Security Center

The safety and privacy of your personal information and banking details are important to us. The more knowledge and protection you have, the safer your information and accounts will be. Let us help you stay informed and aware of common fraudulent activity.

What we do for you?

What we do for you:

  • Keep you informed of any fraudulent trends by regularly updating our website
  • Provide tips on how to protect yourself from scams
  • Include automatic banking session timeouts on our internet banking, mobile portals or ATM banking in case you forget to log out of your banking transactions
  • Use withdrawal and electronic payment limits across your accounts to prevent fraudsters from accessing large amounts of money if they breach your account
  • Provide free notifications of all your account transactions, so you can quickly identify unauthorised ones
  • Offer the downloadable Trusteer Rapport to protect your computer from malware.

Be prepared, stay alert and have peace of mind when using our internet banking portal, mobile app or cellphone banking system.


Remember to report any suspicious banking and transaction activities to Standard Lesotho Bank immediately.




  • Stay alert: Scammers trick their victims into believing they are from recognised institutions, such as Standard Lesotho Bank. Don’t share any personal information or account details over email or telephone
  • Do not click on attachments, hyperlinks or icons in unsolicited (uninvited) emails: Even if they appear to be from Standard Lesotho Bank. Before you open them, visit your nearest branch, or call us directly to verify the email and information you received
  • Never share personal or confidential details: Don’t disclose any personal or account details by email or telephone
  • Keep an eye out for fake websites: Always type the URL in your internet browser to access the webpage, rather than clicking hyperlinks
  • Report suspected fraud: If you think you have received a scam, or been victim to one, stop all forms of communication and report it immediately.

More ways to keep your banking details protected:


  1. 1.     Create a strong password

To help keep your online banking profile safe, follow these tips to create a strong password:


  • Use unique passwords for each of your accounts. Using the same one is risky: if someone figures out your password for one account, they’ll have access to all of your others, including personal details and confidential information
  • Include a combination of letters (capital and lowercase), numbers and special characters
  • Make sure your password contains at least eight characters
  • There is no minimum password length, but create a password that is at least eight characters in length. This will help to keep your password strong
  • Your password shouldn’t be obvious, so don’t use personal and obvious information such as your name, your family’s names, where you live, or your birthdate. Don’t use simple words or phrases, such as ‘password’, or keyword patterns such as ‘qwerty’. This will make your password easier to guess
  • Change your password every 30 days.

Protect your password

Don’t disclose your password, any personal details or confidential information to anyone – online or over the phone.


  1. 2.     Card and PIN protection
  • Never disclose your card number, customer-selected PIN, banking username, password or ATM PIN to anyone
  • Don’t use the same PIN across various accounts. This can be risky; if someone figures out your password for one account, they have access to all of your other accounts
  • Avoid known information, such as your date of birth
  • Change your PIN every 30 days, as it’s the key to your bank account.

Protect your PIN

If you think your banking details, password or PIN have been compromised, or that your banking access is at risk, call our Customer Contact Centre immediately on +266 2221 2221.


When using your banking log in details and account information, protect your banking information by being aware of common scams and fraudulent behaviours, as well as reporting any suspicious activities. Partner with us to stay protected when using our digital banking platforms.


Sign up for our MyUpdates

Our MyUpdates option allows you to keep in touch with what’s happening on your account. You’ll receive SMS and email alerts for every transaction. Always provide your roaming/contact number when travelling out of the country to keep in touch with any activity on your account (this is important, as the Bank may contact you if there is need to verify any noted activity).



Download Trusteer Rapport

Trusteer Rapport

Trusteer Rapport protects your computer from known malware. To download, click the link:

Digital Security Awareness



A scam is any fraudulent business or scheme performed by a dishonest individual, group or company attempting to take money or something of value from an unsuspecting individual. Since the rise of the internet, new forms of online scams have emerged, and fraudulent behaviour has increased. Ultimately, it is up to us to stay informed about common scamming activities and be aware when using confidential information online.


What does a scam look like?


Scams come in many forms – email, SMS, phone call or malware – and anyone can be victim to one. They often ask for your personal details and confidential information, and this is the first step to knowing what to look out for.


It could be a scam if…


  • The information sounds too good to be true
  • The offer, prize or communication has come out of the blue, and you have not entered the competition or applied for the information
  • The message requires a very quick response to clarify your information or win the prize. This doesn’t give you much time to think about the validity of the information or talk about it to people you trust
  • You receive the information via a free email, for example, Hotmail, Aim, Yahoo or Gmail
  • You are promised large sums of money for very little, or no, effort
  • You are requested to provide money upfront before the proposed transaction can take place
  • You are requested to confirm personal or account details via a hyperlink, icon or attachment in an email or telephonically.

