Security and Privacy
Your Security and Privacy is our priority. Help us by investing a few minutes in our recommendations.
Security Measures in Online Banking
We work to offer you a high level of protection and privacy of your data and for this purpose:
- High security standards are implemented and developed to protect the authenticity, confidentiality, integrity and availability of IT Systems through their organizational and technical aspects;
- Online Banking servers use an Extended Validation Certificate issued by Entrust;
- All the information transmitted is encrypted with standard algorithms as well as codes established in each connection through TLS protocol, and our systems connected to the Internet have been protected by "firewalls" and intrusion detection systems, which would prevent a possible attack protecting our Online Banking;
- We submit our IT Systems to periodic Intrusion Tests, both internal and external;
- We automatically disconnect you from the session due to absence of use after 30 minutes. This measure prevents that if you are not using the session or have forgot it (if you do not use the Disconnect option), another person cannot access your data on your computer;
- We compel you to change the password on your first connection preventing the possibility that another person can replace you. As such, we make sure that only you know it;
- The Online Banking password consists of a keyword that must have at least 4 characters, combined with another random key that is generated by your personal token and which is regenerated every 60 seconds. Thus, it will be more dificult to someone obtain them by trying several options.
Every year there is an increase of fraud attempts in our Bank as well as in other banking entities. These attempts are made through emails under a supposed " Security Issue", and your passwords are requested. At Bankinter, we will never ask you for your access codes either by mail or by other means. If you have any question about the authenticity of an email in our name, contact Bankinter immediately.
Recommendations about your access codes:
- Periodically change the user and password;
- Seek to include numbers and letters in the username and password. Avoid using proper names, or topics related to your person.
- Never reveal your access codes, and less by email or phone.
Remember: Bankinter will never ask you about your password. If this happens, it is a fraud attempt (phishing, smishing, vishing, etc.). Do not trust emails that request your data, pop-up windows, forms that ask for several codes to sign operations, although apparently it comes in our name.
Recommendations about your internet connections
- Periodically change the user and password;
- Do not forget to disconnect you from the web once you have operated with it.
Recommendations about your computer
- Have an update version of your browser.
- Install an update version of your operating system.
- Avoid making downloadings from unknown web pages.
- Have always an updated version of an antivirus.
Security in your equipment
The security in your equipment is fundamental. Your equipment should always be updated.
Regardless of how you use your computer, it is recommended that you be protected with the appropriate tools, such as:
- An update version of an Antivirus.
Security in your smartphone
Mobile phones can also be infected with a virus. We suggest:
- Do not contravene the manufacturer's security (root / jailbreak).
- Have an antivirus installed.
- Do not download applications from unofficial repositories.
- Be careful when installing new applications and the permissions that are given to them.
Security in your browsers
It is important to have updated browsers to access Bankinter Online Banking. These can help us to prevent fraud, since they have prevention technologies.
Privacy and Personal Data
The handling of your personal data by Bankinter is made in compliance with the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data. Thus, we inform you that Bankinter Luxembourg S.A. (hereinafter, "Bankinter") is responsible for handling your personal data.
Bankinter, in his capacity of data controller, has the necessary technical, organizational and human resources in place to guarantee the security and the protection of its IT Systems, as well as the data and information stored therein.
Your personal data will not be disclosed to third parties, except in case of a legal obligation or in case you give your consent. However, providers with whom Bankinter has or may have a legal agreement in place may have access to personal data in their capacity of data processor. In these situations, Bankinter guarantees the confidentiality of the personal data provided to third parties and the application by them of the appropriate security measures.
We hereby inform you that your personal data will be handled to comply with legal obligations and the rights and obligations contained in the agreements that you have enter into Bankinter.
We remind you that you can exercise your rights of access, rectification, cancellation, opposition, restrict processing and data portability in the cases and within the scope of the legal and regulatory framework applicable at any given time, by sending an e-mail to dataprivacy@bankinter or by calling us to the following telephone numbers +352 202 101 27 / +352 202 101 44.
You can obtain more information about how Bankinter handles your personal data, notably in what concerns to legitimacy, by consulting the section "Use of personal data" in the section "Privacy and Personal Data" at www.bankinter.lu.
If you have any question, you can contact our Data Protection Officer by sending an email to firstname.lastname@example.org.
Use of Personal Data
For more information how Bankinter has obtained your personal data, the purposes for which handles it, legitimacy grounds, data recipients and the related rights, please access to Information about Data Protection
Frequently asked Questions
How to detect and protect us from Phishing?
Millions of emails are sent daily which sole purpose is to obtain personal data. These emails usually ask users for their personal data with the sole pretext of a security update or an account lock.
They take advantage of the confidence that users have placed in their Bank.
Remember: your token, username and password are used to operate and for nothing else. Therefore, if someone asks you for it in our behalf, be suspicious. It's not us.
Bankinter will never contact you to ask you about your coordinates, username or password. In case of doubt, please contact Bankinter immediately.
Why are we telling you this? Because there have been isolated cases of fraud attempted, usually through emails, asking for this information. This criminal technique is called "phishing" and in Bankinter we do not want it to affect our clients. Therefore, we give you the following useful and simple tips:
- If once connected to our website, someone asks you to enter a coordinate without having started any operation that requires it, do not do it, it may be due to a virus.
- Do not open emails that are suspicious, without confirming by phone or in person the identity of the sender.
- Always verify that the address that appears in the bar of your browser is the one of Bankinter.
- Do not take in consideration emails or calls that threaten to block your accounts or credit cards if you do not update your personal data. A Bank would never do something like that.
- Do not open attachments of unknown origin
- Do not open unexpected attachments, even if they seems familiar to you.
- Do not open attachments that are downloaded after clicking on a link included in the text of an email.
- Do not open attachments that have executable extensions (.exe, .bat, .com, .cmd, .scr, .vbs, ...).
How to protect you from an identity theft?
To protect yourself from an identity theft, you must protect your personal information and our access codes.
The first barrier we have is our password. The password must be different from the one used in other websites and must be strong enough.
What is a Trojan virus?
A Trojan is a malware (malicious program) that is presented to the user as a legitimate and harmless program, but when executed it performs other actions unknown to the user and that put at risk the security of the device in which it is executed, such as allowing remote administration of a computer by an attacker. To have total control of the equipment, the Trojans usually take advantage of weaknesses not patched in any of the installed components. The name comes from the well-known Trojan horse that was used by the Greeks as an entry strategy in Troy.
Once the hacker has control of the infected system, it becomes part of an equipment network or BotNet. The most common is that hackers put their botnets at the disposal of the highest bidder on black market web pages for these purposes. The use given to these BotNets is diverse. It passes from the identity theft (account information, email addresses, bank passwords, confidential documents, account numbers, credit card data ...) to its use to cause denials of service on servers (DDoS).
What it is a virus?
We call virus to a wicked code that is installed on our computer without we are aware of. This virus will infect our computer when opening a file previously infected, which usually arrives to us through an electronic mail, or when downloading a program of P2P networks. This contaminated file does not have to be an executable program, there are viruses that can be latent in Excel sheets, in Word documents, PDFs documents, or even in images. Virus can affect all operating systems known and used today. They usually act by reducing the resources of our computers and thus causing productivity problems. In fact, we can detect a possible infection if a program that we are used to work with now need more resources and time and, therefore, our computer starts to go "slower" than usual.
How to avoid getting infected with a virus?
- Installation of an antivirus.
- The antivirus must be set up in order to be daily updated.
- We should not install illegal software.
- We should not open files in emails from unknown sources. If the message is suspicious, even if the source is well- known, we should not open it.