Security
- Security on the Website and App
- Card Security
- General security advice
- PSD2 Regulation
SECURITY ON OUR WEBSITE
Secure and encrypted sessions
We make sure that all of our platforms maintain a high level of data security and confidentiality, from our website to the mobile banking applications.
From the moment you access Openbank's website, you will be in a secure session. You can check this easily by just observing the address that appears in the browser bar and starting with https: //.... In addition, you will see that the closed padlock appears.
All data exchanged between you and Openbank is encrypted so that they cannot be read or modified by third parties.
The Openbank Website is entirely under secure servers which use the high-grade TLS encryption protocol with 2048-bit keys, to ensure the security of your banking operations and the safeguarding of your personal data.
Automatic shutdown due to inactivity.
When you are logged into the Customer Area, if there is a period of time in which your computer remains idle during the session, there will be an automatic disconnection of the session. A User Identification screen will appear, in which you must enter your ID number and passcode again.
System protection
At Openbank, all systems accessible on the internet are protected by access controls, both network and application, and the most advanced security and monitoring mechanisms.
Moreover, security audits take place on a regular basis, in addition to the specific annual audit performed by AENOR, which certifies that you are really connected with Openbank and that the transmitted data is encrypted.
SECURITY IN OUR APP
As we indicated above, all transactions you carry out with our Openbank mobile banking applications are secure.
The app verifies that it is connecting to the Openbank servers and all information exchanged is encrypted with TLS before the transmission.
In order to access your accounts and operate them on your device, you must use the same passcode you use to undertake online and phone banking.
Only download the application from trusted sources such as iTunes Apple Store for iOS, Google Play for Android. Do not download apps that do not give you total confidence.
Recommendations for your Smartphone or Tablet:
- Use your device’s locking function. It also provides passcode protection for the homepage and after a period of inactivity.
- Do not leave your mobile device unattended while the application is open. If you lose your mobile, access to your accounts will not be possible because your passcode is needed. Install an Antivirus on your device, to detect potential threats and verify that the memory cards are free of viruses before being inserted into the mobile.
- Keep your device’s software updated, always through the official manufacturer’s website.
- Avoid using devices that are rooted or have Jailbreak. This is the cause of most mobile security problems.
Recommendations for the responsible use of your mobile phone:
- Avoid connecting to an open Wi-Fi network to access your bank or make online purchases
- Don't click on the links of any SMS that you receive from unknown sources or that are suspicious even if the sender is known to you.
- Frequently check your account and card transactions.
THEFT OR LOSS OF CARDS
What steps must be followed to block my card?
- Firstly, you must call one of the following numbers as soon as possible:
- 4b MasterCard: 91 362 62 00 or +34 91 177 33 98 if you are not in Spain.
- International Visa: +44 719 38 10 31
If you want, you can also block your card by accessing the Customer Area. When you've signed in, select the card, more options and click the option “Permanently block”.
- Report it to the competent authority as soon as possible. This way you can claim in the event of fraudulent transactions with your card.
To file the complaint, you need a printout of the fraudulent transactions and amounts. You can print them in the Customer Area. Once you've logged in, select the card and the transactions will appear. You can also choose to "Download transactions". If you are also asked to have the document validated by the bank, you can request it by calling +34 91 177 33 10.
Remember that you can also report this by phone at 902 102 112 and pick it up later at any police station.
- Check whether a fraudulent transaction has been carried out with your card. You can do so by calling +34 91 177 33 10.
To request the return of these amounts, you need to complete, sign and print this claim form.
A photocopy of the police report.
Send us the documentation in the way that best suits you.
- Postal mail:
Openbank - Central Fraud Unit
Operations - Means of Payment - ATM’s
Plaza Santa Barbara 1
28004 Madrid
- Web: For your convenience, you can upload documentation from your profile in the Customer Area by clicking on 'Documentation' > 'More Options' > 'Upload Documentation'. Flease select the 'Card claims' option from the list to upload the document.
As soon as we receive the documentation, we will process your request quickly with the corresponding entities through our Payment Methods department.
- Request a new card at +34 91 177 33 10 or in the Customer Area. Once you've logged in, choose the card, then in more options choose "Request new card". The card that you are going to receive has a new number, but the secret number is the same as the one you used for the blocked card. If you want to change it, you can do so easily at any Banco Santander Network ATM.
