Security and privacy

Your security and privacy are our priority. Help us by investing a few minutes in our recommendations.

Ver Carry out a transaction Carry out a transaction

We strive to deliver high protection and privacy for your data. The ways we do this are as follow:

  • High security standards are developed and implemented to protect the authenticity, confidentiality, integrity and availability of our information systems as regards their operability and technical aspects.
  • The web servers use an Extended Validation Certificate issued by Entrust.
  • All information transmitted is encrypted with standard algorithms and keys established on each connection using TLS protocol, and our systems connected to the Internet have been protected by “firewalls” and intrusion detection systems, which would prevent a possible attack by protecting our Online Banking.
  • We run regular internal and external Intrusion Tests on our Information Systems.
  • We automatically disconnect you from the session after a period of inactivity. This measure prevents someone else from accessing your data on your computer if you forget to log out (by not clicking on Log Out).
  • We oblige you to change your password the first time you log in so only you know it. This ensures that no one can steel your identity.
  • The online banking password consists of a keyword that must have at least 4 characters, combined with another random password that is generated by your personal TOKEN and which is regenerated every 60 seconds, making it more difficult for someone to guess them by trying different options.

Ver Security Security

Security on the internet

The volume of attempted fraud against us and other banks is increasing every year. These attempts involve emails that request your login credentials in response to a supposed 'security issue'. Bankinter will never ask you for your login credentials, either by mail or any other means. If you have any doubts about the authenticity of an email in our name, contact Bankinter immediately.

Recommendations for your login credentials:

  • Change your username and password regularly.
  • Include numbers and letters in your username and password. Avoid using real names or things associated with you.
  • Never reveal your credentials, especially by email or phone.

Remember: No one at Bankinter will ever ask for your password. If this happens, it's an attempt at fraud (phishing, smishing, vishing, etc.). Don't trust emails asking for your details, pop-up windows or forms that ask you to enter several codes to sign transactions, even if they seem to be from us.

Recommendations for your connections

  • Don't use the 'Autocomplete passwords' option to connect to an entity or service.
  • Don't forget to disconnect from the website once you have finished with it.

Recommendations for your computer

  • Keep your browser version updated.
  • Keep your operating system up to date with the latest updates.
  • Avoid downloading from unknown web sites.
  • Always keep your antivirus up to date.

Security on your computer

The security of your computer is vital. It must always be up-to-date.

Regardless of what you use your computer for, it should always be protected with appropriate tools, such as:

  • An antivirus, which must always be up to date.
  • A firewall.

Security on your smartphone

Mobile phones can also be infected with a virus.

Our advice is:

  • Do not breach the manufacturer's security (root/jailbreak).
  • Install an antivirus.
  • Do not download applications from unofficial sites.
  • Be careful about the installation of applications and the permissions you give them.

Security in your browsers

It is important that the browsers you use to access Bankinter Online Banking are up-to-date, this can help us prevent fraud, as they feature prevention technologies.

Ver Privacy and data Privacy and data

Privacy

Bankinter processes your personal data in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Accordingly, we hereby inform you that Bankinter Luxembourg, S.A. ('Bankinter') is the party that controls your data.

As the data controller, Bankinter has the technical, organisational and human resources needed to guarantee the security and protection of its information systems, along with the customer information and data they host.

We will not transfer your personal data to any third parties, unless it is to comply with a legal obligation or unless you give your consent. However, service providers that Bankinter engages or may engage as data processors may have access to your personal data. In these cases, Bankinter guarantees the confidentiality of the personal data provided to third parties, as well as the implementation of appropriate security measures by these parties.

Your personal data will be processed to comply with the applicable legal obligations and with the rights and obligations specified in your contracts with us.

Remember, you may exercise your rights of access, rectification, erasure, objection, restriction of processing and data portability in the circumstances and under the scope established by applicable legislation by writing to [email protected] or by calling us on +352 202 101 27 / +352 202 101 44.

For more information about how Bankinter processes your data, and in particular about the lawful basis for doing so, please refer to 'Use of personal data' in the 'Privacy and Data' section on www.bankinter.lu.

For more information about Bankinter's privacy policy, please go to Privacy policy.

If you have any further questions, please contact our Data Protection Officer at the following email address: [email protected].

Use of personal data

You can find information on how we obtain your data, why we process them, the lawful basis, the recipients of your data, and your personal data rights under Information on data protection (pdf).

For more information about Bankinter's privacy policy, please go to Privacy policy.

Ver FAQs FAQs

How to detect and protect yourself from Phishing

Millions of emails are sent every day to try to acquire sensitive data. These emails usually ask users for their personal data with the excuse of a security update or a blocked account.

They take advantage of the trust that users have in their bank.

Remember: Your token, username and password are used to carry out transactions and nothing else. So if someone asks you for them on our behalf. It is not us.

Bankinter will never contact you to ask you for your coordinates, username or password. If in doubt, contact Bankinter immediately.

Why are we telling you this? Because there have been isolated cases of attempted fraud asking for this information, usually through emails. This criminal technique is called phishing and we don't want you to be affected by it. So to help you, here are some useful tips:

  • If you have logged in to our website and you are asked to enter a coordinate without having started a transaction that would require it, don't do it: it may be a virus.
  • Don't open suspicious-seeming emails without confirming the identity of the sender by phone or in person.
  • Always check that the address in your browser bar is Bankinter's address.
  • Ignore emails and calls that threaten to block your accounts or credit cards if you don't update your data. A bank would never do something like that.
  • Don't open attachments from unknown sources.
  • Don't open unexpected attachments, even if you think you know where they are from.
  • Don't open attachments that are downloaded after clicking on a link in the text of an email.
  • Don't open attachments with executable extensions (.exe, .bat, .com, .cmd, .scr, .vbs, etc.).

How can I protect myself from identity theft?

To protect yourself from identity theft, you must protect your personal information and passwords.

The first barrier is your password. This must be different to the one you use on other websites and it must be sufficiently strong.

What is a banking Trojan?

A Trojan is malware (a malicious program) that is presented to the user as a seemingly legitimate and harmless program. But when it is executed it performs actions unknown to the user that put the security of the device at risk, such as allowing remote administration of a computer by an attacker. Trojans usually take total control of your equipment by exploiting weaknesses that have not been patched in installed components. The name comes from the famous Trojan horse used by the Greeks as way of getting into Troy.

Once the attacker has control of the infected system, it becomes part of their network of machines, or BotNet. The attackers then usually put their BotNets at the disposal of the highest bidder in black market web pages designed for these purposes. BotNets are used for many purposes. These range from stealing confidential information (account information, email addresses, bank passwords, confidential documents, account numbers, credit card data, etc.) to causing service denials on servers (DDoS).

What is a virus?

Viruses are malicious code that is installed on our computers without us noticing. The virus contaminates our computer when we open an infected file, which usually comes to us in an email or when downloading a P2P network program. This contaminated file does not have to be an executable program, there are viruses that can be latent in Excel spreadsheets or Word documents, documents such as PDFs, or even in images. Viruses affect every operating system in use today. They usually act by draining the resources of our computers, causing productivity problems. A clue about a possible infection is that programs that used to work properly now need more resources and time and our computer starts going "slower" than usual.

How can we avoid getting a virus?

  • Install an antivirus.
  • The antivirus must be set up to update every day.
  • We must never install pirated software.
  • We should never open files in emails from unknown sources. If the message is suspicious, we should not open it, even if we know where it comes from.