SECURITY

The security of operations made through the Pekao24 service depends not only on the Bank but also the user. Therefore, in order to use electronic banking without any anxieties, follow the recommendations listed on this page.

Never give away any one-time (TAN) codes , username, password or phone number via unknown websites.

  • Log in using only www.pekao24.pl or, for mobile banking, m.pekao24.pl. Before logging in,
    verify whether your connection is encrypted (website address should start with https)
    and your browser displays a padlock symbol.
    Do not use any links received via e-mail or text message which direct you to logon,
    when you are not sure about their source.
  • Never give your one-time codes (TAN) when logging in. You log in using your customer
    number and password only (or customer number and PIN during initial logging in to PekaoInternet).
    Bank never ask you to fulfill complete password during logon to the internet and mobile channels.
  • If you use a hardware token, remember to never give the token serial number,
    PIN number
    and the token codes generated to unauthorized persons. Bank never
    sends e-mail asking for this information and never ask about them during logon to the channels.
  • Bank never ask you about the phone manufacturer, type or number to the PekaoSMS channel during logon to the internet and mobile channels.

Update your operating system on regular basis

The main rule of safe using every operating system is updating your software.  
Updates remove software errors which may be exploited by third parties to acquire
your confidential data.

Secure your computer

It is also very important to use antivirus software, which secures your computer from malicious programs, and the firewall which controls transmitted information to and from the Internet thus preventing the handover of confidential data.
Please remember to always protect your mobile telephone when using the mobile banking system.
Many mobiles are very advanced tools equipped with operating systems and must be protected
with antivirus software.


ATTRACTIVE OFFER OF ANTIVIRUS SOFTWARE FOR PEKAO24 CUSTOMERS!

You can download Internet Security software produced by leading world manufacturers
from Vprotection.pl web site. You can use the freetest version even for half a year.
After evaluation time you will be able to buy the software in special price.

Programs available in current offer:

Computers:

  • F-Secure Internet Security
  • Panda Internet Security
  • AVG Internet Security
  • avast! Internet Security
  • G Data Internet Security

Mobile phones:

  • F-Secure Mobile Security
  • ESET Mobile Security


How to use offer of Vprotection.pl?
Log on to PekaoInternet channel. On "Client home page" select link "Antivirus software"
in "Special offers" section.

The offer is directed for Pekao SA Bank's Customers, who signed the Pekao24 Usage Agreement.


The program was prepared in cooperation with Ikaria Sp. z o.o. Sp. K.

Use legal software

  • Do not install software from sources that you do not trust and be careful about software
    downloaded from the Internet.
  • Do not launch software sent via e-mail. A lot of freeware available on the Internet contains
    adware applications which carry software that display advertisements (usually banners)
    regardless of the activities performed by the users. Such type of software is usually
    installed on computers while browsing web pages without the user's knowledge and consent.
  • Certain programs also carry spyware modules which provide to the applications' authors
    a lot of valuable information about the user - mostly the IP address, used operating system,
    browser and even the pages which we visit. The adware/spyware applications may enable
    unauthorized persons to track the data entered by the User in the Internet browser,
    including financial data (client number, PIN, payment card numbers, etc.), which is beyond
    the Bank's influence because the Bank is not authorized to control the User's computer environment.
  • The symptoms of a computer infection usually include: slowed down system operations,
    increased number of advertisements (especially pop-up windows), changes in the Internet
    browser's operation, problems with operating certain software.

Select your Internet browser consciously

  • The newest versions of popular browsers such as Mozilla Firefox, Chrome, Opera or Internet Explorer contain many functions, e.g. page filters against pages that try to acquire confidential data, which give substantial protection from Internet fraud and increase the security level when using Internet banking. Such types of fraud are known as "phishing" or "information acquisition". They usually involve an attempt to encourage us to visit a fraudulent website on which we may be asked to provide confidential personal data or a credit card number. Such type of identity theft has been very popular for some time.
  • Download all updates to the browsers you use, because many critical errors were detected in them. It is of critical importance to install updated patches published on software manufacturers' websites. They protect against using the browser without the user's knowledge in a potentially dangerous way.
  • If you use Internet Explorer 6.0 update it to the newest version or install other modern browser.