If you can't remember your secret number, you can check it in the Customer Area. When you've logged in, select the card and click on the link “Check PIN”.
BLOCK CARDS
What number can I call to block cards?
There are several options:
- Card locking service: 900 200 128 . If you are calling from outside Spain: +34 91 362 62 00.
- Openbank: 91 362 62 00. If you are calling from outside Spain: +34 91 177 33 98.
- 4b MasterCard: 91 362 62 00.
- International Visa: +44 719 38 10 31.
Can I block my card through the website?
Yes, you can do so by accessing the Customer Area. When you've logged in, select the card and click on the option Block card.
And if I have forgotten my PIN?
On our website, you can also check your card's PIN. Access the Customer Area. When you've logged in, select the card, "More Options" and then “Check PIN”.
Can I block it from my mobile phone?
Yes, you can do it easily with the banking app for mobiles and tablets. You just have to download it.
RECLAIMING FRAUDULENT CHARGES
What is the first thing I should do?
If you have not already done so, block your card immediately by calling any of the following numbers:
- Block card: 900 200 128
- If you're abroad: +34 91 362 62 00
You can block it yourself in the Customer Area of our website. When you've logged in, select the car and click "Permanently block". Next, you can request a new one by clicking on "Request a new card".
Remember that if you want to reject charges that do not correspond to you due to the fraudulent use of your card, you must send us the police report so that we can process the refund of fraudulent charges.
Do I need any additional documentation?
You have to complete, sign and print this claim form and submit it together with a photocopy of the police report.
Send us all the documentation in the way that best suits you.
- By post:
Openbank - Unidad Central de Fraudes
Operaciones - Medios de Pago - ATM’s
Plaza de Santa Barbara 1
28004 Madrid
- On the website: For your convenience, log in to the Customer Area of the website using your ID and passcode. Once logged in, you can upload the document by going to your profile and clicking on "Documentation" > "More Options" > "Upload documentation". Please select the "Card claims" option to upload the document.
As soon as we receive the documentation, we will process your request quickly with the corresponding entities through our means of payment department.
Should I report it?
Yes. Report it to the competent authority as soon as possible.
Remember that you can also report it by phone at 902 102 112 and pick it up later at any police station.
To file the complaint you need a printout of the fraudulent transactions and amounts. Download the card transactions in the Customer Area. Once you have identified yourself, select the card and then click on the link "Download transactions".
If you are also asked to have the document validated by the bank, you can request it by calling +34 91 177 33 10.
This way, you can claim in the event of fraudulent transactions with your card.
How do I request a new card?
Calling +34 91 177 33 10 or in the Customer Area. When you've logged in, select the card and the option “Request a new card”.
The card that you are going to receive has a new number, but the PIN number is the same as the one you used for the blocked card. If you wish to change it, you can do so.
YOUR MOST SECURE CARD
What is Secure Electronic Commerce (SEC)?
All the cards issued by Openbank, have the built-in functionality of Secure Electronic Commerce. With this service, every time you make a purchase online, you will receive an SMS to the mobile phone that you have provided, with a security code that will be requested to complete the transaction.
You can view your card status in the Customer Area.
Whenever I make a purchase using Secure Electronic Commerce, will I receive an SMS?
In principle yes, unless the purchase exceeds the limit assigned to the card, there is not enough money in the account associated with the card to make the payment or you make a payment in a retailer that is not signed up to Secure Electronic Commerce (SEC).
Why is e-commerce safe?
Thanks to Secure Electronic Commerce, you will have greater protection when making purchases on the internet with your phone, as this service requires the validation of the identity of the buyer.
Do all Openbank cards have this service?
Yes, all Openbank cards have this incorporated function.
How does secure electronic commerce work?
It is very simple.
Whenever you make a purchase online in a trade acceded to the Secure Electronic Commerce System, you will receive an SMS with a security code, on the mobile phone whose number you have provided.
You will be prompted for the security code at the end of the purchase process, in order to complete the transaction.
Once you put the code in and accept the transaction a charge will be made on the available balance of your credit card or on the account associated with your debit card.
Where can I use this service?
You can pay with this level of security on all the websites that are identified with the logo MasterCard SecureCode and Verified by Visa.
How can I increase the safety of my card for purchases in traditional shops and over the internet?
You can use at no cost our alert services SMS cards.
SMS Shopping: when you make purchases with your Openbank VISA, regardless of the value of the purchase, you will instantly receive an SMS with the amount of the transaction.
