Make sure your computer's security information and deal safely online
In addition to the features of your computer, online connection and netbank, your own actions have an impact on the security of your online banking services. Online banking is safe when you ensure that the data security of your computer is up to date and act in a responsible manner:
- Keep the firewall on your computer always on
- Regularly update the anti-virus software on your computer
- Be vigilant during an online connection
- Be careful when using and storing your access codes
Your responsibilities and obligations as a user of access codes
Read the instructions on how to use access codes and the agreement terms and conditions.
Our responsibilities and obligations as a service provider
As a service provider, it is our responsibility to protect our Netbank with the best possible solutions. These include TLS encryption and a system of one-time codes. We monitor the development of data security threats and solutions continuously and take them into account in our data protection solutions.
This data protection site utilises the electronic guidebooks, such as the Information Security Guide, of the Ministry of Transport and Communications as a source of additional information. Their site has links to F-Secure's virus scanners. We cannot guarantee that the information on the source sites is up to date.
When you want to report misuse, ask questions or give feedback on data security issues, do as follows:
Notification of misuse
Misuse carried out with stolen access codes or card data is an offence that must be reported to the police. Immediately report the misuse to us as well so that we can close your access codes or card.
Reporting phishing e-mailsYou can report phishing e-mails to us.
Netbank and access codes allow Nordea to offer secure banking services. On this page we describe the most important data security solutions in banking services used with Nordea’s access codes.
By keeping the data security of computers and telephones up-to-date and by being vigilant, you can influence the protection of your data and the validity of your transactions.
A Netbank session will automatically close after 15 minutes if you do not use Netbank. If it takes more than 15 minutes to fill in a card application, for example, the session is interrupted and you have to fill in the information again. You can postpone the time-out by moving from one page to another in Netbank, for example. Time-out prevents the unauthorised use of connections that are accidentally left open.
The connection between the bank and the customer’s computer is securely encrypted by using TLS (Transport Layer Security) encryption, which is a commonly used connection encryption method. It prevents third parties from viewing the information you send and receive.
NB! In a secure connection, the address in the browser's address field begins with the letters https://.
The connection is not secure if the address begins with http://.
Netbank sessions are controlled with cookies. At the beginning of a session, a cookie known only by the bank is saved in the cache memory of your browser. Together with the TLS encryption, cookies prevent third parties from viewing your information. When you exit Netbank by clicking the Log out button, cookies are deleted from the cache memory of your browser.
Never use your access codes in a service provided by a third party
There are or will be services on the market provided by third parties where you log in to Netbank from the service provider's site. In these services, logging in to Netbank has been integrated into the service provider's site. After logging in, the program run by the service controls the Netbank connection and you do not see the normal Netbank front page. Instead, you see a text asking you to wait until the transfer is complete or something similar. This means that you can no longer control your Netbank.
Using these services constitutes a significant data security risk. Normally in these services a third party controls the use of Netbank instead of the customer. You may find it difficult to tell the difference between these services and malware.
If another account holder's account has been linked to your Netbank, the information retrieved by an external service provider may include another person's account information which is protected by bank secrecy. This type of data transfer always requires the express consent of the account holder.
Because the use of Netbank is based on personal access codes, you must ensure that an external operator cannot use Netbank on your behalf even after logging into Netbank. These activities are comparable to disclosing your access codes to a third party which is forbidden in the terms and conditions of our Netbank agreement.
Use of Netbank access codes approved by Nordea
- E-identification is used in the services provided by public authorities and pension insurance companies, where you key in your Netbank access codes in Nordea's e-identification site. After identification, you return to the third party's site.
- E-payment is used to pay for online shopping. You key in your Netbank access codes to Nordea's e-payment site and check the invoice from your screen. After you have provided your confirmation code, payment is debited to your account. You can then return to the online store's site, if you wish.
- Netbank is a service offered by Nordea, where customers can bank online. Customers log in to Netbank via nordea.fi. In Netbank, they can control their transactions and they themselves exit Netbank.
- How do I recognise online hoax?
- A clear sign of online hoax is if you receive an unsolicited e-mail in the name of the bank asking you to log in to a service or to give personal information in an e-mail or on a web form.
- Another basic precaution is to check the website address and legitimacy of the online service. Nordea's Netbank addresses begin with https://, in which the letter 's' stands for an encrypted connection between the customer and the bank.
- Spelling mistakes do not belong to credible communication, and even a small mistake may be a sign of hoax.
- You get an offer that is too good to be true.
- Some scam messages are masked competitions where the prize is a free or inexpensive product.
