frequent questions
glossary
What is a basic bank account?
Access to the credit intermediary activity
List of authorised credit intermediaries
How to protect yourself from online fraud?
Know your rights when making payments in Europe.
Do you know what the gross domestic product is? What about inflation? (only in Portuguese)
Key tips to protect yourself when choosing online or mobile banking services.
Buying banking products and services on digital channels – because it is simpler and does not require in-person interaction between bank customers and the institution – may hinder:
The identification of the banking service provider and the identification and authentication of bank customers with the provider;
The security of systems and infrastructures;
The reading and understanding of pre-contractual and contractual information;
The protection of personal data.
Bank customers should learn about the banking product or service and the respective provider before conducting banking transactions on digital channels.
The following are some of the main kinds of fraud related to the use of digital channels:
This is when a hacker pretends to be an institution or company, and through fraudulent emails, phone calls (vishing), SMS (smishing) or social network posts tries to persuade the customer to provide personal information, such as passwords and bank account numbers.
At times, hackers use spoofing, a method whereby they copy telephone numbers, email addresses and the look of legitimate entities to be more convincing.
A common form of phishing on the internet is a window that opens when you access a credit institution’s website, requesting data that can be used to access your internet banking service.
Emails associated with phishing are intended to trick customers into clicking on a link that most often redirects them to a fake web page (which may try to imitate their bank’s website). On this fake page, customers are asked to fill in certain information fields, often with the claim that they need to update their personal data, otherwise the bank account will be blocked.
This is when a virus on a computer, tablet or smartphone redirects a link typed in by the customer to a fake web page (called a ‘mirror website’). Sometimes this page is identical to the official page of the credit institution, allowing third parties to obtain all the confidential information that the user types in.
This virus may be inadvertently installed by customers when downloading an apparently harmless file or by simply browsing web pages (websites) that have been tampered with for that purpose.
This is when malicious software installs itself on a customer’s computer, tablet or smartphone, without them noticing, and spies on their equipment and on their data.
This virus may be inadvertently installed by customers when downloading an apparently harmless file or activated through a link or file in a malicious email.
Once installed, it detects whether the customer is accessing a protected web page, such as internet banking pages, and records the data typed in by the user, which then may be used unduly by other people.
This is when someone collects information about a customer, directly or through social networks, and manages to pose as them in a phone store, to request the reissue of their SIM card.
This allows all incoming calls and SMSs, including one-time passwords (‘disposable’ passwords, valid only for one internet banking access or transaction, which are sent by SMS), to be directed to the SIM in the possession of that other person, without the victim noticing it.
This is when someone obtains personal or confidential information from a customer through direct observation (looking over their shoulder).
This technique is particularly effective in crowded places, such as public transport, shopping centres and airports, where a person uses a computer, tablet or smartphone and types in passwords and confidential data without noticing that they are being watched.
Collected data may then be used unduly.
Problems in the operation of technological infrastructures and systems (e.g. system overload and unavailability) can jeopardise the safety of marketing retail banking products and services and their purchase or the processing of payments.
The loss or theft of devices (computer, tablet or smartphone) that contain customers’ personal information may also result in misuse, including unauthorised banking transactions.
Circular Letter of Banco de Portugal No 55/2015/DSP (in Portuguese only)
EBA Guidelines on the security of internet payments
Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market
Precautions to take when using digital channels
Digital financial education for young people
Digital financial education for adults
Material on online security