Select the proper browser settings

Depending on the browser version, check how to verify its version and select the proper settings.

  • Check the version of your browser

    MS Internet Explorer
    Choose the Help menu, and then the Internet Explorer option - Information. A window
    with the information concerning the number of the type of browser will be opened.

    Firefox
    Choose the Help menu, and then the option: Mozillia Firefox about. A window with the information concerning the number and type of browser will be opened.

    Opera
    Choose the Help menu, and then the option: Opera about. A window with the information
    concerning the number and type of browser will be opened.
  • Set the browser's cache memory

    The browser's cache memory stores the content of visited web pages. Therefore, it may  contain critical, confidential information on account balances or operations performed by the user. Hence, it is important to configure the browser in such way so that the information on the visited encrypted pages - such as the website of the PekaoInternet channel - is not stored on it. In Mozilla and Firefox browsers the option of not recording the encrypted pages on the hard drive is the default setting.

    MS Internet Explorer 7.x
    Choose the TOOLS menu, then the Internet Options / Advanced / Security and mark "Do not save encrypted pages to disk".

    IE_Ustawienia

    ATTENTION!
    In Internet Explorer 9 checking the option "Do not save encrypted pages to disk"
    results in not being able to download PDF files. For this browser, we recommend
    to leave that option unchecked and due to security reasons after each logging
    off from transactional service to clear data and browsing history.

    Opera
    Enter "opera:config" in address bar, then choose Cache, mark "Always Reload HTTPS
    In History" option and confirm this change by clicking SAVE button.

    Opera_Ustawienia

  •  Deleting information stored in browser cache

    MS Internet Explorer 7.x
    One should choose in the TOOLS menu: Internet Options /General /Browsing history / Delete
    and click on Delete files. Additionally, it is necessary to check if there are newer versions
    of the stored pages: each time you visit the page.

    Firefox
    Choose in the TOOLS menu: Clear private data.

    Opera
    Choose in the TOOLS menu: Preferences / Advanced / History and press "Empty now" button.
  • Choose The SSL 3.0 key service

    The SSL protocol is one of the elements that ensure the security of the service. It is a group
    of principles and standards that makes possible the secured exchange of stored information between the browser and the server making use of certificates.

    MS Internet Explorer 7.x
    Choose in the TOOLS menu: Internet Options /Advanced /Security - after which you choose
    the "SSL 3.0" option.

    Firefox
    Choose in the TOOLS menu: Options / Advanced /Security - after which you choose
    the "SSL 3.0" option.

    Opera
    Choose in the Tools: Preferences / Advances / Security / Security protocols and choose
    the "Enable SSL 3".
  • Choose the JavaScript service

    MS Internet Explorer 7.x
    Choose in the TOOLS menu: Internet options / Security / Custom level / Enable Active scripting.

    Firefox
    Choose in TOOLS menu: Options / Content / Enable JavaScript.

    Opera
    Choose in the TOOLS menu: Quick preferences / Enable JavaScript.

Verify security certificates

  • After you login to the channel, check for the padlock symbol on the screen meaning
    that the encrypted connection has been established (in this case the address begins
    with
    "https", not with "http"
    ).
  • After locating the padlock symbol, double-click on it to check whether the displayed
    certificate is valid and whether it has been issued by Bank Pekao SA
    and for the address
    https://www.pekao24.pl/ClientLogonUK.html
    Proper certyficate should contain following data:
    - issaeu: VeriSign, Inc.,
    - certyficat type: VeriSign Class 3 Extended Validation SSL SGC CA,
    - organization: VeriSign Trust Network,
    - validity: from: 2014-07-07,  to: 2016-07-28.

Remember, Bank never send any safety certificates via text message. 

