Online Banking Security

Online Banking Security

Read about:

Security standards

Bank Pocztowy provides online banking services in strict compliance with all applicable security standards. Please bear in mind, however, that the security of your online transactions, whether performed on the Pocztowy24 online banking website or in the mobile app, is a shared responsibility between you and the Bank. Continue reading to learn the basics of secure online banking. 

Measures applied by the Bank to ensure your online security

  • CIN, or Customer Identification Number, is a unique eight-digit long number assigned to each customer using the Pocztowy24 online banking service. It is part of your sign-in credentials, which also include your password. You must never disclose your CIN to anyone.
  • Password is, as mentioned, part of your Pocztowy24 sign-in credentials. You will be prompted to change the one-time access password you receive, either by SMS or by mail in a tamper protected envelope, to your own password on your first signing into the online banking service. Please notify the Bank immediately if you do not receive your one-time access password within a few minutes, if sent by SMS, or 14 days, if sent by mail. You should also notify the Bank if the integrity of the envelope containing the password has been breached or you suspect that the envelope has otherwise been tampered with. On your third attempt to sign in using a wrong password, your access to the service will be blocked. You must never disclose your password to anyone. No Bank employee will ever ask you for your password. For security reasons, we recommend that you change your password on a regular basis.
  • SMS codes are six-digit codes sent by the Bank to the mobile phone number indicated by the User for the purposes of authorising instructions placed in the Pocztowy24 online banking service, including transaction orders.
  • Dedicated encryption technology is applied to secure the connection between you and Bank Pocztowy. It relies on the TLS protocol with an at least 128 bit long encryption key and certificate-based authentication. When your connection with the Bank website server is properly encrypted, the Bank website address in your web browser should start with https:// and you should be able to see a padlock icon next to it. You can check the encryption certificate simply by clicking on the icon to display basic information on the certificate, including:
    • whether it has been issued for Bank Pocztowy S.A.,
    • its expiry date.
  • Remember to always check the certificate before signing into the service. If any certificate information is or seems incorrect, abort the sign-in process and contact the Bank.
  • The Pocztowy24 transaction service has all the necessary security features in place, including a valid SSL certificate. If using version 39 or newer of Google Chrome, you may, however, see a warning about expired security features of the website (a padlock icon with a yellow warning triangle). The warning is not prompted directly by any security issue with the service. It merely reflects Google’s decision to promote SHA-2 as the preferred message encryption method. No similar warning is displayed in other web browsers.
  • Your online banking session will time out after 10 minutes of inactivity, and you will be automatically signed out of the transaction service. To continue using the service, you will need to sign in again.
  • Sign-in information is available to any User of the online banking service. After signing into the website, simply go to the ‘Settings’ tab to check the date and time of the last successful sign-in and the last failed attempt to sign in.
  • Remember to check this information on a regular basis. If you notice any discrepancies, please contact the Bank immediately.

What to watch out for prior to and during signing into the online banking service

What to watch out for during signing into the online banking service

  • We recommend that in order to sign into the Pocztowy24 online banking service, you go to the sign-in page by clicking the ‘Sign in’ button on the right-hand side of the top red bar on the Bank Pocztowy home page at
  • Prior to signing in, i.e. entering your CIN and password, check whether the sign-in page address starts with ‘https’ and the address bar in your web browser includes a locked padlock icon indicating that your connection is encrypted. The exact location of the padlock icon within the address bar depends on the web browser and its version.
  • Click on the padlock icon to check the website certificate. Attacks have taken place in the past where the User was redirected to a fraudulent website despite the address bar in his or her web browser displaying the right address. Checking the website certificate will help you determine whether the website you are about to sign into is fraudulent or not. The valid certificate that you can trust is the one issued for Bank Pocztowy S.A. Remember to observe any warnings displayed in your web browser. Also, remember to always use the ‘Sign out’ button to safely sign out of the system once you have finished using it.
  • The Pocztowy24 online banking service will prompt you to enter an SMS code or use your certificate-based signature only when you place orders or instructions. You will never be requested to enter an SMS code or use your certificate-based signature to sign in or immediately after signing in or when viewing your account balance or your transaction history. The service will also never ask you to provide such information as your payment card number of PIN or any other credentials or personal data.
  • Use the Pocztowy24 menu to navigate between functionalities. Do not use the BACK or NEXT buttons in your web browser.
  • Remember to always use the ‘Sign out’ button to safely sign out of the system.
  • Never disclose you CIN, password, SMS codes, or transaction authentication certificates to anyone. You may be requested to provide your CIN to confirm your identity when calling the Bank Helpline, but none of our Consultants will ever ask you to provide your Pocztowy24 password, certificate password, or SMS code.
  • Ensure that the mobile phone and SIM card that you use to access the Pocztowy24 and PocztowySMS services are PIN-protected.
  • The Bank will never ask you for information about the phone you use to authorise transactions (i.e. its brand or model or your mobile phone number).
  • The Bank will never text you any security certificates or other apps for installation on your mobile phone.
  • Prior to authorising a transaction, always carefully check whether the SMS code you have received relates to the order or instruction you have placed.
  • Do not ever open any suspicious emails or text messages, follow any links or open any attachments included therein, instal software from unknown sources, or visit suspicious websites.
  • The Bank will never ask you for information about your payment cards such as the card number, expiry date, PIN, or CVV/CVV2 codes.