- What kinds of hoaxes are sent in Nordea's electronic channels?
Hoax attempts are circulating constantly. Some hoaxes traditionally involve phishing of information, some malware on customers' computers and some a combination of these two.
Cyber-criminals change their tactics which is why we are constantly alert and often get ahead of threats before anything actually happens.
- How does Nordea warn its customers of hoax attempts in its electronic channels?
As hoax attempts circulate regularly, Nordea cannot warn about them at every turn. During extensive hoax waves Nordea may inform its customers on the open pages, in the bank's social media channels (Facebook, Twitter) and in the Netbanks.
Nordea employees working with customers may also remind them of secure online banking and give instructions on how to protect themselves against hoax attempts.
- What should customers take into account to ensure secure online banking?
Nordea provides its customers with a secure electronic channel. Secure online banking is connected with a number of certain prerequisites that either the bank or the customer must meet. The customer must keep the terminal device (PC, tablet or phone) he or she uses up to date in regard to software and information security. This is to reduce the risk of being infected with malware and thereby to limit successful cybercrime.
- Why are data breaches possible in the electronic channels even if the security instruments were followed?
The risk of data breaches is considerably reduced if the security instructions are followed. When we react quickly to suspicious online activity, a breach may be prevented even if the security instructions were neglected. Nordea Customer Service provides support for its customers around the clock, for example, if they believe that their Netbank connections are at risk or a crime has already taken place.
- Will customers be refunded their money lost if a Netbank hoax goes through even if they had complied with the security instructions?
Each case is separately handled after a customer has filed a claim for compensation to the bank and a report of an offence to the police.
- Does Nordea cooperate with other parties in security matters?
Nordea is a member of several local and international cooperation groups. Information gained from this cooperation is utilised, for example, when updating the status report and contingency plans.
- Will Nordea introduce better security solutions to soothe customers' fears?
Customers' awareness of cybercrime may also increase fears of using our Netbanks. The same tip applies to the use of Netbanks as to any other online business: use common sense. Think twice before you click an appended file or a website address.
Nordea's security solutions are intended for making the use of online services easier and possible around the clock. The website nordea.fi/security contains information on data security, protection of hardware and different kinds of cyber attacks. You can also report any data breaches or attempts of them to Nordea by using the contact information on the website.
Your PC and information security
You can improve web security by making sure that your Internet browser, antivirus software and firewall software are regularly updated.
But even the highest level of protection for your PC and web connection will not guarantee perfect data security if you hand over your personal information over unencrypted e-mail or if you open attachments the sender and content of which are unknown to you. In addition to technical solutions, your own vigilance can help you ensure that you conduct your online business in a secure way.
Firewall protects your PC
Firewall is an isolating system that prevents an outsider from installing malware or phishing programs to your PC over the Internet. For a home user, installing a firewall program is the most important step in protecting your PC.
Antivirus software protects your PC from malware
Antivirus software checks computer files for viruses and other malware. It can also warn you if a website is trying to install malware on your computer. Installing antivirus software and updating it regularly is another important step in protecting your own PC.
E-mail messages are transmitted over the open Internet, so you must not send confidential information or information subject to bank secrecy in regular e-mail.
Activate phishing filter in new browsers
One way to identify scams is to activate the phishing filter which is automatically installed in new browser versions.
Security on your mobile phone
There are several things you can do to keep your mobile phone safe:
- Always keep you phone in sight, as long as you know where it is, nobody will be able to use it without your knowledge.
- By adding a code to open your phone, it makes it more difficult for others than yourself to use your phone and get access to sensitive information.
- Make regular and frequent back-ups of your phone.
- Make sure you have the phone’s IMEI number written down if you need to block it.
- IMEI = International Mobile Equipment Identity – this is a unique number that identifies your phone. It is usually found on the inside of the battery compartment, and for some phones, it can be displayed by entering *#06# on the dialing keypad.
- Before you travel abroad, make sure you have a telephone number for your phone operator that can be used from another country.
If you have a smartphone, there are some additional things you can do to keep it safe:
- Only install apps from sources that you can trust.
- Only connect to a wifi network that you trust. There are cases where fake hotspots have been used to gather information from the phones.
- Install a location detection app that can be used from another device in order to find your phone when it has been misplaced or stolen.
- Update your operating system and your apps on a regular basis – with updates comes new security features, new functionality and better usability.
- Do not jailbreak your phone. When you root or jailbreak your phone, you remove the overall security from the device.
- Install an antivirus software on your phone, whenever possible.
