Risks posed by digital channels

Buying banking products and services on digital channels – because it is simpler and does not require in-person interaction between bank customers and the institution – may hinder:

  • The identification of the banking service provider and the identification and authentication of bank customers with the provider;

  • The security of systems and infrastructures;

  • The reading and understanding of pre-contractual and contractual information;

  • The protection of personal data.

Bank customers should learn about the banking product or service and the respective provider before conducting banking transactions on digital channels.

 

Fraud

The following are some of the main kinds of fraud related to the use of digital channels:

This is when an unknown entity (hacker) pretends to be an institution or company, and through fraudulent emails, phone calls (vishing), or SMS (smishing) attempts to persuade a bank customer to divulge personal information, such as matrix card coordinates, passwords, and bank account numbers.

A common form of phishing on the internet is a window that opens when you access a credit institution’s website, requesting data that can be used to access your internet banking service (namely your matrix card coordinates).

Emails associated with phishing are intended to trick customers into clicking on a link that most often redirects them to a fake web page (which may try to imitate their bank’s website). On this fake page, customers are asked to fill in certain information fields, often with the claim that they need to update their personal data, otherwise the bank account will be blocked.

This is when a virus on a computer, tablet or smartphone redirects a link typed in by the customer to a fake web page (called a ‘mirror website’). Sometimes this page is identical to the official page of the credit institution, allowing third parties to obtain all the confidential information that the user types in.

This virus may be inadvertently installed by customers when downloading an apparently harmless file or by simply browsing web pages (websites) that are not trustworthy.

This is when malicious software installs itself on a customer’s computer, tablet or smartphone, without them noticing, and spies on their equipment and on their data.

This virus may be inadvertently installed by customers when downloading an apparently harmless file or activated through a link or file in a malicious email.

Once installed, it detects whether the customer is accessing a protected web page, such as internet banking pages, and records the data typed in by the user, which then may be used unduly by other people.

This is when someone collects information about a customer, directly or through social networks, and manages to pose as them in a phone store, to request the reissue of their SIM card.

This allows all incoming calls and SMSs, including one-time passwords (‘disposable’ passwords, valid only for one internet banking access or transaction, which are sent by SMS), to be directed to the SIM in the possession of that other person, without the victim noticing it.

This is when someone obtains personal or confidential information from a customer through direct observation (looking over their shoulder).

This technique is particularly effective in crowded places, such as public transport, shopping centres and airports, where a person uses a computer, tablet or smartphone and types in passwords and confidential data without noticing that they are being watched.

Collected data may then be used unduly.

Unreliability of systems and infrastructures

Problems in the operation of technological infrastructures and systems (e.g. system overload and unavailability) can jeopardise the safety of marketing retail banking products and services and their purchase or the processing of payments.

The loss or theft of devices (computer, tablet or smartphone) that contain customers’ personal information may also result in misuse, including unauthorised banking transactions.