Safety rules

Remember: Protect your customer number, password and card details.

• Before logging in, always check if the website address is correct - https://www.pekao24.pl/logowanie
• Whenlogging in, check that the connection is encrypted (the website address starts with https) and that there is a lock symbol in the browser. Remember that the correct login page address is crucial. If the address is different, do not attempt to log in!
• Log in only in person - keep the username and password used to log in to Pekao24 websites confidential.
  Disclosure of login details to other persons or institutions is in breach of the Regulations of Bank Pekao S.A. accounts for natural persons.
• We never ask for the full password to the Pekao24 e-banking system. 
  The password to the Pekao24 website is masked, which means that when logging in you only have to enter selected characters.
• Over the phone, our employees never ask for a username, password or PIN. Logging in to telephone services is ALWAYS done using automated services.
• Protect your card details and PIN – sharing card details allows anyone to pay with it. Enter these data online only when you want to pay by card.
• Do not share the activation code for the PeoPay application with anyone. Do not enter it anywhere except the PeoPay application installed by you on your phone. 
• Check that the text message with the authorisation code matches the operation you are performing. 
• Change your password to the website on a regular basis.
  A secure password should consist of uppercase and lowercase letters, numbers, and special characters (e.g. ?, #, @, &) and should not be a dictionary word or a password used on other websites.

Criminals often resort to psychological manipulation to persuade you to make a mistake and disclose information e.g. about login details for online banking. Check what situations should make you more cautious and what situations you should avoid.

• Do not use the address from the link received in a text message, instant messaging application or e-mail to log in to online banking.
• Do not install any applications (e.g. AnyDesk, TeamViewer, Quick Support, ZOOM) at the request of a third party – these are "remote desktop" applications that allow remote support to users of computers and smartphones. Criminals use these types of applications to take control of your device, view the data contained on it and the text you enter (which allows them to learn your username and password). We will never ask you to install any software.
• Do not install any software on your computer or mobile device from sources you do not trust. Some applications may allow unauthorised persons to track data you enter in the browser, record your online activities, or automatically redirect text messages with an authorisation code.
• Do not trust the e-mail sender. Scammers can create a message that will seems to have been sent by a person or institution you trust. 
  Exercise caution and limited trust with regard to e-mails containing information about payment requests, false invoices or warnings that your mobile phone has been infected or that your access to the Pekao24 service has been blocked. 
• Be wary of a phone call from someone claiming to be a bank security employee. When in doubt, hang up and call the bank's official hotline (519 222 222) to verify the situation and confirm the employee's identity.
  Remember, criminals have the ability to spoof any phone number.
• Never share the BLIK code with third parties via text message or instant messaging application. Scammers can impersonate people you know to trick you into doing so.
• Take your time. If during a phone call the caller is trying to convince you to act immediately, be skeptical. Do not let the sender's pressure affect your assessment and judgment.

Being reckless about updating your computer or phone software can make it easier for criminals to access your data. Check what you should do.

• Use antivirus software. Install it on your computer, smartphone and tablet to protect them from malware.
• Use only legitimate software.
• Keep your operating system and software up to date.
  In the case of any operating system (including mobile), the rule of thumb regarding its safe use is regular updating of the system and software (applications). Updates remove software bugs that can be used by third parties to gain access to your confidential data.
• Avoid public Wi-Fi networks. Do not log in to the Pekao24 online banking via public Wi-Fi networks.

If you are using a router, set your own, secure and hard-to-crack password for this device. 
Routers usually have a simple, pre-set password to protect access to their administration panels. By learning such password, anyone can change your router settings, which can redirect you to websites designed to steal confidential data or to distribute malware.

Carefully read the security messages: 

• placed on the Pekao24 online banking login page; 
• displayed on screen immediately after logging in to the Pekao24 website; 
• internal mail messages. 

They contain information about current threats and possible attempts of social engineering attacks. In matters concerning e.g. unauthorised access to the Pekao24 website or suspicion of fraudulent transactions, we may also contact you by phone.

If we obtain information that the data necessary to log in or to authorise the transaction are in the possession of a third party, access to the Pekao24 service may be immediately blocked. You will be informed of this fact: 

• when you try to log in; 
• by phone to call back; 
• or in writing. 

You will also be able to obtain information about the reason for blocking the Pekao24 service in any bank branch.
 

If you lose your online banking login details or suspect that an unauthorized person may have gained access to them, e.g. as a result of theft or unauthorised use of your phone, you should immediately:

• block the Pekao24 service and the mobile application yourself; or
• contact a Pekao24 consultant at +48  519 222 222 (call charge according to the operator's price list) to block access to the Pekao24 service or to cancel login and authorisation data; or
• report this fact at any bank branch.

Please notify us immediately if you find that there are transactions in your account that you have not authorised. 

Inform us about all suspicious events and unusual situations that you have noticed when using the Pekao24 e-banking services and about potential attempts of social engineering attacks aimed at e.g. phishing.

E-mails urging you to disclose information used to log in or to authorise transactions in the Pekao24 system, containing links to the login page, as well as persuading you to disclose your card details should also be considered a phishing attempt.
Control the security settings in the Pekao24 e-banking system yourself. Remember that you can change the limits of daily or monthly transactions carried out on the Pekao24 website, PeoPay application or by card at any time. You can also block specific access channels to your account if you are concerned that an unauthorised person has access to your login or authorisation details. 

In case of any questions or concerns:

• send a message via the internal mail of the Pekao24 website; 
• if necessary, immediately contact a Pekao24 consultant at +48 519 222 222 (call charge according to the operator's price list), who will advise you how to act in a given situation. You can contact our hotline 24/7. Each notification will be subject to a detailed analysis.

If you lose your ID or other identity document, you should as soon as possible:

• report the loss of the document in any branch of Bank Pekao S.A. or any other bank accepting lost ID reports from persons who are not its customers;
• notify the police (if the document has been stolen);
• notify the nearest municipal authority or consulate in order to obtain a new document.

Additional information on reporting lost documents can be found on the website of the Polish Bank Association http://zbp.pl/dla-konsumentow/zastrzeganie-kart-i-dokumentow/zastrzeganie-dokumentow