If you lose your phone, or if it is stolen:
- Contact your phone company to block your mobile phone subscription.
- Check with your phone company if it is possible for them to remove sensitive information (swipe the phone).
- In case of theft; contact the police to report the incident.
- Disable any bank SMS alerts you have set up. You can do that from the Internet bank.
Protect your device and software
Both you as a customer and Nordea as a bank have a responsibility to protect confidential information and make sure that it is not misused.
You should protect your devices (pc, mobile phone and tablet) and your data by access codes. Choose passwords that are easy for you to remember but hard for others to guess. Don't use userIDs, names, words, popular phrases, birthdays or the like as part of the passwords. You should be extra careful when handling your access codes and ensure nobody else but you can access and use them.
What is a good code for a device?
The following advice is not about setting your online banking credentials but for the device you use for accessing our services.
- It consists of at least eight characters.
- It consists of both numbers and letters.
- It includes special characters (#, ¤, %).
It is changed regularly and the new password is as different from the old one as possible.
You should never keep your different access codes in the same place as your identification card, for example in your wallet, handbag or at home.
“Phishing” means the prying of personal, card or online banking data by e-mail, telephone and/or fake websites. The data are collected for criminal purposes.
Phishing of access codes by e-mail
Like spammers, phishers use e-mail addresses collected by various means and send phishing messages to countless people simultaneously. They do not know which bank’s customer the recipient is. Phishers do not have access to e-mail addresses or any other personal data stored by banks. The aim of phishers is to steal money with data collected in a fraudulent manner.
Phishing of access codes by telephone
An unknown person may call you, introduce himself as a Nordea employee and ask you, for example, to give card numbers and PIN codes or to list your access codes and other confidential information or information that falls within bank secrecy. This is a criminal who is attempting to steal money with data collected in a fraudulent manner.
Have you received a phishing message?
- If you receive an e-mail which asks you to give data on your banking details, you must delete it and not reply to it under any circumstances.
- If you have given your access codes to third parties, notify us immediately by calling Nordea Customer Service or call our blocking service outside Customer Service opening hours, tel 020 333 (24 hours a day), from abroad +358 20 333 (24 hours a day).
- You can report phishing e-mails to us.
Malware is short for malicious software. It is any kind of unwanted software that is installed on your device (pc, tablet, mobile phone) without your permission or without you even knowing it. Malware can also be distributed through USB sticks so as a rule you should never use USB sticks that you find or borrow from friends or colleagues.
Malware is designed to damage or disrupt a system. It can also be used to give an online criminal control over a device or to steal personal information.
Examples of malware: virus, worms, Trojan horses.
Protect yourself against swindlers
Take the following precautions to ensure data security:
- The newest browsers allow you to activate an alert for pages identified as phishing.
- Do not send confidential personal or banking information by regular e-mail. Only send it from a secure website where messages are encrypted. Regular e-mail is not encrypted; it corresponds to sending a postcard which anyone can read. Ensure that the website is encrypted and runs in secure mode: check that the browser bar has a padlock icon before sending confidential information.
- The Mail function inside Netbank is a secure way to communicate with us. Do not send sensitive personal or financial information in an open e-mail because it has not been encrypted.
- Do business only with companies you know and trust.
- Monitor your account and card transactions. Review your order confirmations, credit card bills and account statements as soon as you receive them. Make sure that you are only charged for transactions you have made. If you notice errors in your account details, report them immediately by calling Nordea Customer Service.
- Avoid distributing your e-mail address on the Internet.
- Antivirus program
Antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. You can help protect your computer against viruses by using antivirus software. There is a variety of software available in the markets for free or at a cost.
Computer viruses are software programs that are deliberately designed to interfere with computer operation; record, corrupt or delete data; or spread themselves to other computers and throughout the Internet.
To help prevent the most current viruses, you must update your antivirus software regularly. You can set up most types of antivirus software to update automatically.
- Cash trap
The ATM has been manipulated by criminals who have inserted a device that traps the money so that it does not come out of the ATM. When you leave, thinking that the ATM is out of order, the criminals return with a special tool and release the money from the trap. If you suspect this, you should check your account to see if the withdrawal has been registered. It is important that you call your bank if you do not get your money from the ATM.
Is a vulnerability used by online criminals to collect an infected user's click. In this way the user can be forced to do all sort of things from adjusting the user's computer settings to unwittingly sending the user to websites with malicious codes.