An SMS Extract: every month, and before charging your account, you will receive an SMS with the amount taken from your VISA card.
To register for this free service, call +34 91 177 33 10.
What is the contact telephone number associated with my account? What do I do to change it?
If you want to see the mobile phone number you have provided or modify or cancel it, you can do so in the Customer Area or by calling +34 91 177 33 10.
What is phishing?
This is a practice that involves impersonating the bank with the aim of deceiving users through social engineering. The purpose is to get the victim to click on a link (website, email, SMS, etc.) that redirects them to a fraudulent website that is made to look like that of the bank (it looks very similar to the original website) and captures information or banking data.
How can I protect myself?
To avoid being a victim of phishing, it is important to follow these recommendations:
- Received an email, SMS or phone call asking for info? Remember: never give anyone your online bank passcodes, personal data or any other details, such as your credit card number, CVV or PIN.
- Check that the sender address of the email has the domain of the bank.
- Be wary if the wording of the text is poor or there are spelling mistakes.
- Take care if the link included in the email does not take you to the bank's domain or does not have an SSL certificate (secure and legitimate web page).
- You should never open attachments as these can contain malware (how to analyse suspicious files).
- Openbank will never ask you, by phone or online, for your full signature key, only random positions.
Despite everything, I have shared my data ... what should I do?
Immediately contact the bank on 91 177 3310 or 901 24 73 65 to provide all the details and to help us take the appropriate action.
If you have provided your online banking or card details, you need to block them and request new ones.
Should you use an anti-virus program?
Yes, but in order for it to be effective you must not only have it installed, but also updated.
These programs have an option that will allow you to update them automatically, see the help section in the program.
There is a huge variety of free anti-virus programs that you can find at the Internet User Security Office.
Should I protect my computer with firewalls?
Yes, a firewall is a program that helps protect your computer from intruders who try to access it without your permission.
Check out the Internet User Security Office, where you will find a range of firewalls.
Is it advisable to use updates and security patches on my computer?
Yes, to correct the vulnerabilities in the installed programs. Normally, the manufacturer will offer users a 'patch' to correct any vulnerability.
Check out the latest updates for these browsers:
Vulnerabilities in programs are exploited by cybercriminals to gain unauthorised access and to places viruses in systems. For this reason, we recommend that you periodically check the updates of your programs.
What is the PSD2 regulation?
In short, it is a European directive that seeks to increase levels of security for payments and electronic payment transactions. Its full name is the Payment Services Directive 2.
This directive was implemented in Spain by the Payment Services Law (Ley de Servicios de Pago) in late 2018. In September 2019, a new revised version of the directive came into force with the aim of increasing the security of online payments and the use of financial aggregators.
As for your data, it also includes criteria to increase authentication factors. This makes logging in to the website and Openbank app more secure.
How does it affect you?
When logging into the web and Openbank App
In addition to your ID and passcode, you will now also need to enter a confirmation code that we will send you via SMS. For this reason, it’s important that you keep your mobile phone number up to date in your Personal Details. You will need to carry out this additional step every 180 days, at most.
If you want to use your Openbank products on an online shop or service: when the online service or shop asks you for a passcode to authorise access to your account, it will redirect you to Openbank.
- Go to “Register and manage passcodes for online merchants and services - TPPs” and click on “Register new TPP”.
- Log in with your usual Openbank login details.
For added security, you will need to re-enter this passcode, or renew it, every 180 days.
What are the different types of TPP access?
When you connect a new TPP (Third-Party Provider), i.e., a new external online service provider, you allow them to make payments and/or access your product information.
The types of access permitted to a TPP are:
Payment initiation from a TPP
This access allows a TPP to make payments from any of your active accounts.
Fund query permission
This consent allows you to choose whether you want to authorise the TPP to confirm whether the available balance in your account is enough to make the payment.
Read permission
For example, if you register an external financial aggregator, you can choose which financial products you want to see from that aggregator, such as your Payroll Account and Credit Card.
Change the permissions whenever you want
Don’t forget that you can withdraw permissions or access whenever you want from the “Security and passcodes” section. To do this:
- Go to “Security and passcodes” from your profile in the Customer Area.
- Open the section “Manage access permissions and consent for TPP”.
- Click on the “Options” drop-down menu for the TPP you want to remove and click on “Remove TPP”.