We have implemented very high security standards to ensure our Clients are always safe when using CitiDirect, CitiDirect Mobile and CitiDirect BE Tablet.
However, please remember that the security of your funds also depends on your actions.
We recommend that you adhere to the security rules described on this page and use CitiDirect in accordance with the technical requirements.
Security News
IMPORTANT SECURITY INFORMATION!
In recent weeks, we have seen an increase in the activity of criminals using social engineering to effectively withdraw funds from bank accounts.
We want to draw your attention to the following methods in particular:
- Impersonating another sender (compromised e-mail address) - criminals use a similarity of characters (e.g. the letter "o" replaces the 0), which can be difficult to detect or use an alias (display name of the e-mail address) for a particular address. (alias: Financial Director's Office \ [firmaabc@poczta.com]). In this way, criminals exploit the inattention of the customer's employees to enforce a specific action, such as the execution of an urgent transfer.
- Fraud perpetrated by impersonating the Chief Financial Officer / President / Chief Accountant - a sociotechnical method that uses the authority of an important person in the company to enforce an urgent transfer through electronic banking systems. This is done either by email or by phone, for example by a phone call from a person impersonating the company President and shouting at the accountant demanding an urgent transfer.
- False invoices and account number changes - criminals exploit the fact that companies are increasingly exchanging invoices or account information by e-mail. Criminals send fabricated invoices containing account numbers belonging to them, rather than to the appropriate payee.
How to defend against such methods?
Particular attention should be paid to the transfers handling processes and circulation of documents in the company.
We recommend using the "callback" method, which is to call back the contractor, who is indicated in the letter, invoice or in an e-mail, using the contact information held by your company. A change of the counterparty's account should be backed up by an additional verification (e.g. telephone confirmation from the contractor, cover letter signed by the contractor's authorised representatives). Modification based on received email may result in loss of funds.
Electronic invoices (PDFs, images, scans) should always be verified for accuracy - especially the bank account. Any differences should be clarified with the counterparty to avoid sending payments to criminals' accounts.
Regular daily verification of bank accounts, statements and account transactions should be a permanent practice used by companies.
In the event of any suspicion of fraud, we recommend urgent contact with the bank to minimize the risk of loss of funds.
Security Mechanisms in CitiDirect®
Learn about the security mechanisms used in our electronic banking system.
- More information
Key Rules of Secure
CitiDirect® use
See how a system User can increase security by following our recommendations.
- More information
Computer Security
Learn how you can easily ensure the security of your computer.
- More information
Online Threats
Be alert and aware of risks to which you are exposed.
- More information
Secure Login
Before you log in, check if you can safely submit your data.
- More information
Secure Login Procedure for Mobile Devices
Remember to protect your mobile devices.
- More information
Cookies
Detailed information about
cookies.
- More information
Implemented ISO standard
Selected ISO standards, implemented by Bank Handlowy w Warszawie S.A.
- More information