Types of scams:




Phishing is an email scam where fraudsters send emails to individuals and claim to be from a reliable organisation, such as a banking institution, or an email service provider.


The email will attempt to trick you into supplying your account information for a number of reasons, such as your account information needing to be updated or validated, by asking you to click on a link or icon in the email. Once clicked on, the link will launch a fake website that resembles a real one. On the website, you will be asked to share your personal bank account information, such as your username or password, for your online banking profile or email account. Any information that you share is captured by fraudsters and used to defraud you.


How to identify a phishing scam


  • There is a sense of urgency in the email, followed by a threat – the suspension of your bank account, for example – and you are required to respond quickly. This doesn’t give you much time to think about the situation or speak to people you trust
  • The email states that you have been a victim of fraud or have received funds, and you need to log into your accounts ‘here’ to report the incident and cancel your bank card, or give permission to release the sum of money
  • You are required to supply your personal and account details via a hyperlink, attachment or icon, provided in the email.

Report a scam





A vishing scam is a common electronic technique that attempts to access your personal and account details using a telephone call.

You receive an unverified SMS stating that a Standard Lesotho Bank official will contact you shortly to update or verify your account details and personal information. The scammers then contact you telephonically and ask you to update or verify your information. As a consequence, you provide them with all the necessary information to access your bank account. Remember, Standard Lesotho Bank will never ask for your banking details, password, PIN or One-Time Password (OTP) over the phone.


How to identify a vishing scam


  • There is a sense of urgency in the phone call, followed by a threat: your account will be suspended should you not supply or verify the necessary information immediately. This doesn’t give you much time to think about the situation or speak to people you trust
  • You are requested to update, verify or confirm your personal account information, such as your bank account number, PIN or password, telephonically.

Report a scam



SIM-swap scam


In a SIM-swap scam, scammers perform a SIM swap without your knowledge, allowing them to intercept phone calls, SMSs and messages.

Typically, the SIM swap takes place after the scammers have received your login details as a result of you responding to, for example, a phishing [MJ1] email. Once scammers have access to your cellphone number and other personal information, they can pose as you and request a new SIM card from your cellular service provider. They then have access to your phone calls and SMSs, including the OTP SMS facility, as well as any other notifications they could use.


How to identify a SIM-swap scam


  • You are suddenly no longer receiving calls or messages on your cellphone
  • You don’t receive the OTP you have requested, even when trying a second time
  • Your cellphone suddenly has no network signal in a usual network area.

Report a scam 




A smishing scam attempts to access your personal and confidential information via an SMS. You receive an SMS that states it is from a recognised organisation, such as Standard Lesotho Bank, and requests that you contact a toll-free number. When contacting the number, you’re met by a fake automated voice-response system prompting you to provide sensitive details, such as your account number, password and PIN. Once the necessary information has been supplied, the scammers can use the information as they wish. Remember, Standard Lesotho Bank will never ask for your banking details, password, PIN or OTP over the phone.


Smishing scams are becoming more common and dangerous, owing to the increased popularity of mobile banking. Nowadays, people use their smartphones for everything including online banking, so there’s a lot of sensitive information at risk if the phone is exposed to fraudulent behaviour.


How to identify a smishing scam


  • There is a sense of urgency, followed by a threat – if you don’t update or verify your information now, your account will be suspended – and you’re encouraged to respond quickly. This doesn’t give you much time to think about the situation or speak to people you trust
  • The SMS requests you to call a toll-free number
  • You are required to update, verify or confirm your personal details and confidential account information, such as your bank account number, PIN or password, telephonically.

Report a scam

Spoofed/fake website scam


A spoofed website claims to be the legitimate website of a particular organisation, and is set up to mimic the original. Spoofed websites usually have similar logos to the original organisation that they are copying and, in some cases, may even be identical. The intention of a spoofed website is to associate a scam with a reputable institution, and is set up to validate other scams, such as the 419 or phishing scam[MJ2] .


How to identify a spoofed website scam


  • You are required to click on a hyperlink, attachment or icon provided in an email you are sent directing you to the spoofed website, rather than typing the URL directly into your browser
  • You are required to disclose personal details or account information on the website you were directed to via the email you received
  • The spoofed website, accessed via the given hyperlink in the email, does not have one of Standard Lesotho Bank’s official website addresses or URLs that you usually use to access information or online banking.

