for unauthorised activity
- Report the call to your national fraud reporting service
Frequently asked questions
The caller ID showed my bank's official number — does that mean the call was real?
No. Caller ID can be spoofed using widely available tools, making any number appear to originate a call. Never trust caller ID alone as proof of identity. Always hang up and call back on a number you have independently verified.
What if I already gave my password — how quickly will the scammer use it?
Often within minutes. Call your bank immediately, report the disclosure, and ask them to freeze your account while you investigate. If you cannot reach them instantly, log in from a different device and change the password yourself first.