secure mobile banking
how to safely download the app
always download apps from official app stores – apps downloaded from unknown sources pose a threat to your money and data
avoid downloading apps using QR codes – it can be difficult or impossible to determine who created the QR code and where it will redirect you
never download apps from links provided in text messages, emails or via messaging apps
note
When downloading an app from sources other than official app stores, you run the risk of downloading a malicious app which criminals may use to steal your data or intercept text messages and send them without your consent.
official app stores
Download mBank’s app from official app stores only.
how to safely pair the app with your account
We designed the process of pairing the app with an account so as to minimise the risk of criminals gaining access to your account. While you’re pairing the app with your account, we will ask you to send a text message from the phone number registered with the bank. This way, even if criminals managed to steal your data, they wouldn’t be able to pair the app with your account.
how to securely log in to the mobile app
PIN
PIN is a code consisting of 5–8 digits which you determine on your own. You will use it to log in to the app and confirm operations.
note
never share your PIN to the app with anyone; remember that the bank employees will never ask you to provide your PIN
set a different PIN to the app than the ones you use e.g. for your card or phone
never enter your PIN on websites (in the browser)
when entering your PIN, make sure it cannot be seen by others (especially in public places)
biometric data
Biometric data are your unique features which are almost impossible to replicate by cybercriminals. You can log in to the mobile app with a fingerprint, a face scan or an iris scan.
note
Do not add other people’s biometric data to your device, as they will be able to access your account.
how to securely confirm operations
To confirm operations ordered in the online banking (such as on order to make a transfer or to change your card PIN), you can use:
mobile authorisation, or
SMS passwords
The most secure method for confirming operations is the mobile authorisation. That’s why, if you confirm your operations using one-time SMS passwords, we suggest that you start using the mobile authorisation as soon as possible.
‘security checker’ in the mobile app
1go to ‘settings’ (gear symbol)
go to ‘settings’ (gear symbol)
our security recommendations
Security checker’ in the mobile app contains our recommendations to help you better protect your data and account.
confirm operations using the mobile authorisation
You won’t have to worry about anyone stealing your SMS password and using it to confirm a fraudulent transaction.
enable notifications for outgoing transfers and card transactions
You will receive push notifications for all transfers and card transactions. If anything suspicious happens, you can react quickly, e.g. by changing your account password or limits, cancelling your card or contacting mLinia.
set up a screen lock
Even if someone steals your phone, they won’t be able to use the mBank mobile app, access your money or see the text messages, photos and any other information your store on your phone.
don’t change built-in security features
A device without built-in security features is an easy target for criminals. They may infect it with viruses and malicious apps, capture passwords, steal data or change permissions. If your phone does not have built-in security features, we advise you not to use the mobile app on it.
use the latest app version
You will have access to all new security features whenever we introduce them.
disable screen capture and screenshots
Should criminals install remote control software (e.g. Teamviewer, Anydesk) on your phone, they won’t be able to see your passwords, account balance, transfer history or take over your account in the mobile app.
download the mBank app from an official app store (Google Play, App Store, AppGallery)
Apps downloaded from unknown sources pose a threat to your money and data.
enable the CyberRescue service
You will get up-to-date information on current online threats and have free, 24/7 support from security experts who can answer your questions and provide support on how to stay safe online.
note
The list of recommendations may differ depending on your phone model.
how to know if you’re talking to an mBank employee
If our consultant or advisor calls you, they will send you a notification in the mobile app to confirm your identity instead of asking you to provide your personal data. This way, you can be sure that you’re talking to a bank employee and not to a criminal pretending to be one. When you confirm the notification, we will know that we have reached you.
note
We do not send text messages to confirm that we are calling you from mBank. You will only receive such a confirmation in the mobile app after logging in. If you don’t have the app or don’t use the mobile authorisation, you can confirm your identity during a call as you’ve done it before.
hint
If during a phone call from mBank, you want to make sure that you’re talking to an mBank employee and not to a criminal, ask the caller to confirm the call in the mobile app.
what to do if you don’t get a notification in the app
If the person calling you claims to be an mBank employee, but:
you don’t get a notification in the app, or
they say that they can’t send you such a notification, e.g. due to technical problems.
disconnect as soon as possible to avoid being scammed.
secure mobile banking
Find out how to safely use the device on which you have the mobile app installed.
always block the phone screen – this way, unauthorised persons will not have access to your phone
use anti-malware software to protect yourself from malware
update the Android/IOS system to the latest version
do not click links from text messages or emails if you’re not sure if they come from a secure, trusted source
do not log in to the bank when using a public or unsecured Wi-Fi network
download mobile apps only from credible sources
list of official mBank apps
mBank
CompanyMobile
mBank Junior
mBank Giełda
mDM for Phone
mBank Token
mBank
CompanyMobile
mBank Junior
mBank Giełda
mDM for Phone
mBank Token
mBank
CompanyMobile
mBank Junior
mBank Giełda
mDM for Phone
mBank Token
mBank
CompanyMobile
mBank Junior
mBank Giełda
mDM for Phone
mBank Token
This is not an offer.
Please remember that mBank distributes its mobile app only in authorised app stores: App Store (Apple iOS), Google Play (Android) and AppGallery (Huawei). You should always use those app stores to download and update the mobile app as the apps available there bear digital certificates and undergo verification, which guarantees security. Do not download apps from untrusted sources! The latest version of the mobile app can be downloaded on devices with Android 7.0 or iOS 15.0 (or higher). Please read the privacy policy of mobile apps.
For detailed information about the CyberRescue service, read the Regulations on the CyberRescue Service https://www.mBank.pl/pdf/ind/uslugi/regulamin-swiadczenia-uslugi-cyberrescue.pdf. The CyberRescue service is provided by CyberRescue Sp. z o.o with its registered office in Warsaw. In order to conclude the Agreement, the Client has to accept and submit the Application via the Bank’s electronic banking system or by telephone through the agency of the Bank. To conclude the Agreement, the Client has to provide their data in the scope specified in the Privacy Policy.
The Agreement can be concluded if:
a. the Client accepts the statements required by the Bank and grants consent to the Bank disclosing to CyberRescue Sp. z o.o information about the client, including information covered by banking secrecy;
b. the Client reads the Regulations and accepts them.
Definitions of terms related to representative services connected with payment accounts covered by this material can be found at www.mBank.pl/slowniczek.