Report a scam


Identity theft


Identity theft is the theft of personal information (ID, passport, driver’s licence, payslip, municipal bills and bank statements) to be used for fraudulent purposes. Details can be retrieved by stealing your wallet or purse, which may contain your ID, credit card as well as mail containing bank and credit card statements. Fraudsters also go through dustbins looking for private documents and can even intercept confidential emails. Also be vigilant when completing your personal information on a form, so individuals who observe you and watch your keystrokes as you enter your personal details and banking information do not gain access to this sensitive information.


How to protect yourself against identity theft


  • Manage your personal information wisely. Store personal and financial documents safely
  • Destroy personal financial information by tearing, shredding or burning it before throwing it away
  • Monitor account statement cycles, so you know when you can expect them, as well as when they have not arrived
  • Don’t carry unnecessary information in your wallet or purse
  • Create strong PINs and passwords; don’t use obvious choices, such as birth dates and first names, and keep them safe
  • Never disclose personal information by email or telephone.


What to do if you are a victim of identity fraud


Report a stolen ID or driver’s licence to Standard Lesotho Bank’s 24-hour fraud helpline immediately on +266 2221 2221. You can also report any suspicious activities or transactions to Standard Lesotho Bank.


Report a scam

Online shopping


Online shopping allows consumers to buy goods and services directly from a merchant over the internet. As with anything you do online, any time you need to provide personal details such as your email address, phone number and bank card information, be vigilant. While there are many benefits to online shopping (convenience, extensive information, customer reviews and wide selection, among many other things), it’s important to be aware when using online shopping platforms, as online fraud is one of the most widespread forms of cybercrime.


How to avoid online fraud


  • Make sure the company is reputable: Only purchase goods and services online from companies you recognise and trust
  • Ensure the site is secure: Look for security symbols such as an unbroken lock or key, and that the URL begins with “https” not “http”, meaning that no one but you and the merchant can view your payment information
  • Read the retailer’s privacy policy: Ensure that the online retailer has an acceptable and visible privacy policy posted on its site. If the retailer does not clearly state that it will not share private information with others without your knowledge and consent, don’t disclose your private details
  • Keep a record of your transactions: Save and print all online confirmations of your orders. Check your bank statements regularly and immediately report any suspicious activities to Standard Lesotho Bank
  • Never pay for goods or services over email: Paying via email is not secure. You should never send payment information such as your card details and CVV number via email
  • Never disclose any confidential information: Don’t tell the merchant any passwords or PINs. This information is for your use only
  • Avoid using public computers: Don’t use public computers (in internet cafés, for example) for personal and online banking, as well as for online shopping, as they may contain spyware.

Dating and romance scam


A dating and romance scam attempts to play on your emotions and kindness to steal your funds.


Scammers create fake profiles on legitimate dating websites or social media platforms to meet new people and con them. They will invite you to be their friend or talk to them online, and then share fake personal information to build trust and create a relationship with you. Once they have established a connection, they may try to convince you to send them money or disclose sensitive information, either to help them out of a personal crisis, or so they can travel to visit you. Once you have sent them the funds, you will never hear from them again.


How to identify a dating and romance scam


  • You receive a friend notification or invite from an individual you don’t recognise
  • You have only spoken to the individual online via a dating website or social media platform
  • You have never met in person, and they are asking you for an upfront payment or to disclose sensitive details
  • You notice an inconsistency in the communication that is sent to you
  • They have an unusual job (for example, they work in the army or air force) and need you to help them financially.

Report a scam


Holiday scam


These scams try to exploit potential holidaymakers by falsely advertising ideal holiday packages, accommodation or timeshare on the internet via legitimate-looking, professional classified adverts or websites.


You come across a website or are sent an email promoting an incredible holiday package. The deal is only running for a couple of hours, so you quickly purchase the accommodation package through the website using your credit card details. The purchase goes through – but you never receive the package you paid for. The website, and deal, was fake. The holiday scammers now have access not only to your funds, but also to your bank account details, which they can use fraudulently.


How to identify a holiday scam


  • If the holiday package sounds too good to be true, it probably is
  • You come across the accommodation deal on a website you do not recognise or are sent the promotion via an unsolicited (uninvited) email
  • The URL begins with ‘http’ not ‘https’
  • There is a sense of urgency with the holiday deal. For example, you only have five hours left before the deal closes, or there are only two packages left. This doesn’t give you much time to think about the situation or talk to the people you trust
  • You are encouraged to quickly disclose personal information online
  • In the email you receive, you are required to click on the hyperlink, attachment or icon to view and pay for the holiday package
  • You are unable to contact a reputable agency to confirm the holiday package. The contact details include foreign phone numbers, or the owner or property manager is not responding to emails.

