Security rules and recommendations
The security of operations performed by Pekao24 e-banking system depends not only on us, but also on the user.
Therefore, in order to use online banking without fear, follow our recommendations and the basic security rules.
-
We remind you about security rules
-
Please remember!
- Before logging in, check if the website address is correct.
- Bank never asks you to fulfill complete password during logon to the electronic banking services.
- Protect your card PIN and password, PIN or biometric pattern used to log in to electronic banking against access by others.
- Remember, a real bank employee will never suggest you transfer money or withdraw money from your account for security reasons.
- If you receive a call from someone claiming to be a bank employee, ask them to verify their identity in PeoPay app or Pekao24 website or hang up.; more information.
- If you receive a phone call from a person claiming to be an employee of the bank's security department, hang up and call the official bank hotline to report the situation.
- Check that the SMS with authorozation code or authorization notification from the PeoPay application are compatible with the operation you are currently performing.
- Do not give anyone the code to activate the PeoPay application. Do not enter it anywhere except the PeoPay application installed by you on your phone.
- Do not install the application at the request of a third party (such as nyDesk, TeamViewer or Quick Support), that allows criminals to take control of your device or even your bank account. The bank never asks to launch this type of application.
- Do not install additional software that is "supposedly" required due to the so-called "payment security" or which will enable you to receive remote support.
- Do not install on your computer and phone software from sources that you do not trust. Some applications may allow unauthorized persons to track the data entered in the browser, register activities performed on the Internet or automatically redirect SMS with the authorization code.
- Never trust the e-mail sender. Fraudsters have capabilities to prepare an e-mail in a way it makes an impression as it was sent from an institution or a person which you trust. Please use caution and limited confidence in relation to e-mails containing fee requests, false invoices or warnings about a cell phone infection or blocking access to the Pekao24 service.
- Do not use any address or links received via SMS, e-mail or social media.
- Do not disclose your card details and CVV2/CVC2 code to third parties - bank never asks for it.
- Do not give your card number under the pretext of receiving payment for the sold item - to settle accounts with the contractor, provide your account number.
- Never share the BLIK code with third parties via messages or instant messaging. Fraudsters may impersonate people you know to trick you into performing such an operation.
- When logging in to the Pekao24 website, use two-factor login using the PeoPay application or hardware key; more information
- Inform the bank about all suspicious situations immediately!
In case of any questions or doubts please do not hesitate to contact the consultants who are available all day. Call +48 519 222 222 (fees due to the operator rate).
-
-
Avoid being manipulated by scammers
-
Criminals often resort to psychological manipulation to persuade you to make a mistake and disclose information e.g. about login details for online banking. Check what situations should make you more cautious and what situations you should avoid.
- Do not use the address from the link received in a text message, instant messaging application or e-mail to log in to online banking.
- Do not install any applications (e.g. AnyDesk, TeamViewer, Quick Support, ZOOM) at the request of a third party – these are "remote desktop" applications that allow remote support to users of computers and smartphones. Criminals use these types of applications to take control of your device, view the data contained on it and the text you enter (which allows them to learn your username and password). We will never ask you to install any software.
- Do not install any software on your computer or mobile device from sources you do not trust. Some applications may allow unauthorised persons to track data you enter in the browser, record your online activities, or automatically redirect text messages with an authorisation code.
- Do not trust the e-mail sender. Scammers can create a message that will seems to have been sent by a person or institution you trust.
Exercise caution and limited trust with regard to e-mails containing information about payment requests, false invoices or warnings that your mobile phone has been infected or that your access to the Pekao24 service has been blocked. - Be wary of a phone call from someone claiming to be a bank security employee. When in doubt, hang up and call the bank's official hotline (519 222 222) to verify the situation and confirm the employee's identity.
Remember, criminals have the ability to spoof any phone number. - Never share the BLIK code with third parties via text message or instant messaging application. Scammers can impersonate people you know to trick you into doing so.
- Take your time. If during a phone call the caller is trying to convince you to act immediately, be skeptical. Do not let the sender's pressure affect your assessment and judgment.
-
-
Secure your computer and phone
-
Being reckless about updating your computer or phone software can make it easier for criminals to access your data. Check what you should do.
- Use antivirus software. Install it on your computer, smartphone and tablet to protect them from malware.
- Use only legitimate software.
- Keep your operating system and software up to date.
In the case of any operating system (including mobile), the rule of thumb regarding its safe use is regular updating of the system and software (applications). Updates remove software bugs that can be used by third parties to gain access to your confidential data. - Avoid public Wi-Fi networks. Do not log in to the Pekao24 online banking via public Wi-Fi networks.
-
-
Set a secure password for the router
-
If you are using a router, set your own, secure and hard-to-crack password for this device.
Routers usually have a simple, pre-set password to protect access to their administration panels. By learning such password, anyone can change your router settings, which can redirect you to websites designed to steal confidential data or to distribute malware.
-
-
Read our warnings about current threats to online banking users
-
Carefully read the security messages:
- placed on the Pekao24 online banking login page;
- displayed on screen immediately after logging in to the Pekao24 website;
- internal mail messages.
If we obtain information that the data necessary to log in or to authorise the transaction are in the possession of a third party, access to the Pekao24 service may be immediately blocked. You will be informed of this fact:- when you try to log in;
- by phone to call back;
- or in writing.
-
-
Act quickly in case of loss or theft of login and authorisation data in the Pekao24 e-banking system
-
If you lose your online banking login details or suspect that an unauthorized person may have gained access to them, e.g. as a result of theft or unauthorised use of your phone, you should immediately:
- block the Pekao24 service and the mobile application yourself; or
- contact a Pekao24 consultant at +48 519 222 222 (call charge according to the operator's price list) to block access to the Pekao24 service or to cancel login and authorisation data; or
- report this fact at any bank branch.
-
-
Contact us in case of actual or suspected fraud
-
Please notify us immediately if you find that there are transactions in your account that you have not authorised.
Inform us about all suspicious events and unusual situations that you have noticed when using the Pekao24 e-banking services and about potential attempts of social engineering attacks aimed at e.g. phishing.
E-mails urging you to disclose information used to log in or to authorise transactions in the Pekao24 system, containing links to the login page, as well as persuading you to disclose your card details should also be considered a phishing attempt.
Control the security settings in the Pekao24 e-banking system yourself. Remember that you can change the limits of daily or monthly transactions carried out on the Pekao24 website, PeoPay application or by card at any time. You can also block specific access channels to your account if you are concerned that an unauthorised person has access to your login or authorisation details.
In case of any questions or concerns:- send a message via the internal mail of the Pekao24 website;
- if necessary, immediately contact a Pekao24 consultant at +48 519 222 222 (call charge according to the operator's price list), who will advise you how to act in a given situation. You can contact our hotline 24/7. Each notification will be subject to a detailed analysis.
-
-
Act quickly if your identity documents are lost
-
If you lose your ID or other identity document, you should as soon as possible:
- report the loss of the document in any branch of Bank Pekao S.A. or any other bank accepting lost ID reports from persons who are not its customers;
- notify the police (if the document has been stolen);
- notify the nearest municipal authority or consulate in order to obtain a new document.
-