Recommendations

While using the Pekao24 services, meet the basic safety rules:

• Log only in to the www.pekao24.pl website. Prior to logging, please always check whether the connection is encrypted (if yes, the website address starts with https) and whether the browser features a padlock icon.
• Do not log in using the address or link received via email or instant messenger. The bank never sends such messages.Treat such correspondence as an attempted fraud involving phishing attack by persons pretending to be a financial institution.
• If you use SMS codes to authorise your operations via the website, always check whether the text message with the authorisation code is compatible with your operation. Pay special attention to the account number and transaction amount.
• Do not use payment handling services, which require from you to provide your client number, password or operation authorisation code. If you provide such information, it may allow third parties to make unauthorised access to the Pekao24 service, change your personal data or use them for criminal purposes. Remember also that revealing your data required to log in or authorise, is against the Pekao24 Rules and may result in service blocking.
• Read the announcement of the Polish Bank Association regarding the disclosure of sensitive data to the websites offering instant payments.

For each operating system (including mobile), the basic safety rule is to keep your system and software up-to-date, helping you to use your Internet, as well as the browser, instant messaging or emails. Updates remove software errors which may be used by third parties to obtain our confidential data.

It is crucial to use antivirus software securing computers against malware as well as firewalls which control information transfer to and from the Internet, thus preventing the transfer of confidential data.
Remember also to properly protect your phone while using mobile banking. Some devices (smartphones and tablets) are advanced devices equipped with an operating system which should be protected by means of antivirus software.
 

• Do not install any software from the sources you do not trust and be cautious about software downloaded from the Internet.
• Do not run the software sent via email.
  A lot of free software available on the Internet feature adware application which includes ads displaying software (usually banners), regardless of the activity of the users. This type of software is often installed on computers when the user views websites, without his/her knowledge and consent.
• Some software features also spyware, providing the application designers with many valuable information about the user – mainly the IP address, operating system used, browser and sometimes the websites the user visits. Adware/spyware applications may allow unauthorised parties to trace the details entered by the User in the browser, including financial information (client number, PIN, payment card number, etc.), which the Bank may not affect whatsoever as it is not the party authorised to control the computer environment of the User.
• The symptoms telling you that your computer is infected may usually include: system operation slowdown, increased number of adverts (pop-up windows in particular), changes to the browser operation, issues with the operation of certain software.

• The latest versions of popular browsers, such as Mozilla Firefox, Chrome, Opera or Internet Explorer feature many functions, e.g. phishing filter, considerably protecting against Internet fraud and increasing the security of the electronic banking use. Such frauds are known as “phishing”. They usually attempt to convince you to visit a fake website where you can be requested to provide your confidential personal data or your credit card number. Such type of identity theft has been very popular for some time.
• Download all updates for your browsers as gross errors have been detected repeatedly; it is critical to install the latest patches published on a given software developers’ websites.
  They can protect us against using our browser without the user’s knowledge and in a potentially dangerous manner.
• If you use Internet Explorer 7.0, you must update your browser to the latest version or install a different, more advanced Internet browser.

Depending on the browser version you use, please check how to verify its version and make proper settings.

Check your browser version

The window with the number of your browser version will be displayed if you select:

MS Internet Explorer
Help --> Internet Explorer – Information

Firefox
Help -->About Mozilla Firefox

Chrome
Menu --> Google Chrome – Information

Opera
Help --> About Opera

Set your browser cache
Your browser cache stores the content of the websites you visit. Thus, it may contain important, confidential information regarding e.g., the balance of your accounts or operations effected by the user. It is therefore crucial to configure your browser so the information regarding the encrypted websites you have visited – such as the PekaoInternet website, are not stored by it. Mozilla and Firefox browsers feature the option of not saving the encrypted websites on the disc, which is set by default.

NOTICE!
For Internet Explorer 9, selecting the option “Do not save the encrypted websites on the disc”, makes it impossible to download PDF files from the PekaoInternet.
For this browser, we recommend no to select this option and for safety reasons, please clear the browser history after each logout from the transaction service.

Opera
Select opera:config in the address bar and later select “Cache”, tick the option "Always
Reload HTTPS In History” and accept it by clicking the “Save” button.

Delete the information from your cache / Temporary Internet Files

MS Internet Explorer
Select the following from the TOOLS menu: Internet options / General / Browsing history / Delete and select the button: “Delete...”. Additionally, in the settings of the Temporary Internet Files, you must select the option: “Verify whether there are newest versions of the websites stored: each time visiting the website”.  

Opera
Select the following from the TOOLS menu: Preferences / Advanced / History, and select the option “Empty now”.

Select the JavaScript support

MS Internet Explorer
Select the following from the TOOLS menu: Internet options / Security / Safety level for this zone / Non-standard level / Active scripting / Enable.

Firefox
Select the following from the TOOLS menu: Options / Content / Enable JavaScript.

Opera
Select the following from the TOOLS menu: Quick configuration / Enable JavaScript.

