Security
SECURITY ON OUR WEBSITE
Secure and encrypted sessions
We make sure that all of our platforms maintain a high level of data security and confidentiality, from our website to the mobile banking applications.
From the moment you access Openbank's website, you will be in a secure session. You can check this easily by just observing the address that appears in the browser bar and starting with https: //.... In addition, you will see that the closed padlock appears.
All data exchanged between you and Openbank is encrypted so that they cannot be read or modified by third parties.
The Openbank Web is entirely under secure servers which use the high-grade TLS encryption protocol with 2048-bit keys, to ensure the security of your banking operations and the safeguarding of your personal data.
Automatic shutdown due to inactivity.
When you are logged into the Customer Area, if there is a period of time in which your computer remains idle during the session, there will be an automatic disconnection of the session. A User Identification screen will appear, in which you must enter your identification document and password again.
System protection
At Openbank, all systems accessible from the Internet are protected by access controls, both network and application, and the most advanced security and monitoring mechanisms.
Moreover, security audits take place on a regular basis, in addition to the specific annual audit performed by AENOR, which certifies that you are truly connected with Openbank and that the transmitted data is encrypted.
SECURITY IN OUR APP
As we indicated above, all transactions you carry out with our Openbank mobile banking applications are secure.
The app verifies that it is connecting to the Openbank servers and all information exchanged is encrypted with TLS before the transmission.
In order to access your accounts and operate from your device, you must use the same passwords as you use to operate in online banking and over the phone.
Only download the application from trusted sources such as iTunes Apple Store for iOS, Google Play for Android. Do not download apps that do not give you total confidence.
Recommendations for your Smartphone or Tablet:
- Use your device’s locking function. It also provides password protection for the home page and after a period of inactivity.
- Do not leave your mobile device alone while you open the application. If you lose your mobile, access to your accounts will not be possible because you need your access password. Install an Antivirus on your device, to detect potential threats and verify that the memory cards are free of viruses before being inserted into the mobile.
- Keep your device’s software updated, always through the official manufacturer’s website.
- Avoid using devices that are rooted or have Jailbreak. This is the cause of most mobile security problems.
Recommendations for the responsible use of your mobile phone:
- Avoid connecting to an open Wi-Fi network to access your bank or make on-line purchases
- Don't click on the links of any SMS that you receive from unknown or that are suspicious even though you know the sender.
- Frequently check your account’s or cards movements.
THEFT OR LOSS OF CARDS
What steps must be followed to block my card?
- Firstly you must call the following numbers as soon as possible:
- 4b MasterCard: 91 362 62 00 or +34 91 177 33 98 if you are not in Spain.
- International Visa: +44 719 38 10 31
If you want, you can also block your card by accessing the Customer Area. When you've signed in, select the card, more options and click the option “Block due to theft or loss”
- Report it to the competent authority as soon as possible. This way you can claim in the event of fraudulent transactions with your card.
To file the complaint you need a print out of the movements of the fraudulent amounts. You can print them in the Customer Area. Once you've signed in, select the card and the transactions will appear. You can also choose to "Download transactions". If you are also asked to have the document validated by the bank, you can request it by calling +34 91 177 33 10.
Remember that you can also report this by phone at 902 102 112 and pick it up later at any police station.
- Check whether a fraudulent transaction has been carried out with your card. You can do so calling +34 91 177 33 10.
To claim the return of these amounts you need to complete, sign and print this claim form
A photocopy of the police report.
Send us the documentation in the way that is most comfortable for you.
- By post:
Openbank - Central Fraud Unit
Operations - Means of Payment - ATM’s
Jacinto Benavente, 2 / TriPark - Edificio C - 3ª planta
28232 Las Rozas (Madrid)
- By email: ayuda@openbank.es
- As soon as we receive the documentation we will process your claim quickly with the corresponding entities through our means of payment department.
- Request a new card at +34 91 177 33 10 or en in the Customer Area. Once you've signed in, choose the card, then in more options choose "Request new card". The card that you are going to receive has a new number, but the secret number is the same as the one you used for the blocked card. If you want to change it, you can do so easily at any Banco Santander Network ATM.
If you do not remember your secret number, you can check it in the Customer Area. When you've signed in, select the card and click on the link “Check PIN”.
BLOCK CARDS
What number can I call to block cards?
