BANCOMAT security against fraud

We prevent unauthorized use of the BANCOMAT card

The BANCOMAT chip card for withdrawals and payments is a secure device. The security of the BANCOMAT card is certified by the Politecnico di Torino. The only possible fraud involves unauthorized use of the card due to non-receipt, loss, or theft.

The PIN is personal and must be protected

The only way to prevent unauthorized use of the BANCOMAT card is to keep its PIN secret. PIN stands for Personal Identification Number, a personal identification code. This code is personally given by the Issuing Institution to the cardholder so that the BANCOMAT card can be used exclusively by them.

Cardholder responsibility

The cardholder is responsible for every withdrawal or payment transaction performed using the PIN.
Therefore, the PIN must be securely protected and must not be stored in any form together with the BANCOMAT card.
The cardholder is responsible for their PIN: every transaction made with the BANCOMAT card following PIN entry (i.e., with cardholder authentication) is considered to have been made by the cardholder.

Fraud-proof security

The BANCOMAT app is secure

The BANCOMAT app is designed and developed according to state-of-the-art security principles. This ensures that the BANCOMAT app is resistant to cyber-attacks. For installation, it also requires the smartphone to meet specific security criteria. Make sure to download the latest version of the app from official stores to guarantee maximum security.

Preventing unauthorized use of the BANCOMAT app

The intrinsic security of the app must be accompanied by awareness of the tool’s capabilities, as well as the risks related to using consumer devices for managing bank accounts and payments.

The app alone cannot counter fraud attempts carried out through phishing or social engineering. These attacks focus not on the payment tool (smartphone or app) but on the person who holds the tool. Recognizing a phishing attempt is essential to avoid putting your accounts at risk.

How fraud attempts present themselves

Fraud attempts through phishing or social engineering always involve direct contact with the victim. This contact can occur through various channels: email (common phishing), phone (vishing or voice phishing), SMS (smishing or SMS phishing), or social media (social media phishing).

Common reasons for contact include:

  • Technical checks on accounts by the user’s bank.
  • Investigations by the bank regarding the compromise of the user’s account. For this reason, the interlocutor shows urgency to push the victim to act impulsively without properly considering their actions.

Two codes to access, two codes to protect

In the event of a phishing attack on the BANCOMAT app, the attacker’s goal is always to obtain the information needed to activate the app on their own mobile device and perform payment transactions on behalf of the victim.

This information consists of:

  • app activation code on the mobile device. This code is generated within the user’s home banking/mobile banking. It must be entered into the app to activate it.
  • user verification code. This code is sent by the BANCOMAT platform via SMS to the user’s certified phone number registered with their bank. It is necessary to verify that the app activation is performed by the legitimate user.

Secure two-step activation

The app activation is therefore based on two codes: one displayed in the user’s home/mobile banking; one received via SMS by the user.
If the app activation is completed successfully, it is possible to make payments and money transfers directly from the app.
Once the app is activated, confirmation of payment or money transfer operations is provided directly through authentication within the app.

Your codes should never be shared

The app activation is based on two codes: one displayed in the user’s home/mobile banking and one received via SMS by the user.
If the app activation is completed correctly, it is possible to make payments and transfer money directly from the app.

Neither the Bank nor BANCOMAT will ever ask a user for the activation code or verification code of the BANCOMAT app. These are personal codes and must be protected by the user just like the PIN code of the BANCOMAT card or the device codes of the bank account.

In case of suspected phishing, it is advisable to immediately end the communication and promptly inform your Bank of the incident through the communication channels provided by the Bank itself.Se l’attivazione dell’app viene completata correttamente, è possibile effettuare pagamenti e trasferimenti di denaro direttamente dall’app.

Né la Banca, né BANCOMAT chiederà mai ad un utente il codice di attivazione o il codice di verifica dell’app BANCOMAT. Rappresentano codici personali e devono essere protetti dall’utente alla stessa stregua del codice PIN della carta BANCOMAT o dei codici dispositivi del conto bancario.

In caso di sospetto phishing, è opportuno chiudere immediatamente la comunicazione e informare tempestivamente la propria Banca dell’accaduto tramite i canali di comunicazione predisposti dalla Banca stessa.