  • An explicit identification of the company for which the certificate was issued, is an advantage
    of the SSL certificate with EV (in this case of the Bank Pekao S.A.). In new Internet browsers
    this information is being presented in the green background in the address bar.
  • If the padlock symbol is not visible or if the certificate has been issued for another address,
    do not use the channel - in such situation immediately contact a TelePekao consultant.
    The guidelines as to where you can find the padlock symbol, depending the browser you use,
    are provided below:

    Internet Explorer 7.x
    (select the "Show certificates" link in the upper part of the screen, next to the website address)

    IE7x_kłódka


    Firefox 3
    (in the top or bottom part of the screen)

    Firefox1_kłódka


    Firefox2_kłódka


    Opera
     
    (in the top part of the screen)

    Opera_kłódka
     

Protect your client number and password

  • Keep your confidential data to log on to Pekao24 services, log on only in person. Disclosure of this information to others, including institutions is a violation of the Rules of the bank accounts of Bank Pekao SA for individual clients.
  • During telephone contacts Bank will never ask you to enter a PIN to Pekao24.
    Log in to the telephone services is ALWAYS done in automated services.
  • Bank never ask you to fulfill complete password during logon to the internet
    and mobile channels
    .
  • Bank never ask you for the codes to authorize the operation at logon
    (with a code from the TAN Block, SMS code, a hardware token, application PekaoToken)
    .
  • If you think that you need to write down your client number, PIN or password, do it in such way
    so that an unauthorized person would not be able to correctly identify this information. Change
    your PIN and password once every few months.
  • Also, remember that the Bank never asks anyone to send such data to it via e-mail.
  • If you use SMS codes to accetp operations in PekaoInternet, always check the text message
    details containing SMS code if is compatible with confirmed operation.
    Pay your special attention to:
    - recipient's account number,
    - money transfer
  • Also, remember that the Bank never asks for entering the TANS from TAN block card during
    logging on the PekaoInternet service.
  • Do not respond to e-mail messages from suspicious senders who are offering you to become
    an intermediary in transmitting payments via the Internet. The purpose of such activities usually
    is to use bank accounts to send stolen funds, which entails criminal liability.
  • Be vigilant and if you have any doubts, contact a TelePekao consultant or call the hotline
    and our representatives will give you advice on how to act in the given situation.
  • In addition, you should remember to securely logout from the PekaoInternet channel.
    First click on "Logout from the system" and then close the Internet browser window.

Do not use Internet in public points of access

  • When using PekaoInternet transaction service, use only one browser window. When you have ended operations in the transaction service or you need to leave the place, you should absolutely close the session in the transaction service by using the option "Log out from the System" available in the upper left corner of the page.
  • Moreover, you should check the date of the last log in to the system; such date is displayed after logging in to PekaoInternet, in "Settings" bookmark (you may check as well the time and the service used during the last log in). Protect you client number and the password.
  • Do not disclose to any third party any confidential information, such as client number, password
    and PIN (you are asked to give 2 or 4 digits from your PIN, randomly selected by the system,
    only by a TelePekao consultant, during the call - back procedure, for the purposes of identification).
    Should you suspect that your PIN number and password have been disclosed, change them immediately or block the access to Pekao24 service.  
  • Should it be necessary for you to write down you client number, PIN or password, do it in a way protecting them from identification by any unauthorized person. Change your PIN and password
    in regular, several month period.
  • Remember that the Bank will never ask you to send such data by electronic mail.
  • When using SMS codes for operation authorization in PekaoInternet service, always check
    whether the SMS message with the authorization code is compliant with the operation that
    you've been carrying out.
    In particular, pay attention to:
    - the account number; check it against the account number of the operation beneficiary.
    (Remember! The SMS with the authorization code contains only two first and four last digits
    of the account number).
    - the amount of operation; it should be the same as stated in the bank transfer order.   
  • Remember that during logging in to PekaoInternet, the Bank will never ask you to give passwords from One Time Password Card.
  • Do not respond to messages from unproven senders, e.g. messages with offers for intermediation services in electronic payments. The aim is usually to use the bank accounts to transfer funds
    from theft, which is subject to criminal prosecution.
  • Stay vigilant. If in any doubts please contact the consultant of TelePekao or Infoline who will advise you on actions to take.
  • Remember to securely log out from PekaoInternet service.

First, you should click "Logout" button, then close the Internet browser window.

Do not ignore the warning

New versions of popular web browsers contain special options checking if an internet site is not a phishing site. They are called anti-phishing filters. They cannot guarantee that site is safe, but they can decrease the risk of stealing confidential data.

