The security of operations made through the Pekao24 service depends not only on the Bank but also the user. Therefore, in order to use electronic banking without any anxieties, follow the recommendations listed on this page.
It is also very important to use antivirus software, which secures your computer from malicious programs, and the firewall which controls transmitted information to and from the Internet thus preventing the handover of confidential data.
Please remember to always protect your mobile telephone when using the mobile banking system.
Many mobiles are very advanced tools equipped with operating systems and must be protected
with antivirus software.
ATTRACTIVE OFFER OF ANTIVIRUS SOFTWARE FOR PEKAO24 CUSTOMERS!
You can download Internet Security software produced by leading world manufacturers
from Vprotection.pl web site. You can use the freetest version even for half a year.
After evaluation time you will be able to buy the software in special price.
Programs available in current offer:
How to use offer of Vprotection.pl?
Log on to PekaoInternet channel. On "Client home page" select link "Antivirus software"
in "Special offers" section.
The offer is directed for Pekao SA Bank's Customers, who signed the Pekao24 Usage Agreement.
The program was prepared in cooperation with Ikaria Sp. z o.o. Sp. K.
If you use Internet Explorer 6.0 update it to the newest version or install other modern browser.
Depending on the browser version, check how to verify its version and select the proper settings.
MS Internet Explorer 7.x
Remember, Bank never send any safety certificates via text message.
First, you should click ?Log out" button, then close the Internet browser window.
New versions of popular web browsers contain special options checking if an internet site is not a phishing site. They are called anti-phishing filters. They cannot guarantee that site is safe, but they can decrease the risk of stealing confidential data.
In order to enable the anti-phishing filter in:
Internet Explorer 7.x
click on Tools - Phishing philters and choose : Turn on automatic Web site checking.
go to Tools - Options - Security and check "Tell me if the site I`m visiting is a suspected forgery"
go to Tools - Preferences - Advanced - Security and check the "Enable Fraud Protection" option.
If you use a router or a home wireless network (wi-fi, e.g. live box), establish your own secure and difficult to break password for those devices. Those devices usually have a simple, factory-installed password which protects access to their administration panels. If an outside person knows such password, he/she can change the router settings, which may result in rerouting a page to a page that was established for the purpose of acquiring confidential data or distributing malicious software.
When we designed Pekao24 we kept in mind that the service should be not only convenient but also fully secure. Pekao24 guarantees full security of personal data and funds deposited on the accounts. Our Clients’ information is protected in accordance with the prevailing norms of security and confidentiality.
In Pekao24 account access is protected by a multi-level security system.
The following items are used to identify the Client in the Pekao24 service:
This is a unique number assigned by the Bank?s system to each Client, which is used for identification purposes in all Pekao24 channels. The client number is issued during a visit to a Bank branch after signing the Pekao24 Usage Agreement.
If you have a PIN for Pekao24, you can also obtain information regarding your client number from a TelePekao consultant at 0801 365 365.
This is a personal four-digit number which is used in addition to the client number to identify the client in the TelePekao and PekaoSMS channels and during the first login to PekaoInternet.
Your PIN may be generated with the assistance of a TelePekao consultant after activating the service at the Branch (for this purpose, a TelePekao consultant will call you at the phone number you specified in the Agreement). In exceptional cases, your PIN may be sent via registered mail to the mailing address provided to Pekao24.
Note: If you request your PIN be sent to your mailing address and you do not receive it, contact a TelePekao consultant at 0801 365 365 or (42) 68 38 232 or a Bank branch to generate a new PIN.
Memorize your PIN or write it down in a way that prevents it from being read by other persons.
If you disclose your PIN to an unauthorized person:
Note: if you submit an order to generate a new PIN by calling a TelePekao consultant all Pekao24 channels will be immediately and automatically blocked. In order to unblock them, after receiving the PIN you should visit the Bank branch which keeps your account, or contact a TelePekao consultant. Generating the new PIN in the PekaoInternet channel will not cancel the password to that channel, however, this password will be cancelled if the PIN is generated by calling a TelePekao consultant.
This is a code consisting of 8-16 characters, which is used together with the client number to login to the PekaoInternet channel. It is generated by the user during the first login to that channel and also when submitting a request to generate a new PIN by calling a TelePekao consultant (in such case the PIN should be entered in the first four spaces designated for the password).
