SECURITY AND PRIVACY

Once again, we advise you to invest: invest a few minutes in better security and privacy.

See Using Online Banking Using Online Banking

Using bancaonline.bankinter.com

Bankinter was the first bank to incorporate technology to make life easier for its customers. We also strive to offer you a high level of protection and privacy of your data and operations. So:

  • High security standards are implemented and developed to protect the authenticity, confidentiality, integrity and availability of Information Systems from an operational and technical standpoint.
  • Online Banking web servers use an Extended Validation Certificate issued by Entrust.
  • All information transmitted is encrypted with standard algorithms and keys established on each connection using TLS protocol, and our systems connected to the Internet have been protected by “firewalls” and intrusion detection systems, which would prevent a possible attack by protecting our Online Banking.
  • We run regular internal and external Intrusion Tests on our Information Systems.

Bankinter is the first Spanish financial institution to simultaneously receive the ISO 22301:2012 and ISO/ISEC 27001:2013 certificates from the British Standards Institution (BSI). These certifications guarantee the bank's operability and compliance with its requirements regarding the Business Continuity Management System and the Information Security Management System.

Additional security measures

  1. Every time you sign an transaction, you enter your coordinates using a display panel (this system averts the risk of malware that try to capture information using keystrokes [“KeyLogger”]).
  2. You are automatically logged off after 20 minutes of non-use (30 minutes in the Broker). This measure prevents someone else from accessing your data on your computer if you forget to log off (by not clicking on Log Off).
  3. We have control systems for custom operating limits, so that a customer cannot carry out operations above a certain amount; and general operating limits, which limit the total amount of transactions that can be carried out through our websites. This measure limits the risk of any loss.
  4. You have to change the password the first time you log in so only you know it—to ensure nobody can impersonate you.
  5. Your Online Banking username and password must be at least 6 characters long, so they are difficult to guess
  6. You can choose not to receive statements of account or regular mail about your banking activity; this also means there is less risk of someone finding out about your financial situation by looking through your mailbox. All statements of account and supporting documents for transactions are available and can be consulted on the website.

Biometric Login: Touch ID/Face ID on iOS and Fingerprint on Android

We can use the Biometric Login as an access method, based on TouchID technology, Apple FaceID and Android Fingerprint 6.0. We can use this technology to safely store certain data that can only be accessed via fingerprint. This data is stored locally on the device, in a single, secure and fingerprint-protected location, not synchronised in iCloud or copied in any device backups that might be made.

The Touch ID is only accessible on Apple phones from iPhone 5S with iOS8 or higher and on iPads with TouchID. The FaceID mechanism is only available on iPhone X.

Android fingerprint authentication is only available for devices that support fingerprint and Android 6 or higher.

The authentication process applied to the new online banking is based on enabling this secure location after a successful “manual” login through the new App. The user can safely store a unique key for that terminal which is fingerprint or face (FaceID) protected. For later authentication processes, all the user has to do is put the fingerprint on the sensor-button to access the private area directly (without typing in credentials); FaceID authentication is even more transparent for the user, all you need to do is to be facing your phone.

See Security Security

Internet security

The volume of attempted fraud against us and other banks is increasing every year. These attempts involve emails that request your access details in response to a "Security Issue". Bankinter will never ask you for your access or signature passwords by email or any other means. If you have any doubts about the authenticity of an email in our name, contact Telephone Banking immediately.

Recommendations for your passwords

  1. Change your username and password regularly.
  2. Include numbers and letters in your username and password. Avoid using real names or things associated with you.
  3. Never reveal your password, particularly by email or phone.

Remember: Nobody at Bankinter will ever ask for your password; if this happens, it is an attempt at fraud (phishing, smishing, vishing, etc.). Do not trust emails that request your data, pop-up windows, forms that ask for several codes to sign transactions, even if they seem to be from us.

Recommendations for your connections

  1. Do not use the "Autocomplete passwords" option to connect to an entity or service.
  2. Do not forget to disconnect from the website once you have finished with it.

Recommendations for your computer

  1. Keep your browser version updated.
  2. Keep your operating system up to date with the latest updates.
  3. Avoid downloading from unknown websites.
  4. Always keep your antivirus up to date.

Security on your computer

The security of your computer is essential. Your computer should always be up to date.

Regardless of what you use your computer for, it should always be protected with appropriate tools, such as:

  • An antivirus, which must always be up to date.
  • A firewall.

Check out these free protection tools

Security on your smartphone

Mobile phones can also be infected with a virus. Our advice is:

  • Do not breach the manufacturer's security (root/jailbreak).
  • Install an antivirus.
  • Do not download applications from unofficial sites.
  • Be careful about the installation of applications and the permissions you give them.

Security in your browsers

The browsers you use to access Bankinter Online Banking must be up-to-date, this can help us prevent fraud, as they feature prevention technologies.

See Privacy and data Privacy and data

Privacy

Bankinter processes your personal data in compliance with the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Bankinter, S.A. (hereinafter, 'Bankinter') is therefore the data controller.

As the data controller, Bankinter has the technical, organisational and human resources needed to guarantee the security and protection of its information systems, along with the customer information and data they host.

We will only disclose your personal data to a third party to comply with a legal obligation or if you have given us your consent. However, the service providers that Bankinter uses (or may use in the future) to process data may be able to access your personal data. In these cases, Bankinter guarantees the confidentiality of the personal data disclosed to third parties and ensures that those parties implement appropriate security measures.

We process your personal data to comply with prevailing legal obligations and the rights and obligations set out in your contracts with us.