In order to enable the anti-phishing filter in:

Internet Explorer 7.x
click on Tools - Phishing philters and choose : Turn on automatic Web site checking.

Firefox 2.x 
go to Tools - Options - Security and check "Tell me if the site I`m visiting is a suspected forgery"

Opera 9.1x
go to Tools - Preferences - Advanced - Security and check the "Enable Fraud Protection" option.

Establish a password for the router

If you use a router or a home wireless network (wi-fi, e.g. live box), establish your own secure and difficult to break password for those devices. Those devices usually have a simple, factory-installed password which protects access to their administration panels. If an outside person knows such password, he/she can change the router settings, which may result in rerouting a page to a page that was established for the purpose of acquiring confidential data or distributing malicious software.

When we designed Pekao24 we kept in mind that the service should be not only convenient but also fully secure. Pekao24 guarantees full security of personal data and funds deposited on the accounts. Our Clients’ information is protected in accordance with the prevailing norms of security and confidentiality.

In Pekao24 account access is protected by a multi-level security system.

The following items are used to identify the Client in the Pekao24 service:

client number

This is a unique number assigned by the Bank?s system to each Client, which is used for identification purposes in all Pekao24 channels. The client number is issued during a visit to a Bank branch after signing the Pekao24 Usage Agreement.

If you have a PIN for Pekao24, you can also obtain information regarding your client number from a TelePekao consultant at 0801 365 365.

PIN

This is a personal four-digit number which is used in addition to the client number to identify the client in the TelePekao and PekaoSMS channels and during the first login to PekaoInternet.

Your PIN may be generated with the assistance of a TelePekao consultant after activating the service at the Branch (for this purpose, a TelePekao consultant will call you at the phone number you specified in the Agreement). In exceptional cases, your PIN may be sent via registered mail to the mailing address provided to Pekao24.

Note: If you request your PIN be sent to your mailing address and you do not receive it, contact a TelePekao consultant at 0801 365 365 or (42) 68 38 232 or a Bank branch to generate a new PIN.

Memorize your PIN or write it down in a way that prevents it from being read by other persons.

If you disclose your PIN to an unauthorized person:

  • immediately change your PIN (in the PekaoSMS or the PekaoInternet channel or in the TelePekao automated channel) or generate a new PIN (by calling a TelePekao consultant, in PekaoInternet or at the Bank branch), or
  • submit the order to block the Pekao24 service (by calling a TelePekao consultant, in PekaoInternet or at the Bank branch).

Note: if you submit an order to generate a new PIN by calling a TelePekao consultant all Pekao24 channels will be immediately and automatically blocked. In order to unblock them, after receiving the PIN you should visit the Bank branch which keeps your account, or contact a TelePekao consultant. Generating the new PIN in the PekaoInternet channel will not cancel the password to that channel, however, this password will be cancelled if the PIN is generated by calling a TelePekao consultant.

password

This is a code consisting of 8-16 characters, which is used together with the client number to login to the PekaoInternet channel. It is generated by the user during the first login to that channel and also when submitting a request to generate a new PIN by calling a TelePekao consultant (in such case the PIN should be entered in the first four spaces designated for the password).

The password may contain 8 to 16 characters and it may include digits, lowercase and uppercase letters and special characters. Just like with a PIN, the password should not be provided to other persons.

When creating a login password in PekaoInternet, you can check its strength. The password?s strength determines the level of difficulty to break it. It depends on the length and the type of used characters. A strong password should consist of lowercase and uppercase letters, digits and special characters.

The password may be changed many times in the PekaoInternet channel in the Security section.

If you forget or lose your password:

  • contact a TelePekao consultant to cancel it (you need to know your PIN for that operation), or
  • generate a new PIN by contacting a TelePekao consultant or through PekaoInternet or at the Bank branch.

If the password is cancelled by calling a TelePekao consultant, use your PIN during the first login to the PekaoInternet channel and then the system will automatically force the change to the password which will immediately be in effect in the PekaoInternet channel.

See how you can generate a password for the PekaoInternet channel with a PIN

Certain operations made in the Pekao24 service, among others, MTs to not predefined accounts which were not previously determined by calling a TelePekao consultant or in PekaoInternet, require additional confirmation.