 

• Once you have logged in, check whether you can see the padlock icon on the screen, which means that the connection is encrypted (if yes, the address starts with https instead of http).
• If you find the padlock icon, click it twice to verify whether the displayed certificate is valid and whether it was issued to the Pekao S.A. Bank and the https://www.pekao24.pl/ address. The certificate is issued to certain websites.
  The correct certificate should include:
  - issuer: DigiCert,
  - information regarding the address it was issued to: www.pekao24.pl,
  - certificate validity: from 21/07/2021 until 27/07/2022.

Please remember also that the Bank never sends any security certificates via text messages.

• The advantage of the certificate used is the unambiguous identification of the entity for which the certificate was issued, namely our Bank in this case. In advanced browsers such information is displayed on a green background in the address bar.
• If you cannot see the padlock icon or if the certificate was issued for a different address, do not use the website – in such case, please contact the TelePekao consultant immediately.
• The padlock icons are displayed in the upper part of the screen, next to the website address.

• Always keep your login data to Pekao24 strictly confidential, when you log in, do it in person only. Disclosing your data to third parties or institutions is a violation of the Rules for Pekao S.A. Bank personal accounts.
• During phone calls, the Bank never requests you to provide the PIN number to Pekao24. Logging to the hotline is done AT ALL TIMES by means of automated services.
• The bank never requests you to provide the full password to the website and mobile site.
• If you think that you must write down the client number, PIN or password, do it so in a way that no unauthorised person can correctly identify such information.
• Change your password to the website on a regular basis. Safe password should include capital and small letters, digits and special symbols (e.g., ?, #, @, &) and should be neither a word which can be found in the dictionary nor a password used for other websites. Change your PIN and password every 30 days.
• Please remember also that the Bank never requests you to send such data via email.
• If you use SMS codes to authorise your operations via the PekaoInternet, always verify whether the text message with the authorisation code is compatible with your operation
  Pay special attention to:
  - account number – verify whether it is identical with the account of the recipient of the operation you make
  (Remember! the text message with the authorisation code includes only two first and four last digits of the account number),
  - operation amount – it must be compatible with the amount identified in your instruction.
• Do not reply to the messages from untrusted senders, including offers regarding the agency in transferring online payments. These usually aim to use the bank accounts to transfer stolen funds, which is subject to criminal liability.
• Stay alert, and if you have any doubts, please contact our consultant (801 365 365), who will advise you on further steps.
• Please remember also to logout safely from the PekaoInternet. First, click the “Logout” button and only after that close the browser window.

• While using the Internet, do not log in to the Pekao24 website from public places such as Internet cafés, do not open attachments sent via email or instant messaging from unknown persons. Often, thieves and unauthorised persons send specially fabricated software (Trojans) with a hidden aim to spy on the user’s activity. When the victim connects with the Bank website, Trojan activates and starts saving the data entered by the user on the keyboard. Such data are later sent directly to unauthorised persons.
• Using PekaoInternet, use only one browser window. Once you have finished using the transaction service or if you need to go away from your computer, you must absolutely terminate the session using the “Log out” command available in the top right corner of the page.
• Moreover, verify the last day you logged in to the system. You can see it after logging in to the PekaoInternet, in the “Settings” menu. Additionally, the access to the event log is available from any page of the website, you are currently on, by clicking on the link at the very bottom “Show the event log”.

New versions of popular browsers feature special tools verifying whether the displayed website has no intention of phishing activity. These are the so-called anti-phishing filters. They cannot in fact fully guarantee that the given website is safe for certain, however, they allow you to limit the risk of stealing your confidential data.

To enable the anti-phishing protection in your browser:

Internet Explorer
go to the Tools menu – Phishing websites filter and select the option "Turn on automatic website checking".

Firefox
go to the Tools menu – Options – Safety and select the options: Warn me every time websites try to install ad-ons; Block websites reported as posing a threat or Block websites reported as Internet fraud attempts.

Opera 9.1x
go to the Tools menu – Preferences – Advanced – Security, and select the option: “Turn on protection against fraud and malware”.
 

While using a router or a home wireless network (Wi-Fi, e.g. live box), set your own, safe and difficult to break password to such devices. These devices usually have a predefined simple default password, protecting access to their administration panels.  Knowing such password, a person, acting from outside, may change the router settings, which may result in redirecting to the websites created with the aim of stealing confidential data or distributing malware.

If you lose your identity card or any other identity document, please immediately:

• report lost document in any Pekao S.A. Bank outlet or any other bank accepting such reports from persons who are not the clients of such bank,
• notify the Police (if the document was stolen),
• notify the closest municipal body or a consular post to get a new identity document.

For more information on how to report your stolen/lost document, please visit the website of the Polish Bank Association http://zbp.pl/dla-konsumentow/zastrzeganie-kart-i-dokumentow/zastrzeganie-dokumentow
 

We recommend you to read:

• a guide Cyber-safe wallet - safety rules
• a guide to the safety of online bank transactions
• a guide Safe online shopping - good practices
• latest announcements regarding safety