Security rules

Keep the computer safe
Make sure the computer you use to log onto the Pl@net system is secured as recommended by the operating system's manufacturer. Install legal software only. Install all enhancements and patches recommended by the software manufacturer. Use the regularly updated operating system and Internet browser and anti-virus programs with up-to-date AntiVirus base and, if possible, firewall software or tools. Try to avoid using publicly available computers, in cyber cafes for instance. Such computers are generally not sufficiently secure.

Why is it so important? If an malicious software operates on the computer, it may track the connection with the bank, collect passwords you enter, steal your files and even modify the data you enter.
Check website address
Enter the electronic banking website by typing its full address, or use the service link at the bank's websites. Do not follow any links provided in e-mails or on other websites.

Why is it so important? One of the password stealing techniques is to provide the website that appears identical to the bank's website. To encourage you to visit that website, you may receive emails in which you will be requested to log onto the provided address to verify data. The address provided in such emails can be very similar to the genuine address, and so many people may be easily misled in this way. Having the custom to check the website address, you may prevent such fraud attempts.
Check whether the SSL protocol is used
Check whether the connection between your computer and the bank's server is encrypted. In this situation, the address starts with https://

Why is it so important? If data is sent through an unencrypted connection (without using the SSL protocol) it can be intercepted while being sent over Internet. Pl@net connections are always encrypted.
Do not share your logging keys or passwords
If you log on using a masked password, remember that the bank never needs your entire password, unless to change it to the new password. When logging, provide the requested password characters only.

If you log on using your digital signature (e-signature), do not give access neither to your USB cryptographic device and smart card where you store your keys, nor to your PIN code.

Why is it so important? It happens that frauds ask the bank customers to enter their passwords for verification. This way they acquire customer passwords which could be used to access the customer accounts.
Verify the bank certificate
Check whether you are really connecting to the BNP Paribas Bank Polska S.A. server. This is possible by verifying the certificate always before logging onto the system.To do so, click the certificate icon that appears after entering the Pl@net address to the browser. This icon always appears when you access an encrypted website - the one that starts with https://

If you use Internet Explorer 8.0 browser, it is a yellow lock icon that appears in the browser's top right corner (next to the web address).

After clicking the icon or identity certificate sign, a window with certificate information will appear. Check if:
  • certificate has been issued by VeriSign, trusted certification authority for BNP Paribas Bank Polska S.A.,
  • the certificate has been issued for and whether it is still valid (to do so click on Display certificates),
  • correctness of the certification path for this browser has been confirmed
Why is it so important? Certificate verification allows you to check the authenticity of the server you attempt to connect to. Thus you will avoid connecting to a website which pretends to be your bank's server for the purpose of intercepting your passwords for instance.
Check the image
One of the website graphic features is the image displayed in the upper right corner (in the selector for changing the profile/Customer). Change the default image into another available in the system. To do so, select the My profile -> 'Main setings' function.

Check logging dates
After logging to the service, check the last logging dates, both the successful and the unsuccessful attempts. The data may be checked in the right top corner of your browser, in the selector for changing the profile/Customer. If the dates are different from what you remember to be, this should arouse your concern.

Why is it so important? If the last logging date is different from what you remember to be, it probably means that someone accessed your account. Unsuccessful logging attempts unrelated to your actions may show that someone is trying to crack your password.
Log off the service.
When you finish using the electronic banking service, always log off the website.

Why is it so important? When you log onto the service you start a session. If the session is not closed, someone might use it to make operations on your bank account.