Depending on the preferences, they may be authorized:
  • with code generated by PekaoToken
    (in PekaoInternet),
  • with code generated by hardware token
    (with the help of TelePekao consultant and in PekaoInternet)
  • with an SMS code (in PekaoInternet),
  • with a code from the TAN Block
    (with the help of TelePekao consultant and in PekaoInternet).

The selected authorization method can be changed at any time:  

  • by contacting the consultant of TelePekao, phone
    800 380 380 or +48 42 683 83 80,
  • vi PekaoInternet service (in "Settings" bookmark)
  • at the Bank branch.
  NOTE!
 

If you use SMS codes
or codes generated
by PekaoToken,
keep  the TAN Block.

It will be necessary
to authorise transactions 
realised in the TelePekao
consultants' channel,
e.g. when realised
MT to not predefined
account.

This operation requires confirmation with the authorization method used to date. If the authorization method changes from the TAN block/PekaoToken/hardware token to the SMS codes in the PekaoInternet channel,
this operation is additionally confirmed with an SMS code.

A detailed list of transactions which require authorization with a TAN/PekaoToken/hardware token/a SMS code is available in the Services function list.

AUTHORIZATION METHODS:

PekaoToken

PekaoToken is an application that once installed in your mobile device generates one-time
codes used for authorising orders made in PekaoInternet. It is a modern solution alternative
to one-time and SMS codes that are used in PekaoInternet.

Why use PekaoToken?
Because it is:
  • Secure
    Every code generated using PekaoToken is unique and
    dedicated to only one transaction ordered in PekaoInternet.
    Access to PekaoToken application is protected with individual
    PIN code.
  • Convenient
    PekaoToken does not require any extra devices, because
    it is installed in your mobile device phone that you have with you
    almost at all times.
  • Efficient
    No fees are collected for authorising orders with PekaoToken.
    The only cost is to connect with the Internet while downloading
    and activating PekaoToken application and changing the PIN code.
    The fee for Internet connection is set by a given mobile operator.
 PekaoToken

How to start with PekaoToken?
There are only 4 steps:
1. Set PekaoToken as a method for operation authorization. You can do it:
- via PekaoInternet, in "Settings" section. Any modification should be validated
by using the applicable method of authorization,
- by contacting the consultant of TelePekao, phone no. 800 380 380,
- at any branch of the Bank.
2. After defining PekaoToken as a method of authorization, you will receive
the WAP Push or a text message (for applications on smartphones and other mobile devices)
to the mobile phone number defined for PekaoSMS;
it will help you download and install quickly the application on the phone.
3. After installation, you should run and activate the application by using
the code available in PekaoInternet service ("Settings" section).
4. Finally, create your individual PIN code for PekaoToken.

Detailed PekaoToken Instructions can be found in "download files" that are available
in TOOLBOX on the right side of the screen.

PekaoToken application is available for mobile phones (JAVA supported or with Android, iOS
and BlackBerry operating systems) and other mobile devices (for example: tablets).

Hardware token

Token is a device used to generate safe, single-use codes to accept operations ordered in Pekao24 internet service and via TelePekao consultants.

It is identical to PekaoToken, the only difference is that it also allows to authorise operations ordered by TelePekao consultants.

Token Vasco 

How to start using the token?

  • Token is issued in case selection or changing the method of operation authorisation
    (in Bank's branch , internet service - "Settings" section, or with the help of TelePekao consultants).
    The device is sent by a courier within 3 business days from ordering. Using of the token
    is charged in accordance with the Bank charges and commissions table for retail clients.
  • Token needs to be activated in the internet service or with the TelePekao consultant,
    phone: 800 380 380 or 42 683 83 80, prior to its first use.
  • During  the first time run token needs to set a PIN which protect device against unauthorized access
How does a token work?

To download the code from the token turn on the device and enter the set PIN. Then select number 1 or 3 on the token, depending on required type of code and ordered operation.

  • Pressing 1, you can download the one-time code used to approve operations such as changing transaction limits, changing of address, ordered in Pekao24 internet service  or operations ordered via TelePekao consultants.
  • Pressing 3, you can download the code as a response to the challenge entered to the token. This mainly applies to operations with balances change (eg transfers) ordered on the internet service.