There are various options:
- Card locking service: 900 200 128 If you are calling from outside Spain: +34 91 362 62 00
- Openbank: 91 362 62 00. If you are calling from outside Spain: +34 91 177 33 98
- 4b MasterCard: 91 362 62 00
- International Visa: +44 719 38 10 31
Can I block my card through the website?
Yes, you can do so by accessing the Customer Area. When you've signed in, select the card and click on the option Block card.
Can I block my card from an ATM?
Yes you can, you just need to do any transaction with PIN.
And if I have forgotten my PIN?
On our website, you can also check your card's PIN. Access the Customer Area. When you've signed in, select the card, "More Options" and then “Check PIN”.
Can I block it from my mobile phone?
Yes, you can do so easily with the banking app for mobiles and tablets. You just have to download it
RECLAIMING CHARGES
What is the first thing I should do?
If you have not already done so, block your card immediately on the following numbers:
- 4B MasterCard: 91 362 62 00 or +34 91 177 33 98 if you are not in Spain.
- International Visa: +44 719 38 10 31
You can block it yourself from the Customer Area and request a new one. When you've signed in, both operations can be done in the section “Block Card” and in “Request a new card"
Remember that if you want to reject charges that do not correspond to you, you must send us the police report.
Do I need any additional documentation?
You have to complete, sign and print this claim form and submit it together with a photocopy of the police report.
Send us all the documentation in the way that is most comfortable for you:
- By post:
Openbank - Central Fraud Unit
Operations - Means of Payment - ATM’s
Jacinto Benavente, 2 / TriPark - Edificio C - 3ª planta
28232 Las Rozas (Madrid)
- By fax: 91 183 11 46
By email: ayuda@openbank.es
As soon as we receive the documentation we will process your claim quickly with the corresponding entities through our means of payment department.
Should I report it?
Yes. Report it to the competent authority as soon as possible.
Remember that you can also report this by phone at 902 102 112 and pick it up later at any police station.
To file the complaint you need a print out of the transactions for the fraudulent amounts. Download the card movements in the Customer Area. Once you have identified yourself, select the card and then click on the link "Download transactions"
If you are also asked to have the document validated by the bank, you can request it by calling +34 91 177 33 10.
This way you can claim in the event of fraudulent transactions with your card.
How do I request a new card?
Calling +34 91 177 33 10 or in the Customer Area. When you've signed in, select the card and the option “Request a new card”.
The card that you are going to receive has a new number, but the PIN number is the same as the one you used for the blocked card. If you wish to change it, you can do so.
YOUR MOST SECURE CARD
What is Secure Electronic Commerce (SEC)?
All the cards issued by Openbank, have the built-in functionality of Secure Electronic Commerce. With this service, every time you make a purchase online, you will receive an SMS to the mobile phone that you have provided, with a security code that will be requested to complete the transaction.
You can view your card's status in the Customer Area
Whenever I make a purchase using Secure Electronic Commerce, will I receive an SMS?
In principle yes, unless the purchase exceeds the limit assigned to the card, there is not enough balance in the account associated with the card to make the charge or you make a payment in a retailer which is not signed up to Secure Electronic Commerce (SEC).
Why is e-commerce safe?
Thanks to Secure Electronic Commerce, you will have greater protection when making purchases on the Internet with your phone, since this service requires the validation of the identity of the buyer.
Do all Openbank cards have this service?
Yes, all Openbank cards have this incorporated function.
How does secure electronic commerce work?
It is very simple.
Whenever you make a purchase on-line in a trade acceded to the Secure Electronic Commerce System, you will receive an SMS with a security code, on the mobile phone whose number you have provided.
You will be prompted for the security code at the end of the purchase process, in order to complete the transaction.
Once you put the code in and accept the transaction a charge will be made on the available balance of your credit card or on the account associated with your debit card.
Where can I use this service?
You can pay with this level of security on all the websites that are identified with the logo MasterCard SecureCode and Verified by Visa.
How can I increase the safety of my card for purchases in traditional shops and over the Internet?
You can use at no cost our alert services SMS cards.
SMS Shopping: when you make purchases with your Openbank VISA, regardless of the value of the purchase, you will instantly receive an SMS with the amount of the operation.
An SMS Extract: every month, and before charging your account, you will receive an SMS with the amount taken from your VISA card.