Unless you have withheld your consent, we may use your personal data to send you information through any channel (including electronic ones) about products or services that Bankinter is interested in promoting and that may be of interest to you since they are similar to the ones you already hold with us. To be able to carry out these commercial actions, we will analyse your personal data and create a profile so that the communications you receive match your needs, tastes and preferences as closely as possible. We will disclose your data to the Bankinter Group companies from which you request or with which you hold any type of financing product or service so that they can verify your solvency or the credit risk of approving said products or services, and can also manage and monitor the financing products and services you already hold, using the details in the possession of any other Group company for these purposes. This consultation with other Group companies will speed up the application and management process for these products and services because it will enable us to ensure that your financing products and services are suitable for your debt capacity and to guarantee that Bankinter Group performs adequate risk control.

Additionally, and provided you have given your consent, we may process your data for the following purposes: (i) to send you commercial communications, through any channel (including electronic ones), about products and services that have no similarity to those you already hold with Bankinter, any Bankinter Group company or any entity with which the Bank has entered into partnership agreements; (ii) to enable Bankinter Group companies and their subsidiaries and investees to send you information through any channel (including electronic ones) about products and services tailored to your tastes and preferences, for which purpose you give them permission to consult the personal data that any of these entities hold about you; (iii) to access and add to our own records any personal data that third parties hold about you so that we can customise our commercial offers more accurately and tailor them to your needs, tastes and preferences.

The personal data we process are the data you provide when you acquire a product or service with us, as well as the data we obtain from Bankinter Group companies when you have given us permission to do so. However, if you have given your consent, we may enrich your data as described in the previous paragraph.

You can exercise your rights of access, rectification, erasure, objection, restriction of processing and data portability in the circumstances and under the scope established by the applicable legislation currently in force by calling Telephone Banking on 902 13 23 13, visiting your local branch or Bankinter Agent, or writing to the following address: Bankinter, S.A. Operations - Data Protection, Pico de San Pedro 1, Tres Cantos, 28760 Madrid.

For more information about how Bankinter processes your data, and in particular about the legal basis for doing so, please refer to the 'Use of personal data' section under 'Privacy and Data' at www.bankinter.com/banca/nav/seguridad-privacidad.

If you have any further questions, please contact our Data Protection Officer by email at the following address: privacidad@bankinter.com.

Use of personal data

You can find information on how we obtain your data, why we process them, the legal basis, the recipients of your data, and your rights in Information about the use of your personal data.

See FAQs FAQs

How to detect and protect yourself from Phishing

Millions of emails are sent every day to try to acquire sensitive data. These emails usually ask users for their personal data with the excuse of a security update or a blocked account.

They take advantage of the trust that users have in their bank.

Remember: your coordinate card, username and password are used for your transactions and for nothing else. If someone asks you for them in our name, be suspicious. It is not us.

Bankinter will never contact you to ask you for your coordinates, username or password. In you are in any doubt, contact Telephone Banking immediately.

Why are we telling you this? Because there have been isolated cases of attempted fraud asking for this information, usually through emails. This criminal technique is called "phishing" and Bankinter does not want you to be affected by it. To help you, here are some tips that are as useful as they are simple:

  • If you have connected to our website and you are asked for a coordinate without having started a transaction that would require it, do not do it - it may be a virus.
  • Do not open emails that are suspicious without confirming the identity of the sender by phone or in person.
  • Always check that the address in your browser bar is Bankinter's.
  • Ignore emails and calls that threaten to block your accounts or credit cards if you do not update your data. A bank would never do something like that.
  • Do not open attachments from unknown sources.
  • Do not open unexpected attachments, even if you think you know where they are from.
  • Do not open attachments that are downloaded after clicking on a link in the text of an email.
  • Do not open attachments with executable extensions (.exe, .bat, .com, .cmd, .scr, .vbs, etc.).

How can I protect myself from identity theft?

To protect ourselves against identity theft, we must protect our personal information and our access codes, and everything we use to sign off transactions: our coordinate card and our mobile phone if we have SMS-OTP as the second signature factor.

The first barrier is our password. This must be different to the one we use on other websites and must be sufficiently strong.

What is a banking Trojan?

A Trojan is malware (a malicious program) that is presented to the user as a seemingly legitimate and harmless program. But when it is executed it performs actions unknown to the user that put the security of the device at risk, such as allowing remote administration of a computer by an attacker. Trojans usually take total control of your equipment by exploiting weaknesses that have not been patched in installed components. The name comes from the famous Trojan horse used by the Greeks as way of getting into Troy.

Once the attacker has control of the infected system, it becomes part of their network of machines, or BotNet. The attackers then usually put their BotNets at the disposal of the highest bidder in black market web pages designed for these purposes. BotNets are used for many purposes. These range from stealing confidential information (account information, email addresses, bank passwords, confidential documents, account numbers, credit card data, etc.) to causing service denials on servers (DDoS).

What is a virus?

Viruses are malicious code that is installed on our computers without us noticing. The virus contaminates our computer when we open an infected file, which usually comes to us in an email or when downloading a P2P network program. This contaminated file does not have to be an executable program, there are viruses that can be latent in Excel spreadsheets or Word documents, documents such as PDFs, or even in images. Viruses affect every operating system in use today. They usually act by draining the resources of our computers, causing productivity problems. A clue about a possible infection is that programs that used to work properly now need more resources and time and our computer starts going "slower" than usual.

How can we avoid getting a virus?

  • Install an antivirus.
  • The antivirus must be set up to update every day.
  • We must never install pirated software.
  • We should never open files in emails from unknown sources. If the message is suspicious, we should not open it, even if we know where it comes from.

Bankinter has the solution

We’re here to answer your banking queries and provide you with technical support.

More information
902 365 563
ATMs and branches