SECURITY AND PRIVACY

Once again, we advise you to invest: invest a few minutes in better security and privacy.

See Using Online Banking Using Online Banking

Using bancaonline.bankinter.com

Bankinter was the first bank to incorporate technology to make life easier for its customers. We also strive to offer you a high level of protection and privacy of your data and operations. So:

  • High security standards are implemented and developed to protect the authenticity, confidentiality, integrity and availability of Information Systems from an operational and technical standpoint.
  • Online Banking web servers use an Extended Validation Certificate issued by Entrust.
  • All information transmitted is encrypted with standard algorithms and keys established on each connection using TLS protocol, and our systems connected to the Internet have been protected by “firewalls” and intrusion detection systems, which would prevent a possible attack by protecting our Online Banking.
  • We run regular internal and external Intrusion Tests on our Information Systems.

Bankinter is the first Spanish financial institution to simultaneously receive the ISO 22301:2012 and ISO/ISEC 27001:2013 certificates from the British Standards Institution (BSI). These certifications guarantee the bank's operability and compliance with its requirements regarding the Business Continuity Management System and the Information Security Management System.

Additional security measures

  1. Every time you sign an transaction, you enter your coordinates using a display panel (this system averts the risk of malware that try to capture information using keystrokes [“KeyLogger”]).
  2. You are automatically logged off after 20 minutes of non-use (30 minutes in the Broker). This measure prevents someone else from accessing your data on your computer if you forget to log off (by not clicking on Log Off).
  3. We have control systems for custom operating limits, so that a customer cannot carry out operations above a certain amount; and general operating limits, which limit the total amount of transactions that can be carried out through our websites. This measure limits the risk of any loss.
  4. You have to change the password the first time you log in so only you know it—to ensure nobody can impersonate you.
  5. Your Online Banking username and password must be at least 6 characters long, so they are difficult to guess
  6. You can choose not to receive statements of account or regular mail about your banking activity; this also means there is less risk of someone finding out about your financial situation by looking through your mailbox. All statements of account and supporting documents for transactions are available and can be consulted on the website.

Biometric Login: Touch ID/Face ID on iOS and Fingerprint on Android

We can use the Biometric Login as an access method, based on TouchID technology, Apple FaceID and Android Fingerprint 6.0. We can use this technology to safely store certain data that can only be accessed via fingerprint. This data is stored locally on the device, in a single, secure and fingerprint-protected location, not synchronised in iCloud or copied in any device backups that might be made.

The Touch ID is only accessible on Apple phones from iPhone 5S with iOS8 or higher and on iPads with TouchID. The FaceID mechanism is only available on iPhone X.

Android fingerprint authentication is only available for devices that support fingerprint and Android 6 or higher.

The authentication process applied to the new online banking is based on enabling this secure location after a successful “manual” login through the new App. The user can safely store a unique key for that terminal which is fingerprint or face (FaceID) protected. For later authentication processes, all the user has to do is put the fingerprint on the sensor-button to access the private area directly (without typing in credentials); FaceID authentication is even more transparent for the user, all you need to do is to be facing your phone.

See Security Security

Internet security

The volume of attempted fraud against us and other banks is increasing every year. These attempts involve emails that request your access details in response to a "Security Issue". Bankinter will never ask you for your access or signature passwords by email or any other means. If you have any doubts about the authenticity of an email in our name, contact Telephone Banking immediately.

Recommendations for your passwords

  1. Change your username and password regularly.
  2. Include numbers and letters in your username and password. Avoid using real names or things associated with you.
  3. Never reveal your password, particularly by email or phone.

Remember: Nobody at Bankinter will ever ask for your password; if this happens, it is an attempt at fraud (phishing, smishing, vishing, etc.). Do not trust emails that request your data, pop-up windows, forms that ask for several codes to sign transactions, even if they seem to be from us.

Recommendations for your connections

  1. Do not use the "Autocomplete passwords" option to connect to an entity or service.
  2. Do not forget to disconnect from the website once you have finished with it.

Recommendations for your computer

  1. Keep your browser version updated.
  2. Keep your operating system up to date with the latest updates.
  3. Avoid downloading from unknown websites.
  4. Always keep your antivirus up to date.

Security on your computer

The security of your computer is essential. Your computer should always be up to date.

Regardless of what you use your computer for, it should always be protected with appropriate tools, such as:

  • An antivirus, which must always be up to date.
  • A firewall.

Check out these free protection tools

Security on your smartphone

Mobile phones can also be infected with a virus. Our advice is:

  • Do not breach the manufacturer's security (root/jailbreak).
  • Install an antivirus.
  • Do not download applications from unofficial sites.
  • Be careful about the installation of applications and the permissions you give them.

Security in your browsers

The browsers you use to access Bankinter Online Banking must be up-to-date, this can help us prevent fraud, as they feature prevention technologies.

See Privacy and data Privacy and data

Privacy

Bankinter processes your personal data in compliance with the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. For this reason, the bank hereby informs you that Bankinter, S.A. (hereinafter, “Bankinter”) is responsible for processing your data.

As the party responsible for the data processing, Bankinter has the technical, organisational and human resources needed to guarantee the security and protection of its information systems, along with the customer information and data they host.

Your personal data will not be passed to third parties, except due to legal obligation or if you give your consent. However, service providers contracted by Bankinter, or who may be contracted by Bankinter to be responsible for the processing, may also have access to your personal data. In these cases, Bankinter guarantees the confidentiality of the personal data provided to third parties, and that they will apply appropriate security measures.