To register for this free service, call +34 91 177 33 10
What is the contact telephone number associated with my account? What do I do to modify it?
If you want to see the mobile phone number you have provided or modify or cancel it, you can do so in the Customer Area by Internet, or by calling +34 91 177 33 10.
What is Phishing?
This is the practice that involves the impersonation of the entity with the aim of deceiving users through social engineering. The purpose is to get the victim to click on a link (website, e-mail, sms, etc.) that redirects them to a fraudulent website that is disguised as the company (it looks very similar to the original website) and captures information or banking data.
How can I protect myself?
To avoid being a victim of phishing it is important to follow these recommendations:
- If you receive an e-mail or SMS, never provide your personal data, passwords to access online banking or other data such as the numbers for your credit card, CVV, PIN, etc.
- Check that the sender address of the mail has the domain of the Bank.
- Be wary if the wording of the text is poor or there are spelling mistakes.
- Take care if the link included in the email does not take you to the bank's domain or does not have an SSL certificate (secure and legitimate web page)
- You should never open attachments since these can contain malware (how to analyse suspicious files)
- Openbank will never ask you, by phone or online, for your full signature password, only random positions.
Despite everything I have given my data away... What should I do?
Unfortunately this practice works for cybercriminals, so you are not the first victim and you won't be the last either.
Immediately contact the Bank on 91 177 3310 or 901 24 63 65 to provide all details, this will help us to take the appropriate actions.
If you have provided your online banking or card details, you need to block them and request new credentials.
Should you use an anti-virus program?
Yes, but in order for it to be effective you must not only have it installed, but also updated.
These programs have an option that will allow you to update them automatically, see the help section in the program.
There is a huge variety of free anti-virus programs that you can find at the Internet User Security Office.
Should I protect my computer with firewalls?
Yes, a firewall is a program that helps protect your computer from intruders who try to access it without your permission.
You can consult in the Internet User Security Office, where you will find a variety of firewalls
Is it advisable to use updates and security patches on my computer?
Yes, to correct the vulnerabilities in the installed programs. Normally the manufacturer will offer users a 'patch' to correct any vulnerability.
Consult the latest updates for these browsers:
Vulnerabilities in programs are exploited by hackers to gain unauthorised access and to introduce viruses into systems. For this reason we recommend that you periodically check the updates of your programs.
What is the PSD2 regulation?
In short, it is a European directive that seeks to increase levels of security for payments and electronic payment transactions. Its full title is Payment Services Directive 2.
This directive was implemented in Spain by a national law in late 2018. In September 2019, new legislation came into force, increasing the security of online payments and the use of financial aggregators.
As for your data, it also includes criteria to increase authentication factors. This makes logging in to the website and Openbank app more secure.
How does it affect you?
When logging into the web and Openbank App
In addition to your ID and passcode, you will now also need to enter a confirmation code that we will send you via SMS. For this reason, it’s important that you keep your mobile phone number up to date in your Personal Details. You will need to carry out this additional step every 90 days, at most.
If you want to use your Openbank products on an online shop or service:When the online service or shop asks you for a password to authorise access to your account, it will redirect you to Openbank.
- Go to “Register and manage passwords for online merchants and services - TPPs” and click on “Register new TPP”.
- Sign in with your usual Openbank login details.
For added security, you will need to re-enter this password, or renew it, every 90 days.
What are the different types of TPP access?
When you connect a new TPP (Third-Party Provider), i.e., a new external online service provider, you allow them to make payments and/or access your product information.
The types of access permitted to a TPP are:
Payment initiation from a TPP
This access allows a TPP to make payments from any of your active accounts.
Funds query permission
This consent allows you to choose whether you want to authorise the TPP to confirm whether the available balance in your account is enough to make the payment.
Read permission
For example, if you register an external financial aggregator, you can choose which financial products you want to see from that aggregator, such as your Payroll Account and Credit Card.
Change the permissions whenever you want
Don’t forget that you can withdraw permissions or access whenever you want from the “Security and passcodes” section. To do this:
- Go to “Security and passcodes” from your profile in the Customer Area.
- Open the section “Manage access permissions and consent for TPP”.
- Click on the “Options” drop-down menu for the TPP you want to remove and click on “Remove TPP”.