Report a scam 



Debit order fraud


Fraudsters get your bank account details and process debit orders on your account. The most common type is when a fraudster opens a unit trust and provides a different person’s account to be debited to fund the unit trust without this person’s authority.


How to avoid debit order fraud


  • Subscribe to your bank's SMS notification services
  • Scrutinise your bank statements each month by looking at each deduction, no matter how small
  • If you pick up any discrepancies, report them to your bank within 30 days from when the transaction took place
  • If fraud is involved, it would be best to report the incident at a police station
  • Protect your banking information.

Deposit and refund scam


This scam attempts to steal goods or services from a business without actually making the payments.


Scammers will order goods or services from your business, claiming to make the payment into your account. This is done mostly by means of a fraudulent or stolen cheque. A fake proof of payment is then sent to you, and your business delivers the goods to the scammers. Later on, it is uncovered that the cheque is fraudulent and no funds were transferred to your business’ account. In other instances, the scammer may cancel the order and request an urgent refund. Scammers may also deposit a fraudulent cheque into your account, then contact you stating that they ‘mistakenly’ deposited funds into your account. The caller will ask you to refund the amount immediately, and will send you the proof of payment.


How to identify a deposit and refund scam


  • You are asked to refund an individual urgently after they have cancelled their order, or the payment is made ‘in error’
  • You are requested to refund an individual urgently before you have time to verify that the deposit was made into your account and that it is valid
  • You don’t know the person requesting the refund
  • You are not sure whether the payment is a cheque deposit or not
  • You are unable to phone the requestor on a predetermined number to confirm the request.

Report a scam


Change of banking details scam


This type of scam attempts to steal funds through supplying false information about a change of bank account details.


You receive an email, letter or fax supposedly from a recognised supplier. The communication informs you of a change in bank account details and asks you to update your records. These ‘new’ bank account details are false, so your monthly payment is paid to the scammer and not your supplier, as originally intended.


Always be wary of changing account details. If a request is received, first confirm with your supplier before changing anything.


How to identify a change of banking details scam


  • The request you receive to change your supplier’s bank account details doesn’t come from your usual contact at the supplier
  • The request wasn’t made via official correspondence or using the contact details that you have in your database.


Report a scam


Keylogger scam


A keylogger scam is a software or hardware computer program that records every keystroke entered on a computer, including confidential details such as passwords, PINs, private login details for internet banking profiles, and usernames. This information is then sent to scammers anonymously via email, or they can access it directly via a computer file.


Keylogger scammers often target internet cafés, owing to the convenience of the computer terminals and the anonymity attached to them.


How to identify a keylogger scam


  • Keyloggers could be hidden in an email attachment, or can be installed via a memory stick or rogue apps and malicious websites. Be wary when untrusted individuals use your computer
  • Always be alert to computer hardware or software changes
  • Be cautious when using internet cafés. Don’t disclose any confidential information on a public, unfamiliar computer
  • Don’t open any emails, attachments or hyperlinks from unknown sources.


Report a scam



419 Scam


A 419 scam, or advance fee scam, is a form of upfront payment or money transfer scam.


You receive an email, fax or letter containing an offer promising you large amounts of money (via an inheritance or lotto winning, for example), but to gain access to the funds, you need to pay an upfront fee. Various reasons are given for this, including exchange control fees, customs duty fees and bank charges. Once you have made the advance payment, the scammers cease communication and the promised transaction never takes place.


419 scammers sometimes create spoofed websites in an attempt to validate the 419 scam. In addition to the email, you may be given login details for a false website that appears to be Standard Lesotho Bank’s internet banking site. The fake webpage will show you your inflated bank balance. The hope is that you will more easily fall victim to the 419 scam if you see a larger bank balance.


How to identify a 419 scam


  • Out of the blue, you receive an unbelievable promise of large sums of money for little or no effort on your part
  • You have no idea where this proposed money is coming from
  • You are requested to provide money upfront, as a processing or administration fee, to access the funds
  • There is usually a sense of urgency, followed by an emotional bribe (for instance, someone has passed away or is suffering from an illness), prompting you to respond quickly. This doesn’t give you much time to think about the situation or speak to the people you trust
  • You do not know the people who have sent the communication, although they usually claim to be in a position of authority from a trusted organisation
  • You are required to supply your personal and account details via a hyperlink, attachment or icon provided in the email.

