Protect your data and money
Since safety of our clients data is our top priority, every day we strive to ensure their safety and confidentiality by applying the latest technology and top security standards. Considering that, unfortunately, everyday all around the globe and in our country we witness new ways of committing fraud, this document will give recommendations on how to protect your data.
The recommendations provided below will not only help you use digital channels of Banca Intesa in safe manner, but will also help you with everyday use of other online services, such as e-mail, social media and other content.
General safety recommendations
- It is not recommended to use public or unsecured computers to login to digital banking applications (e.g. computers in hotels or internet cafes).
- Every time you log in check date and time of the previous login.
- Check your account balance and transaction details regularly (daily checks are recommended) to verify payment details, as well as other information about transactions; if you discover any suspicious transaction, please report it to the Bank immediately. If you don’t use digital channels of Banca Intesa to perform transactions activate them for overview of your accounts so you could timely identify suspicious transactions.
- Register your mobile phone number at the Bank teller and enable SMS notifications about bank balance changes and payment card transactions.
- Do not use your personal number, account number or any other personal or account information to create short name for your account in digital channels applications.
- Never leave your computer unattended while using Bank’s digital channels.
- We recommend that you never perform banking transactions while having several different internet browsers open on your computer.
- Always properly log out from Bank’s digital channel application by using the appropriate logout command. Closing internet browsers doesn’t always mean that you’ve been logged out from the system (session is interrupted).
How to avoid phishing, spyware and malware
All e-mails from Banca Intesa will always be sent from email@example.com and firstname.lastname@example.org.
All messages containing sensitive data forwarded by Banca Intesa will be protected by digital signature.
Banca Intesa will never ask you to provide confidential data by e-mail, SMS or phone and will never send you a link requesting you to enter confidential data, such as: User ID, PIN, payment card details and other confidential data. If you receive such e-mail, SMS or telephone call, please contact the Bank immediately through official Contact Centre (011 310 88 88).
Protect yourself from those who present themselves as Banca Intesa employees (online or over the phone) and ask you for information that can then be used by them in an unauthorized manner.
A third party can contact you by phone and request information from you such as username, password, PIN, payment card data (number combined with validity date), which can then be used in an unauthorized manner.
They can also contact you via email or SMS and ask for your confidential information. These messages are, graphically and substantively, very similar to those you use in communication with the bank or another institution, and aim to steal confidential and sensitive information from you and commit fraudulent financial transactions and fraud.
Examples of attempted fraud
BANCA INTESA COMMUNICATES VIA
- e-mail: email@example.com and firstname.lastname@example.org
- SMS: BancaIntesa
- Social media: Facebook, Instagram, Twitter, YouTube i LinkedIn
- Phone: + 381 66 894 60 00 ili + 381 66 894 69 99
- Bookmark the links to Banca Intesa, Banca Intesa e-banking and Banca Intesa Secure in your internet browser and access these websites via bookmarks only, never by clicking on a link from suspicious email.
- Do not open e-mails from unknown senders. Always be suspicious about e-mails that are allegedly sent by a financial institution, state institution or any other agency that requests your login details, your account or payment card details or requests you to verify your account or credentials for access to Bank’s digital channels, such as username, password, PIN code and similar data. If you open files attached to an email or click on a link from suspicious e-mail your computer may get infected by malware, which will allow hackers to take full control of your computer and have full access to all confidential data stored in the computer.
- Never respond to suspicious e-mails and never click on links in the e-mail body. Contact the alleged sender if you doubt his legitimacy.
- Install anti-virus software and firewall, as well as spyware and malware detection software and update them regularly.
- Regularly install patches for your computer’s operating system, update operating system and key applications.
- Check your internet browser settings and select at least medium level of security.
- When you access websites (including Bank’s e-banking site) that are protected by transport encryption (e.g. csl/tls protocol, https in the link) make sure to check the associated digital certificate for time validity (i.e. if it has expired), check if the certificate has been issued by trusted certification body that is recognized as trusted by your internet browser, as well as if the certificate is issued for the link your accessing (i.e. is the link contained in the subject field of the certificate). Follow the link only after successfully checking all the above.
- Regularly backup the data that is the most critical for the tasks you perform on computer, because that is the only safe way of staying protected from possible ransomware attacks. If nevertheless you become a victim of such attack, never accept the blackmail and never pay the ransom to the criminals.
How to avoid emails getting intercepted
- The malicious users may intercept business correspondence between foreign supplier and domestic buyer (legal entity), change details in the foreign invoice, replace the account of the foreign supplier with a third-party account that may be accessed by malicious users.
- Do not use free e-mail services for business correspondence.
- Install and regularly update your operating system, anti-virus software and firewall on your computer.
- Send confidential and personal information, as well as any business correspondence, by protected e-mails only.
- If you use e-mail to exchange business-related documents that may contain confidential information with the Bank, please check with your contact person in the Bank (employee of the bank responsible for communication with your), if it is possible (and how) to fully protect the e-mail communication between you and the Bank in order to prevent leaking of confidential data (personal or corporate) through this communication channel.
- Do not use public computers (internet cafe) to perform business tasks.
- Before you pay foreign invoices of significant value, always confirm and verify payment instructions with the issuer (foreign supplier).
- After paying a foreign invoice, always check with the issuer if the transaction has been successfully completed.
Recommendations on configuration of home WiFi
Wireless network (WiFi) may create an “open door” for unauthorised access to your computer network.
If you use home WiFi network, it is recommended to secure in the following way:
- Change administrator password of WiFi device from factory default to strong password. Write down new password and keep it at safe location, because you may need it to configure your WiFi device in the future.
- Disable remote administration of WiFi device.
- If acceptable, disable broadcast of your wireless network SSID.
- Enable WPA (or WPA2) encryption and define WPA password for access to your WiFi network.
- If only known computers or mobile devices will access your WiFi network, consider enabling MAC filter on your device. Each computer or any other device with network card will have factory assigned unique MAC address. MAC filter will allow only devices with registered MAC address the network.
Recommendations for mobile banking
- Immediately report to the Bank any loss, theft, fraud, unauthorized use, change or cancellation of mobile phone number and mobile device (mobile phone or tablet) on which you use authentication means and m-banking services, either by visiting the Bank or via official Contact Centre of the Bank.
- Avoid using unsafe WiFi networks, such as open and public WiFi networks, to carry out banking transactions or to check accounts. Instead, if no safe WiFi network is available, always use mobile data network for m-banking services on your mobile device (mobile phone or tablet).
- Download and install apps only from official Apple, Google Play or Huawei stores.
- Install and regularly update your operating system, anti-virus software and firewall on your mobile device.
- Restrict access to your mobile phone by appropriate password or any other security parameter (fingerprint or face recognition).
- Never use password from your social media as an access password for your phone or phone apps.
- Turn off Bluetooth and NFC, when you’re not using them. They may be used for unauthorized access to confidential data stored on your mobile device.
- Activate encryption on mobile device to protect confidential data.