We've got security covered, so your details are safe with us
Our security standards
Keeping your details secure is a top priority. We follow strict security standards and undergo independent audits, so you never need worry about your transactions with us.
We're fully certified to ISO27001:2013 and PCI-DSS. These are stringent security standards designed to ensure we maintain the highest levels of security.
Just so you know, we were the first lottery in Europe to achieve certification to such high standards. And we don’t stop there. We also undergo monthly checks and regular audits by the British Standards Institute who keep a check on how everything is being done.
We're members of the World Lottery Association (WLA)
They regularly conduct audits to make sure our games and procedures are being run with the highest levels of integrity. We are certified to the WLA Security Control Standard (SCS); the only internationally-recognised security standard in the lottery sector. The WLA SCS couples a comprehensive information security management baseline incorporating ISO/IEC 27001:2013, a leading international standard for information security management, with additional lottery-specific security controls representing current best practice.
We've got it covered
So you can be sure that when it comes to the security of your details, as a responsible operator of The National Lottery, we've got it covered.
Keep your details safe
Stay safe online by creating a secure password and protecting it.
- Choose a password that's easy for you to remember but hard for others to guess
- Create different passwords for all your online accounts
- Keep your password private - don't share it with anyone or write it down
- Change your password frequently
Choosing a good password
- Your password must be 8 - 30 characters long with at least one letter and one number
- Avoid passwords with repeated characters (e.g. aaaaa111, 1111111a) or sequential characters (e.g. 1234567a)
- Avoid using dictionary words, your name, spouse's name, pet's name, birthday or any personal information that others can easily obtain
- Don't use words or phrases that relate to The National Lottery or your account
Choosing a good security question and answer
If possible, give an answer to your security question that is 6 or more characters long.
Additionally, your answer should not be easy to guess and may include, but not start with: apostrophes, full stops, spaces, hyphens and commas.
National Lottery emails
To help ensure your National Lottery emails reach you, please add the following email addresses to your Email Address Book or Safe Senders List:
The National Lottery cannot always guarantee delivery of marketing/service emails to your inbox and anyone who experiences issues should contact their email providers in the first instance.
For information about potential scam emails, please read the 'Avoid lottery scams' section on this page.
Avoid lottery scams
Scammers may try to trick you into thinking you've won.
- Don't pay money to anyone who claims you've won
- Don't give your details to someone who contacts you unexpectedly
- Don't select links in unsolicited emails - even if they use a real company's name or logo
- If you (or your syndicate) didn't buy a ticket, there's no chance you've won
If you think you have been the victim of a scam, contact Action Fraud on 0300 123 2040.
Scam emails, phone calls and letters
Scammers may use emails, phone calls or letters which try to trick you into thinking you've won a lottery prize and may use real organisations' logos in their emails or letters, such as EuroMillions, The National Lottery, the European Union or even the United Nations.
They do this so that they can ask you for money to release the prize or for your personal details, which they can use to try to steal your identity.
The National Lottery will only send you emails from the accounts listed in the National Lottery emails section
Scammers may be able to send out emails which appear to be from a genuine email address, such as the ones listed on this page. They can also create fake websites (also known as 'Spoof websites') which appear to be genuine websites and may even show a genuine website address in your browser bar, for example, www.national-lottery.co.uk.
If you are in any doubt whatsoever about an email you have received, please do not select any links in it. Instead, type the website address directly into your browser. Any prizes which you wish to claim can be done so from your National Lottery account – it is not necessary to select links in emails we send to you to claim your prizes.
Remember that we will never ask you for money to release a prize and we do not give details of winning prize amounts in our emails.
Spoof websites (known as 'phishing' websites) are fake sites created by scammers to look like real company websites, such as bank websites. Scammers send out emails which ask you to enter your account details, with a link to the fake website. They will then collect your account details from the fake website and use this information to access your account.
Spoof websites look very real and can be difficult to spot. To make sure you're on our site, type www.national-lottery.co.uk directly into your browser, rather than selecting links in emails.
For more information about online security, visit www.getsafeonline.org
Have you spotted a security vulnerability?
Email us at: firstname.lastname@example.org
If you’ve identified a security vulnerability impacting The National Lottery, please feel free to let us know by email as soon as you can, but note:
- If you need to share sensitive information, please do not include it in your initial message - we will provide a secure communication method in our reply to you.
- This email address should only be used to report security vulnerabilities. We won’t be able to respond to emails on other matters sent to this address.
If you think someone has accessed your National Lottery account, call us on 0333 234 44 33∞ immediately.