Report a scam 


Card fraud


Card fraud is the unauthorised use of your credit or debit card, following the theft of your personal information and bank details. Always be cautious when using your banking cards, especially at ATMs, as fraudsters use a variety of card fraud methods to deceive their victims.


Card skimming


Card skimming is the illegal electronic duplication of your credit or debit card, and a card has to be inserted into a skimming device for it to be copied. Victims of this fraud are usually unaware of the banking transactions until they receive their bank statements, or payment notifications, showing the transactions that they didn’t make.


Card swapping


Fraudsters attempt to distract you while at an ATM or when conducting a bank transaction, swapping your bank card for a fake one without your knowledge. Card-swapping fraudsters are known to work in groups, as it is easier to distract you and retain your card and information. Other times, they watch your keystrokes as you enter your personal details and banking information.


Card-not-present (CNP) fraud


CNP fraud takes place when neither the card nor the cardholder is present while conducting the bank transaction. Fraudsters may memorise or write down your card number, expiry date and CVV (the three digits at the back of your bank card) when your card is handed over for payment. With this information, they are able to transact fraudulently on the internet or phone.


How to protect yourself against card fraud


  • Stay alert at all times when using your cards and making payments
  • Always be vigilant while using ATMs
  • Change your PIN immediately if you believe it has been compromised
  • Stand close to the ATM and cover your hand when punching in your PIN
  • Create strong PINs for your various accounts, and don’t use the same PIN for different accounts
  • Don’t request or accept help from anyone while at an ATM
  • Never force your card into the ATM slot, as it might have been tampered with
  • Don’t let your card out of your sight when making payments, and ensure you get your own card back after every purchase
  • Review your account details and transactions on a regular basis. Query any disputed transactions with Standard Lesotho Bank immediately
  • Shred or tear up your card receipts and statements before you discard them
  • Always check transaction slips for correct purchase amounts before signing them
  • Always provide your roaming/contact number when travelling out of the country to keep in touch with any activity in your account (This is important, as the Bank may contact you if there is need to verify any noted activity on your account)
  • Make use of any additional Standard Lesotho Bank security features, such as MyUpdates and One-Time Password (OTP), so you are alerted to any account movements in real time.

Cheque fraud


Cheque fraud uses unlawful, fraudulent, but realistic-looking cheques in what seems like a legitimate business transaction. It is important for anyone receiving cheque payments to wait until the cheque clears before releasing any goods or services paid for.


How to protect yourself against cheque fraud


  • Always keep your chequebook, cancelled cheques and statements in a safe place
  • Don’t sign blank cheques
  • Report lost or stolen cheques and chequebooks to Standard Lesotho Bank immediately
  • Check your cheque statements every month and do a reconciliation
  • Always collect your new chequebook yourself
  • Provide Standard Lesotho Bank with up-to-date signatures of everyone who is entitled to sign cheques on your account.

When writing a cheque


  • Always complete beneficiary details in full
  • Include your account details when making account payments
  • Use crossings accordingly
  • Familiarise yourself with different banks’ cheque layouts
  • Write clearly with a non-erasable ballpoint pen; this will make your cheque difficult to alter
  • Write the full names of the payee and spell them correctly. Avoid using abbreviations
  • Do not make any corrections or alterations. It is best to cancel it and write another cheque
  • Never leave large spaces between words, and draw a line through any unused space to ensure nothing can be added to the cheque
  • Remember to always sign your cheque correctly and clearly.

 When receiving a cheque


  • Only accept cheques from people you know and trust
  • Look out for any alterations on the payee and amount written
  • Make sure there are no stamps placed in areas that could conceal alterations
  • Don’t accept cheques issued in black felt-tipped pens
  • Look out for spelling mistakes on the printed areas of the cheque, such as drawer’s details and bank branch name
  • Be careful of tampering on the MICR code line (the black shaded area)
  • Look out for faded cheques, as chemicals could have been used to remove information
  • Be wary of typed cheques
  • Don’t accept unsigned cheques
  • Be cautious of cheques with shaky and unclear signatures; this could indicate that the signature was traced
  • Make sure that the same pen has been used throughout the cheque, as well as the same handwriting.



Online Banking

  • Pricing

  • Callback Form

    Saving your details - Please Wait...
    First name:
    Country code:
    Area code:
    Local number:
    Country code:
    Area code:
    Local number:
    Product of interest:
    Convenient time to call: