OTP Direkt

OTPdirekt - Internet Banking

Access your finances 24 hours a day. Get to know the OTPdirekt service

Statement by OTP Banka Slovensko, a.s. on security of provided services

OTP Banka Slovensko, a.s. has a long-standing tradition in the provision of banking services and continuous improvement of their quality, whereby security represents an important attribute of provided services.

Security of the electronic banking system in OTP Banka Slovensko, a.s. is guaranteed by the application of appropriate security measures (i.e. RSA 2048bit VeriSign Class 3 Extended Validation SSL Certificate). These measures include prevention and detection mechanisms designed to identify potential incidents. Compliance with security requirements is regularly controlled in security audits.

Special attention is paid to protection of personal data and bank secret data. The applied procedures and practices are used in compliance with the legal requirements in the Slovak Republic and with best practices in the field of security of data processed and transmitted between the client and the bank.

Clients are involved in the decision-making concerning protection of their data and quality of provided services. Several types of authentication and authorisation of transactions are available, depending on the requested security level (GRID card, SMS key, one-time passwords generator). In case of suspected disclosure of authentication data (identification number and password), we recommend to change the password immediately and/or to block access to the account. In case of loss or possible misuse of authentication devices, we recommend to block the account immediately through the Call Centre on the phone number 0850 111 222 (from abroad call +421 2 5720 5080).

Security recommendations for clients

In order to secure the use of Internet-banking services, OTP Banka Slovensko, a.s has implemented a whole range of security measures. However, security level of this service largely depends on security of clients’ devices as well as on clients’ behaviour.

Attacks aimed at eliciting personal data or access codes (password, PIN, credit card numbers, etc.) from the banks’ clients have recently increased in number. Attackers try to acquire this data for example via e-mails sent to clients on behalf of the bank, or by redirecting the clients to a fake web site which is seemingly identical with the web site of the bank and which requires the entering of access data.

To achieve the highest level of security we recommend the clients to follow the below rules:

  • use electronic banking services via Internet only by means of communication devices equipped with an antivirus programme with a regularly updated database (protection from viruses, harmful codes, Trojan horses, etc.) and firewall (provides protection from unauthorised access from Internet, among others),
  • use anti-spyware and anti-adware applications,
  • apply updates and security patches for the operational system and Internet browser used by the client,
  • if possible, set the security of Internet browser to the highest level,
  • select and configure security components in a professional manner,
  • avoid accessing the electronic banking system from public access points such as Internet cafés, unsecured public networks, unknown computers, etc.,
  • avoid opening of web sites by clicking on hyperlinks sent in e-mails on behalf of the bank, as well as disclosing of personal data by e-mail or phone. The bank never addresses its clients in this manner and never uses these channels to request their access data,
  • avoid opening of attachments sent as SPAM,
  • avoid installing of unknown software from web sites or sent by e-mail,
  • protect your own access data and authorisation tools from abuse,
  • if using Internet banking, before filling out requested access data (PID, password) the client should verify whether the communication is indeed carried out between the client’s communication device and the bank’s server by checking the address in the browser, which should look as follows: https://otpdirekt.otpbanka.sk, or by checking the certificate issued to OTP Banka Slovensko, a.s. by Verisign certification authority (by double clicking on the lock in the bottom part of the browser). In case the address differs from the above-mentioned one, or the certificate is invalid, or is not issued to OTP Banka Slovensko by Verisign certification authority, it is necessary to terminate the session immediately.

OTP Banka Slovensko, a.s. cannot ensure security of clients’ communication devices. Therefore, in case data integrity is violated or an error in transactions is caused by insufficient security of these devices (e.g. due to harmful programme interference), or by non-compliance with security rules on the clients’ part, the bank cannot be held liable.

The Bank never ask its clients to disclose access data or multiple authorisation data at the same time (e.g. several fields of GRID card at single transaction verification or login, etc.).

In case of suspected data misuse, it should immediately be reported to the bank (at any bank branch or via Call Center at 0850 111 222 (from abroad call +421 2 5720 5080)). The bank will block and invalidate all necessary access data and security instruments. Following the investigation of the case, the client may be issued new security tools.