What they are

Retail banking products and services can be marketed via the internet and mobile devices – such as smartphones and tablets –, i.e. through digital (online and mobile) channels.

Digital channels allow bank customers to access these products and services anytime, anywhere, and faster and more conveniently than traditional channels.

Through digital channels, bank customers can also access tools that help them to manage their personal finances (for example, applications that help to manage the family budget, which alert customers if a predetermined expenditure limit is reached or which allow price comparison).

But the use of digital channels also poses risks, security risks in particular.

Bank customers should be aware of the security procedures provided by the institution. In case of doubt, they should not carry out the operation without first asking their institution for any clarifications deemed necessary.

Risks associated with digital channels

The simplification of the process of contracting banking products and services on digital channels and the lack of physical contact of bank customers with the institution entail risks related to:

  • Customer and transaction security – digital channels make it more difficult to identify the banking service provider and identify and authenticate bank customers with the provider;

  • The security of systems and infrastructures – if security is compromised, the contracting of banking products or services and payment processing may be jeopardised;

  • Insufficient information provided to bank customers – the reading and understanding of pre-contractual and contractual information can be hindered by technological sophistication, by the simplification of the process of contracting banking products and services on digital channels, by the lack of physical contact between the customer and the institution, as well as by the use of small devices for banking operations;

  • Protection of personal data – the provision of personal data in a digital environment requires the holder to take extra care to prevent fraudulent use of the data, namely in banking operations.

Bank customers should properly inquire about the product or the banking service and the respective service provider before carrying out banking operations on digital channels.

 

Fraud

Among the main frauds related to the use of digital channels, the following are highlighted:

This occurs when an unknown entity (hacker) passes themselves off as an institution or company, and through emails, telephone calls (vishing), or SMS messages (smishing) attempts to persuade a bank customer to disclose personal information, such as security card coordinates, passwords, and bank account numbers.

A common form of phishing on the internet is the appearance of a window, when accessing a credit institution’s website, requesting the registration of data that can be used to access the homebanking service (namely the coordinates of the security card).

Email messages associated with phishing are intended to trick customers into clicking on a hyperlink that very often redirects them to a fake web page (which may try to imitate their bank’s website). On this fake page, customers are asked to fill in certain information fields, often with the claim that they need to regularise their personal data, otherwise the bank account will be blocked.

This occurs when a computer virus that is installed on a computer, tablet or smartphone redirects the hyperlink entered by the customer to a false web page (the so-called ‘mirror page’), in some cases identical to the official page of the credit institution, allowing third parties to obtain all the confidential information written by the user on this false page.

This virus may be inadvertently installed by customers when downloading a seemingly harmless file.

Spyware is a malicious program that installs itself on the customer’s computer, tablet or smartphone without their being aware of it.

Once installed, the program detects if the customer is accessing a protected internet page, such as homebanking pages, and records the data entered by the user.

The author of the spyware program obtains personal data that can be used to unlawfully access private pages of other users.

This is an attack on the customer’s mobile phone as a result of which incoming calls and SMS, including one-time passwords (‘disposable’ passwords, valid only for one homebanking access or for one transaction), are routed to a mobile phone card that is held by third parties.

 

Lack of reliability of systems and infrastructures

Problems in the operation of infrastructures (overloading of systems and unavailability, for example) can jeopardise the safety of the marketing of retail banking products and services and jeopardise their contracting or the processing of payments.

The loss or theft of devices (computer, tablet or smartphone) that contain customer personal information may also result in the improper use of bank customers’ data, including unauthorised banking operations.