A detailed instruction  how to use the token can be found in "Files for download", "Tools" section (on the right).

Why is it advantageous to authorise operations with the token?

Token is a device that:

  • is easy to use - it does not require installation of any additional software and its use is as easy as entering the password,
  • assures high safety level - each downloaded code is a one-time, in the case of code generation for the financial operations additional data of authorized operations should be entered to the token
  • is an alternative to PekaoToken designated for a mobile phone; this method is dedicated
    to all those who do not wish to use a mobile phone to authorise operations and still want
    to use solutions that provide high safety level.

In case of stealing or lost of the token, restrict or deactivate token  in the internet service or with the assistance of TelePekao consultant.

Remember that token can be activate at any time while restriction is permanent.

SMS codes

SMS code is a series of six digits used to authorise certain operations committed via PekaoInternet, such as transfers to external accounts that were not pre-defined with a TelePekao consultant
or in PekaoInterenet. It is an alternative method to the one-time code sheet for authorising operations made via PekaoInternet.

SMS codes are:

  • safe - codes are sent to the mobile number indicated by a user for PekaoSMS. Each code can be used only for a specific individual operation, which the code is dedicated to. Details of the operation are contained in the SMS text message sent. As every code is unique, no unauthorised person will be able to use it at any time thereafter.
  • easy - you do not need to carry the one-time code sheet on you. SMS code
    will come directly to your mobile phone when attempting to finish an operation that requires such code.
    All you need is a mobile telephone with its number registered at the Bank.
  • modern - SMS codes are sent to the user within several minutes only.

EXAMPLE OF A TEXT MESSAGE WITH A PASSWORD:
Operation nr 1 from 2009-03-01. External MT. Destin. account: 79...0011. Amount: 400.23 PLN.  Operation code: 107324. Bank Pekao S.A.

The requested transaction, includes a MT to not predefined account for the amount of PLN 400.23, to the account number that starts with 79 and ends with 0011. In this example, the password to confirm the transaction is 107324.

Remember!
Always verify whether transaction details indicated in a received SMS text message are identical to the details of your order placed via PekaoInternet.

TAN Block

The TAN Block contains 40 single-use 6-digit "passwords" designated for authorizing transactions
in PekaoInternet or by calling a TelePekao consultant. Each code is used to confirm only one operation, which makes it impossible to use the same code several times. In addition, the TAN Block has its own unique 12-digit identification number assigned by the Bank's IT system.

 Karta kodów jednorazowych

 

Before it is used, the card should be activated:

  • in PekaoInternet,
  • by calling a TelePekao consultant at 800 380 380 or 42 683 83 80
  • at the Bank branch.

For security reasons, when activating a TAN Block for the first time, the Client is also called
at the phone number specified in Pekao24.

The TAN Block is sent via mail:

  • after activating the Pekao24 service,
  • after using 35 TANs from the TAN Block which is currently being used - at that moment
    the new TAN Block is automatically generated and sent to the Client,
  • after submitting a request for a TAN Block via TelePekao, PekaoSMS, PekaoInternet
    or at the Bank branch.

You can have up to three TAN Blocks (including one that is active).

If you lose your TAN Block, you should block it:

  • in the PekaoInternet channel, or
  • by calling a TelePekao consultant, or
  • by sending a text message through PekaoSMS, or
  • at the Bank branch.

Even if the TAN Block is obtained by an unauthorized individual and the person who accidentally obtained it wants to gain access to the funds deposited on the account, he/she will be prevented from using the accounts because he/she will not know the client number and PIN/password.

Several other additional security measures are used in Pekao24 besides identification and authorization.
These include:

Process of blocking access to individual Pekao24 channels

In order to gain access to the Pekao24 channels such as PekaoSMS, TelePekao, PekaoInternet,
you should know your own client number, PIN and password. If you incorrectly enter your PIN
three times (in TelePekao, PekaoSMS) or your password (in PekaoInternet), the channel in which an incorrect PIN or password was most recently entered, will be blocked.
You can unblock the channel after you correctly login to another Pekao24 channel or after you submit an order at the Bank branch. If an incorrect PIN or password is entered for the fourth time in any of the Pekao24 channels, all channels will be blocked. In order to unblock the channels you should contact a TelePekao consultant at the phone number 800 380 380 or visit the Bank branch that keeps your account.