A cookie is a small piece of code which is stored in the browser on your pc, mobile phone or tablet when you surf on the internet. The cookie stores information about your behaviour or ensures that a web page works technically. Cookies are not harmful and when you exit Netbank by clicking on the Log out button, the cookies are deleted.
Cybercrime is a term used for criminal acts involving computers, smart phones and networks. Examples of cybercrime are Internet fraud, identity theft and credit card account thefts. The illegal activities are carried out through the use of a computer and the Internet.
Is a technical way to convert data into cipher text. Encryption is used to prevent confidential data from being accessed or used by unauthorised persons.
- Family fraud
Someone close to you misuses your bank identity, for example account, card and/or personal information.
A firewall is software or hardware that checks information coming from the Internet or a network and then either blocks it or allows it to pass through to your computer, depending on your firewall settings.
A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers.
The following illustration shows how a firewall works.
A firewall isn't the same thing as an antivirus program. To help protect your computer, you need both a firewall and an antivirus and anti-malware program.
- Identity theft
Identity theft (or ID jacking) is where your personal information is misused to get a bank or credit card or a loans or for gambling site accounts or purchasing goods on credit in shops.
Also known as keystrokelogging. This is the practice of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that persons using their keyboards are unaware that their actions are being monitored.
Malware is short for malicious software. It is any kind of unwanted software that is installed on your devices (pc, mobile phone) without your permission or without you even knowing it. Malware is designed to damage or disrupt a system. It can also be used to give online criminals control over the device or to steal personal information.
Examples of malware: virus, worms, Trojan horses.
- Money mules
A person who transfers illegally acquired money on behalf of other criminals is called a money mule.
Criminals use various ways of attracting or luring others to act as a money mule. You may be offered “a job” which involves asking you to receive money into your bank account and transfer it to another account, letting you keep some for yourself. Criminals might also ask you to open a new account for this purpose only.
The money that is transferred is stolen and the transfer is called money laundering. Anyone acting as a money mule may be liable for criminal offences whether or not there was a monetary benefit.
The criminals trick you to go to a fake website. This method can be quite confusing and difficult to detect as the website looks very similar to the real bank or shop website.
Phishing means the prying of personal, card or online banking data by e-mail, telephone and/or fake web sites. The aim is to scam the user into sharing private information so that it can be used for fraud such as identity theft or Netbank withdrawals.
Short for SMS Phishing, it is a variant of phishing e-mail scams that uses the Short Message Service (SMS) systems to send phishing messages. The SMS will contain a website hyperlink. If the user clicks on the link, a Trojan horse will be downloaded to the phone and you are requested to input sensitive data on the web page.
Ransomware is software that denies a user access to files in a device until a sum of money has been paid (ransom) to the online criminals. A worm or Trojan horse may be the carrier of ransomware or the user has clicked on an infected e-mail attachment or visited a hacked website.
- Shoulder surfing
When using your card in a shop or an ATM someone could stand close to you and see you keying in your PIN code. After this they will steal your card and use it for purchases and/or withdrawals from ATMs.
- Skimming and card fraud
Skimming is where the criminals use a special card reader to copy the content of the magnetic stripe on your card. The information is copied onto another card that the criminals use and the money is drawn from your account. Skimming can be done at unattended terminals (ATMs, petrol stations), shop terminals, parking automats, restaurants and other places that use card readers.
- Social engineering
Social engineering is about manipulating or tricking people into giving up confidential information. Online criminals that make use of social engineering exploit that many people want to trust others and also to be helpful. Phishing is a type of social engineering.
Spam is a term used about electronic junk mail or junk newsgroup postings – the electronic equivalent of the junk mail in the postal mail. The most common types of spam are: prescription drugs, herbal remedies, get-rich quick schemes, financial services, online gambling and pirated software. Spammers often disguise their e-mails in order to evade anti-spam software. Most often spam will do no harm but it can be very annoying and take up a lot of space in your mailbox. You should never answer spam e-mails or click on any link in a spam e-mail. Use a spam filter to block out unwanted e-mails.
Spyware is software that enables hackers to gather and steal information without your permission. Information could include credit card numbers and passwords etc.
Trojans (or trojan horses) are programs that pretend to be legitimate software, but they actually carry out hidden, harmful functions such as stealing personal information from the device. Some Trojans allow online criminals to take control of another user’s device via the internet without the user’s knowledge.
Viruses are computer programs that can spread by making copies of themselves. They spread from one computer to another and from one network to another usually without you knowing about it. Viruses can be harmful and display irritating messages, steal information, jam or crash the device, or even give other users control over your device.
A worm is a program that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.
What to do if you suspect Netbank fraud?