The password may contain 8 to 16 characters and it may include digits, lowercase and uppercase letters and special characters. Just like with a PIN, the password should not be provided to other persons.
When creating a login password in PekaoInternet, you can check its strength. The password?s strength determines the level of difficulty to break it. It depends on the length and the type of used characters. A strong password should consist of lowercase and uppercase letters, digits and special characters.
The password may be changed many times in the PekaoInternet channel in the Security section.
If you forget or lose your password:
If the password is cancelled by calling a TelePekao consultant, use your PIN during the first login to the PekaoInternet channel and then the system will automatically force the change to the password which will immediately be in effect in the PekaoInternet channel.
Certain operations made in the Pekao24 service, among others, MTs to not predefined accounts which were not previously determined by calling a TelePekao consultant or in PekaoInternet, require additional confirmation.
|Depending on the preferences, they may be authorized: |
The selected authorization method can be changed at any time:
If you use SMS codes
This operation requires confirmation with the authorization method used to date. If the authorization method changes from the TAN block/PekaoToken/hardware token to the SMS codes in the PekaoInternet channel,
this operation is additionally confirmed with an SMS code.
A detailed list of transactions which require authorization with a TAN/PekaoToken/hardware token/a SMS code is available in the Services function list.
How to start with PekaoToken?
There are only 4 steps:
1. Set PekaoToken as a method for operation authorization. You can do it:
- via PekaoInternet, in "Settings" section. Any modification should be validated
by using the applicable method of authorization,
- by contacting the consultant of TelePekao, phone no. 800 380 380,
- at any branch of the Bank.
2. After defining PekaoToken as a method of authorization, you will receive
the WAP Push or a text message (for applications on smartphones and other mobile devices)
to the mobile phone number defined for PekaoSMS;
it will help you download and install quickly the application on the phone.
3. After installation, you should run and activate the application by using
the code available in PekaoInternet service ("Settings" section).
4. Finally, create your individual PIN code for PekaoToken.
Detailed PekaoToken Instructions can be found in "download files" that are available
in TOOLBOX on the right side of the screen.
PekaoToken application is available for mobile phones (JAVA supported or with Android, iOS
and BlackBerry operating systems) and other mobile devices (for example: tablets).
Token is a credit card size device used to generate safe, single-use codes to accept operations ordered in Pekao24 internet service and via TelePekao consultants. It is identical to PekaoToken
|How does a token work?
The device generates authorisation codes of two types depending on the type of the operation being authorised:
Why is it advantageous to authorise operations with the token?
How to start using the token?
Should the token be stolen or lost, cancel or block it in the internet service
Remember that token can be unblocked at any time while cancellation is permanent.
SMS code is a series of six digits used to authorise certain operations committed via PekaoInternet, such as transfers to external accounts that were not pre-defined with a TelePekao consultant
or in PekaoInterenet. It is an alternative method to the one-time code sheet for authorising operations made via PekaoInternet.
SMS codes are:
EXAMPLE OF A TEXT MESSAGE WITH A PASSWORD:
Operation nr 1 from 2009-03-01. External MT. Destin. account: 79...0011. Amount: 400.23 PLN. Operation code: 107324. Bank Pekao S.A.
The requested transaction, includes a MT to not predefined account for the amount of PLN 400.23, to the account number that starts with 79 and ends with 0011. In this example, the password to confirm the transaction is 107324.
Always verify whether transaction details indicated in a received SMS text message are identical to the details of your order placed via PekaoInternet.
The TAN Block contains 40 single-use 6-digit "passwords" designated for authorizing transactions
in PekaoInternet or by calling a TelePekao consultant. Each code is used to confirm only one operation, which makes it impossible to use the same code several times. In addition, the TAN Block has its own unique 12-digit identification number assigned by the Bank's IT system.
Before it is used, the card should be activated:
For security reasons, when activating a TAN Block for the first time, the Client is also called
at the phone number specified in Pekao24.
The TAN Block is sent via mail:
You can have up to three TAN Blocks (including one that is active).
