We are currently investigating a phishing incident that has affected customers of a small number of allpay clients.
Phishing attacks are a common form of cybercrime, where individuals are contacted by someone pretending to be a trusted organisation in an attempt to obtain personal or financial information. These messages can arrive via email, text message, or phone call and often appear convincing.
At this time, there is no evidence to suggest that allpay systems or platforms have been compromised. The activity identified appears to involve phishing attempts made directly to end customers, rather than unauthorised access to our services.
What we’re doing
As soon as we became aware of the issue, our teams began investigating and taking appropriate action. This includes:
- reviewing activity across our systems as a precaution
- working closely with our cyber security specialists
- supporting affected clients where required
We are continuing to monitor the situation closely to ensure the ongoing security of our services.
What clients and customers should know
While phishing attempts can be worrying, there are steps that individuals can take to help protect themselves:
- be cautious of unexpected messages requesting personal or payment information
- avoid clicking links or downloading attachments from unknown or suspicious sources
- verify communications by contacting organisations through known, official channels
Legitimate organisations will never ask customers to share sensitive information such as PINs, passwords, or full card details via unsolicited messages.
Our commitment to security
Keeping our clients and their customers safe is a responsibility we take seriously. We continuously review and improve our security controls and work proactively to identify and respond to emerging threats.
We will provide further updates if there is any new information that clients need to be aware of.
If you have any concerns or questions, please contact your usual allpay contact or our support team.