Note: If you submit the order to unblock access to the Pekao24 channels at the Bank branch,
you will not be able to use the service again until the next day.

Secure Sockets Layer (SSL) in PekaoInternet

Keeping in the security of Internet transactions and transmission of confidential data, a secure 128-bit SSL protocol is being used, which currently guarantees the highest level of security. The SSL protocol is a set of rules and standards that gives an Internet browser the option of secure exchange of encrypted information with the www server using certificates. This ensures confidentiality and integrity of information exchanged between the Client and the Bank as well as identification of the service to which the Client made the connection. During connection to the Bank, the address displayed by the browser, which normally begins with http://, should begin with https://.
The secure connection to the website made with the use of the SSL protocol is indicated by displaying
a locked padlock symbol on the browser status bar. Authenticity of the certificate may be verified by double-clicking on the padlock symbol visible in the lower right-hand corner of the screen and then reading the information in the "General" bookmark (you can also select File/Properties/Certificates from the menu). You should check whether the certificate was issued for www.pekao24.pl by VeriSign and you should also check its expiration date.

PekaoInternet uses an extended SSL certificate. The advantage of such certificate includes an unequivocal identification of the entity to which the certificate was issued, i.e. in this case our Bank.
In new Internet browsers such information is displayed on the green background in the address bar.

Registration of activities

The system will automatically register any operations made by the Client via PekaoInternet and via other Pekao24 services (TelePekao and PekaoSMS). Any details of logging and operations made are displayed in ?Register of Events" in ?Settings" section of PekaoInternet service.

SMS Alerts

By activating SMS alert service you may get any information about the activities carried out in Pekao24, e.g. any attempt to log in to the account, changes to transaction limits, bank transfers made/not made.
In order to use this option, you only need to personalize messages via PekaoInternet ("Settings"
section) or through a TelePekao consultant, i.e. to define the type of messages that you want to receive. The messages will be sent directly on the phone number defined for PekaoSMS at the moment of an operation. It is thus necessary to check whether the messages received relate to the operation
in question and if they are compliant with the actual settings for the service.
SMS messages have an important impact on the security of operations carried out via the service.

Session expiration

This security measure, which is used by the PekaoInternet channel, involves automatic logout
from the channel after 15-minutes of inactivity on the pages.

Transaction limits

This mechanism increases security of using Pekao24 through determining the daily and monthly MT limits. This security measure applies only to clients who actively use the service.

Daily limit - it is a maximum amount that can be transferred from the Client's accounts during one day. This security measure applies only to MTs to not previously defined (random) accounts, which require usage of TANs/SMS codes.

Monthly limit - it is a maximum amount that can be transferred from the Client's accounts during one calendar month. This security measure applies to MTs to not predefined accounts as well as MTs
to predefined accounts/recurrent payments.

Both types of limits apply to all accounts held by the Client and are denominated in PLN. Transaction limits are determined by the Client, and if he/she fails to set limits they will automatically be set in the amount of PLN 1,000 - for daily limit, and PLN 5,000 - for monthly limit. The Client may change the limit amounts by calling a TelePekao consultant, in PekaoInternet or at the Bank branch.

Callbacks

Callback is defined as a phone call made by a consultant to the Client for the purpose of confirming his/her identity. This security measure applies only to clients who actively use the service.
The callback procedure will be applied if certain transactions available in Pekao24 are made.

It concerns in particular:

  • activating a TAN Block (if the Client does not have an active card),
  • generating a new PIN,
  • changing the phone number for callbacks,
  • changing the phone number for PekaoSMS,
  • changing the monthly limit,
  • executing certain transfers and payment orders,
  • cancelling a password to the PekaoInternet channel,
  • blocking/unblocking access to the Pekao24 channels.

Registration of telephone calls

All calls to TelePekao consultants are registered. The records may be used as possible evidence
for placing a given order.

Toolbox
   Stored shortcuts