If you lose your TAN Block, you should block it:
Even if the TAN Block is obtained by an unauthorized individual and the person who accidentally obtained it wants to gain access to the funds deposited on the account, he/she will be prevented from using the accounts because he/she will not know the client number and PIN/password.
Several other additional security measures are used in Pekao24 besides identification and authorization.
In order to gain access to the Pekao24 channels such as PekaoSMS, TelePekao, PekaoInternet,
you should know your own client number, PIN and password. If you incorrectly enter your PIN
three times (in TelePekao, PekaoSMS) or your password (in PekaoInternet), the channel in which an incorrect PIN or password was most recently entered, will be blocked.
You can unblock the channel after you correctly login to another Pekao24 channel or after you submit an order at the Bank branch. If an incorrect PIN or password is entered for the fourth time in any of the Pekao24 channels, all channels will be blocked. In order to unblock the channels you should contact a TelePekao consultant at the phone number 800 380 380 or visit the Bank branch that keeps your account.
Note: If you submit the order to unblock access to the Pekao24 channels at the Bank branch,
you will not be able to use the service again until the next day.
Keeping in the security of Internet transactions and transmission of confidential data, a secure 128-bit SSL protocol is being used, which currently guarantees the highest level of security. The SSL protocol is a set of rules and standards that gives an Internet browser the option of secure exchange of encrypted information with the www server using certificates. This ensures confidentiality and integrity of information exchanged between the Client and the Bank as well as identification of the service to which the Client made the connection. During connection to the Bank, the address displayed by the browser, which normally begins with http://, should begin with https://.
The secure connection to the website made with the use of the SSL protocol is indicated by displaying
a locked padlock symbol on the browser status bar. Authenticity of the certificate may be verified by double-clicking on the padlock symbol visible in the lower right-hand corner of the screen and then reading the information in the "General" bookmark (you can also select File/Properties/Certificates from the menu). You should check whether the certificate was issued for www.pekao24.pl by VeriSign and you should also check its expiration date.
PekaoInternet uses an extended SSL certificate. The advantage of such certificate includes an unequivocal identification of the entity to which the certificate was issued, i.e. in this case our Bank.
In new Internet browsers such information is displayed on the green background in the address bar.
The system will automatically register any operations made by the Client via PekaoInternet and via other Pekao24 services (TelePekao and PekaoSMS). Any details of logging and operations made are displayed in ?Register of Events" in ?Settings" section of PekaoInternet service.
By activating SMS alert service you may get any information about the activities carried out in Pekao24, e.g. any attempt to log in to the account, changes to transaction limits, bank transfers made/not made.
In order to use this option, you only need to personalize messages via PekaoInternet ("Settings"
section) or through a TelePekao consultant, i.e. to define the type of messages that you want to receive. The messages will be sent directly on the phone number defined for PekaoSMS at the moment of an operation. It is thus necessary to check whether the messages received relate to the operation
in question and if they are compliant with the actual settings for the service.
SMS messages have an important impact on the security of operations carried out via the service.
This security measure, which is used by the PekaoInternet channel, involves automatic logout
from the channel after 15-minutes of inactivity on the pages.
This mechanism increases security of using Pekao24 through determining the daily and monthly MT limits. This security measure applies only to clients who actively use the service.
Daily limit - it is a maximum amount that can be transferred from the Client's accounts during one day. This security measure applies only to MTs to not previously defined (random) accounts, which require usage of TANs/SMS codes.
Monthly limit - it is a maximum amount that can be transferred from the Client's accounts during one calendar month. This security measure applies to MTs to not predefined accounts as well as MTs
to predefined accounts/recurrent payments.
Both types of limits apply to all accounts held by the Client and are denominated in PLN. Transaction limits are determined by the Client, and if he/she fails to set limits they will automatically be set in the amount of PLN 1,000 - for daily limit, and PLN 5,000 - for monthly limit. The Client may change the limit amounts by calling a TelePekao consultant, in PekaoInternet or at the Bank branch.
Callback is defined as a phone call made by a consultant to the Client for the purpose of confirming his/her identity. This security measure applies only to clients who actively use the service.
The callback procedure will be applied if certain transactions available in Pekao24 are made.
It concerns in particular:
All calls to TelePekao consultants are registered. The records may be used as possible evidence
for placing a given order.