Your personal data will be processed to comply with prevailing legal obligations and the rights and obligations set forth in your contracts with us.

The bank also informs you that, unless you have indicated otherwise, your personal data may also be used to inform you, through any channel, about products or services that may be of interest to you as they are similar to those you have contracted with us, and are products or services that Bankinter is interested in marketing. In order to carry out these commercial actions, your personal data will be analysed to create a profile so that our communications can be tailored to your needs, tastes and preferences.

Additionally, and provided you have given your consent, your personal data may be processed to: (i) send you commercial announcements, through any channel, about products and services that are not similar to those you already have acquired but which are offered by Bankinter, Bankinter Group companies or companies with which they have entered into partnership agreements; (ii) disclose your data to Bankinter Group companies, their subsidiaries and investees so that they may contact you to inform you about their products and services and use your data to monitor, control and analyse the risk of the products and services you acquire; and (iii) access your data from third-party companies and include it in our files to tailor our business offers and adapt them to your needs, likes and preferences.

The personal data that will be processed are those provided by you when contracting and using the services. However, if you have given your consent, they may be enriched as set out in the previous paragraph.

You can exercise your rights of access, rectification, cancellation, opposition, limitation of treatment and portability in the cases and with the scope established in prevailing legislation at any time, by calling our Telephone Banking on 902 13 23 13, going to your branch or Bankinter agent, or by writing to: Bankinter, S.A. Operaciones “Protección de Datos”, Pico de San Pedro 1, Tres Cantos, 28760, Madrid.

You can find more information about Bankinter's processing of your data, particularly the legal basis for this, under "Use of personal data" in the "Privacy and Data" section of our website, at www.bankinter.com/banca/nav/seguridad-privacidad.

If you have any further questions, please contact our Data Protection Officer by sending an email to privacidad@bankinter.com.

Use of personal data

You can find information on how the bank obtains your data, the purposes for which it process your data, the legal basis for this, the recipients of the data and your rights with regard to personal data processing at Information on the use of personal data.

See FAQs FAQs

How to detect and protect yourself from Phishing

Millions of emails are sent every day to try to acquire sensitive data. These emails usually ask users for their personal data with the excuse of a security update or a blocked account.

They take advantage of the trust that users have in their bank.

Remember: your coordinate card, username and password are used for your transactions and for nothing else. If someone asks you for them in our name, be suspicious. It is not us.

Bankinter will never contact you to ask you for your coordinates, username or password. In you are in any doubt, contact Telephone Banking immediately.

Why are we telling you this? Because there have been isolated cases of attempted fraud asking for this information, usually through emails. This criminal technique is called "phishing" and Bankinter does not want you to be affected by it. To help you, here are some tips that are as useful as they are simple:

  • If you have connected to our website and you are asked for a coordinate without having started a transaction that would require it, do not do it - it may be a virus.
  • Do not open emails that are suspicious without confirming the identity of the sender by phone or in person.
  • Always check that the address in your browser bar is Bankinter's.
  • Ignore emails and calls that threaten to block your accounts or credit cards if you do not update your data. A bank would never do something like that.
  • Do not open attachments from unknown sources.
  • Do not open unexpected attachments, even if you think you know where they are from.
  • Do not open attachments that are downloaded after clicking on a link in the text of an email.
  • Do not open attachments with executable extensions (.exe, .bat, .com, .cmd, .scr, .vbs, etc.).

How can I protect myself from identity theft?

To protect ourselves against identity theft, we must protect our personal information and our access codes, and everything we use to sign off transactions: our coordinate card and our mobile phone if we have SMS-OTP as the second signature factor.

The first barrier is our password. This must be different to the one we use on other websites and must be sufficiently strong.

What is a banking Trojan?

A Trojan is malware (a malicious program) that is presented to the user as a seemingly legitimate and harmless program. But when it is executed it performs actions unknown to the user that put the security of the device at risk, such as allowing remote administration of a computer by an attacker. Trojans usually take total control of your equipment by exploiting weaknesses that have not been patched in installed components. The name comes from the famous Trojan horse used by the Greeks as way of getting into Troy.

Once the attacker has control of the infected system, it becomes part of their network of machines, or BotNet. The attackers then usually put their BotNets at the disposal of the highest bidder in black market web pages designed for these purposes. BotNets are used for many purposes. These range from stealing confidential information (account information, email addresses, bank passwords, confidential documents, account numbers, credit card data, etc.) to causing service denials on servers (DDoS).

What is a virus?

Viruses are malicious code that is installed on our computers without us noticing. The virus contaminates our computer when we open an infected file, which usually comes to us in an email or when downloading a P2P network program. This contaminated file does not have to be an executable program, there are viruses that can be latent in Excel spreadsheets or Word documents, documents such as PDFs, or even in images. Viruses affect every operating system in use today. They usually act by draining the resources of our computers, causing productivity problems. A clue about a possible infection is that programs that used to work properly now need more resources and time and our computer starts going "slower" than usual.

How can we avoid getting a virus?

  • Install an antivirus.
  • The antivirus must be set up to update every day.
  • We must never install pirated software.
  • We should never open files in emails from unknown sources. If the message is suspicious, we should not open it, even if we know where it comes from.

Bankinter has the solution

We’re here to answer your banking queries and provide you with technical support.

More information
902 365 563
ATMs and branches