If you have seen suspicious activities in our online services, received doubtful e-mails asking you to provide your logon credentials or anything else that has made you feel doubtful about using our services, please contact Nordea.
Contact Nordea immediately. Nordea will carry out the needed actions to prevent further consequences. This can include blocking the current Netbank agreement or setting limitations on the usage of Netbank. If possible you can also provide screenshots of the suspicious Netbank behaviour.
Do not use your device (pc, tablet, mobile) for netbank or internet purposes until the possible malware has been removed. Use only devices that are not infected. If the online fraud took place due to malware (link to malware) on your pc, tablet or mobile, it is important to disinfect the device. Some malware cannot be removed without re-installing the operating system.
If the online fraud was due to phishing [link to phishing], you should run the antivirus program regularly and always keep it updated as a precaution.
If you have received a phishing e-mail message that has been made to look as if it had been sent from Nordea, you can forward it to the e-mail address below. After sending it, delete the e-mail and do not open any attached link or file.
Please note that
- you cannot send any questions concerning phishing to the address above; it is only meant for reporting suspicions of fraud.
- you will not get a reply to your e-mail but the information you have sent can be used to track and close down harmful websites.
If you have given your access codes to third parties, report it immediately by calling Nordea Customer Service. Outside Customer Service opening hours, call the blocking service at 020 333 (24 hours a day) and from abroad +358 20 333 (24 hours a day).
A card is safer than cash
Look after your card as you tend to your cash and make sure regularly that you have your card with you. Do not leave it unattended in a car, on a restaurant table, or in your office or hotel room. If your card gets lost or stolen, block it immediately by calling the card blocking service (tel 020 333).
Limiting the use of the card increases security as the card can only be used within the limits you have set. You can change the usage limitations on your card in Netbank or in the Mobile Bank app as necessary.
- With security limits you can set daily purchase and withdrawal limits in euros on your card.
- By limiting the usage area you can limit the geographical usage area of your card. The geographical restrictions do not apply to online purchases.
- With online settings you can allow or prevent the use of your card on the Internet.
General recommendations for card use
- Use your card in accordance with Nordea's card terms and conditions.
- Keep the card and the PIN in separate places. Your card and its PIN are personal.
- Never give your card or tell the PIN to any third parties. Even a banking officer or a police officer will never ask you to tell your PIN.
- Prevent outsiders from seeing your PIN when you key it in at ATMs, payment terminals at shops or other places of use.
- Block your card immediately when you notice that your card is lost by calling 020 333 or Nordea Customer Service or by visiting your nearest Nordea branch. If your card is stolen, remember to report it to the police as well.
- Monitor your card transactions in Netbank or on your invoices. If you do not recognise a transaction, submit a card debit inquiry to Nordea at nordea.fi, call Nordea Customer Service or visit one of our branches.
- We recommend that you take two cards with you when travelling to ensure smooth payments. If one of the cards gets lost or stolen, you can still make payments with the other card.
Instructions for banking at payment terminals and ATMs
- Please pay attention when you use your card for paying or withdrawing cash at an ATM. Watch out if you detect something that is out of the ordinary.
- Do not let other people see the PIN when you are keying it in.
- Check the total amount of your purchases before you confirm the payment and ask for a receipt.
- Be cautious with people who want to help or advise you when you are withdrawing cash at an ATM.
- Remember to retrieve your card and cash from the ATM.
- If you detect something suspicious with an ATM, do not use it but contact the bank or ATM supplier whose contact details are given on the ATM.
Instructions for online banking
- We recommend that you allow online use for your card only when you are making purchases. You can change your card's online settings easily in Netbank (Cards -> Usage area and Internet) or in the Mobile Bank app.
- Write the card number and validity in the same form as they are on your card.
- Save the printout, copy or your discussion with the online merchant regarding your order.
- Make sure that the company has a phone number and an address and that you know how to make a complaint of your purchase if need be.
- Do not give the number of your card unless you plan to buy something.
- Never send the number of your credit card in an open e-mail message.
Read more about online card payments.
If you lose your card
If you lose your card, or it is stolen or an ATM abroad seizes it, report the incident immediately to the Finnish banks’ blocking service. Making a loss report is easiest when you know your card number (16 digits).
- Lost card reporting, tel 020 333 (local rates apply*) 24/7
- Calls from abroad, tel +358 20 333 (24/7)
You can also report a lost card by calling Nordea Customer Service, tel 0200 70 000, or by visiting the nearest Nordea branch during its opening hours.
If your card is stolen, report it also to the police.