secure online banking

type of client

how to log in

how to use safely

how to recognize mBank website

questions and answers

how to securely log in to your bank account

how to securely use the online banking on your computer

follow the security rules

do not log in to your bank account when using a public or unsecured Wi-Fi network
remember to log out when you leave your computer unattended
regularly update computer software and use anti-malware software
do not use search engines (Google, Yahoo, Bing and others) to access the login page – the search results may redirect you to wrong or fake websites
always type the bank’s URL directly into your browser (into the address bar at the top of the window)

protect your data

never disclose your client ID or password to your bank account to third parties; do not do it also when you are not sure if the mBank’s website you are on is authentic (for example, when you receive a link to the login page by email, text message or a messaging app)
make sure no one sees your login and password when you enter them
do not write your credentials down anywhere (e.g. your mobile app PIN)
use strong passwords

follow the security rules

do not log in to your bank account when using a public or unsecured Wi-Fi network
remember to log out when you leave your computer unattended
regularly update computer software and use anti-malware software
do not use search engines (Google, Yahoo, Bing and others) to access the login page – the search results may redirect you to wrong or fake websites
always type the bank’s URL directly into your browser (into the address bar at the top of the window)

protect your data

never disclose your client ID or password to your bank account to third parties; do not do it also when you are not sure if the mBank’s website you are on is authentic (for example, when you receive a link to the login page by email, text message or a messaging app)
make sure no one sees your login and password when you enter them
do not write your credentials down anywhere (e.g. your mobile app PIN)
use strong passwords

follow the security rules

do not log in to your bank account when using a public or unsecured Wi-Fi network
remember to log out when you leave your computer unattended
regularly update computer software and use anti-malware software
do not use search engines (Google, Yahoo, Bing and others) to access the login page – the search results may redirect you to wrong or fake websites
always type the bank’s URL directly into your browser (into the address bar at the top of the window)

protect your data

never disclose your client ID or password to your bank account to third parties; do not do it also when you are not sure if the mBank’s website you are on is authentic (for example, when you receive a link to the login page by email, text message or a messaging app)
make sure no one sees your login and password when you enter them
do not write your credentials down anywhere (e.g. your mobile app PIN)
use strong passwords

mobilna autoryzacja danych w aplikacji mobilnej oraz serwisie transakcyjnym

how to tell if the website you are on is an authentic mBank website

make sure the website’s URL starts with https://
check if your browser displays the correct URL:
- individual clients: https://www.mbank.pl/en/personal-banking
- business clients: https://www.mbank.pl/en/business
- private banking clients: https://www.mbank.pl/en/private-banking
- corporate clientshttps://www.mbank.pl/en/corporates

check for the encrypted connection icon in the browser window in front of the website’s URL:
- the tune icon in Chrome (click on it – if the Connection is secure message with a padlock icon is displayed, the connection is encrypted)
- the padlock icon in browsers other than Chrome
make sure the security certificate is correct – the certificate should be issued for mBank
make sure that there are no typos in the URL

Fraudsters very often make changes to the URL that are difficult to spot, e.g.

“a” is replaced by “á” • “r” and “n” are put together to look like “m”
the order of letters is changed, e.g. "mBnak” instead of “mBank”

Q&A

An SSL certificate is a confirmation that you are on the authentic mBank website. Once you have checked the SSL certificate details in your browser, pay attention to:

validity of the SSL certificate (especially whether it is still valid)
SHA-1 or SHA-256 fingerprint

SHA-1 certificate fingerprint of:
individual, private banking and business clients:

mBank's online banking available at https://online.mbank.pl should have the value: cf87a85a0012965c5fc1df253a287959ddf1b70a
mBank's application website available at https://form.mbank.pl should have the value: d06557fca0790670d69c13ad2cfe2c431b69e884
mBank's official website available at https://www.mbank.pl should have the value: 503407268bfad6a2a604d2f8df7d6aeff3b62401
mank's mTransfer website available at https://mtransfer.mbank.pl should have the value: 96ab490568f062c04dc68f6f7062ad4c6856e8fb
mBank's transfer website available at https://przelewy.mbank.pl should have the value: f362a94b7eb97e337fe7ed360912de6c5188e1c7

corporate clients

mBank CompanyNet website available at https://companynet.mbank.pl should have the value: 5C9F1E96289737A3955F6DBC8CD10A4F1BE9D910

SHA-256 certificate fingerprint of:

individual, private banking and business clients:

mBank's online banking available at https://online.mbank.pl should have the value: 71a85f40313e004ccdfd3e044a08807a521ab398394adb0dc774788b9866355d
mBank's application website available at https://form.mbank.pl should have the value: 3c95f21b990097c6de1a68ad04a3aaa4986abd9652523aed448b55cf315cc87c
mBank's official website available at https://www.mbank.pl should have the value: 412c9dd62a1f371f8fd2a5397b1e0a584c31722f48fe213a449c8f071a093a4a
mBank's mTransfer website available at https://mtransfer.mbank.pl should have the value: f8ce5eeccdff120a695335a471b20e932be4904cba69378a9d93ad519256878f
mBank's transfer website available at https://przelewy.mbank.pl should have the value: a1b915b899f383a86478606d2da7d452b33d617ea728e8729da96403a20e77f1

corporate clients

mBank CompanyNet website available at https://companynet.mbank.pl should have the value: e8d7800bbf7fdb6aa9d9feddd6d1df3f5f84dc22c77799664585d54b3ca9d9b4

How to display certificate details in a browser:

Chrome

Click on the tune icon next to the URL.
If the Connection is secure message is displayed, click on the message. Click on Certificate is valid to see the details.
Pay particular attention to the certificate fingerprints.

Press Ctrl + Shift + I or navigate to More Tools > Developer Tools in the menu.
Go to the Security tab and click on View certificate.
Pay particular attention to the digital fingerprints.

Firefox

Click on the padlock icon next to the URL.
Check if the certificate has been issued to mBank.
Scroll to the right by clicking on the Secure connection option and select More information. In the Security tab, click View certificate.
Check if the certificate is valid in the Fingerprints section.

Microsoft Edge

Click on the padlock icon next to the URL.
If the Connection is secure message is displayed, click on the message. Then select the certificate icon to check the details.
Pay particular attention to the fingerprints.

secure online banking

how to securely log in to your bank account

1go to mBank's website

2enter your user ID

3confirm login

how to securely use the online banking on your computer

follow the security rules

protect your data

follow the security rules

protect your data

follow the security rules

protect your data

how to tell if the website you are on is an authentic mBank website

Q&A

search results