Security

Important aspects relating to security

At BBVA we are aware of the need to guarantee security in the transmission of information between the bank and its customers. For this reason, we have the strictest security measures in place to guarantee confidentiality in the communications.

Always check that you are entering data in a secure page.

SECURITY GUIDELINES

Always check that you are entering data in a secure page.

It is important to follow the safety tips below when asked to provide personal data on the Internet:

1. Verify that the connection is via a secure server by checking one or more of the following:

  • By the address (URL) of the server, since a secure server begins with https and not http.

  • By an alert in your web browser, found in one of the lower corners of the screen: an entire key (instead of broken, as in any non-secure server) or a closed padlock (instead of open, as in any non-secure server).

2. Check the security certificates of the page:

  • To do this, click the padlock icon displayed in the lower right corner of your web browser when you access a secure area, and check that the expiry date and the certificate domain are valid. The detailed information contains the issuer, the validity period and for whom the certificate was issued.

In order for the following measures to be effective, the most up to date versions of the following web browsers must be used:

  • Internet Explorer 

  • Firefox

  • Chrome

Moreover, the website has been optimized to a screen resolution of 1280x800 pixels or higher, for better viewing.

SECURE SERVER

Transactional services operate on a secure server using SSL protocol (Secure Socket Layer), which is always activated when you log on to the service. The secure server transmits the encrypted information using 128-bit algorithms that make sure it is only intelligible for the customer's computer and the bank's server.

Using the SSL protocol guarantees:

  • That customers are communicating their data to the BBVA server center.

  • That all data is encrypted between the client and the BBVA server center, thus preventing their possible reading or manipulation by third parties.

ACCESS TO BBVA.ES

BBVA recommends that all its users follow these simple tips to ensure the maximum security of their sessions with our Remote Banking service.

To end the session in BBVAUK.com, you should always use the Disconnect button on the BBVAUK.com toolbar and click Accept on the following confirmation screen.   This securely ends your BBVAUK.com session. The next time you enter BBVAUK.com you will be asked to enter your user number and access password again.

If you fail to log off correctly, the server will not consider the session to have ended until a fixed period of time has elapsed (time-out), whereupon the connection is automatically ended. If you change internet pages without carrying out these steps, it will be possible to directly access the private session at BBVAUK.com without entering your passwords, until the period of time required for the automatic disconnection to be activated has passed.

CACHE

Your web browser cache lets you access websites you have recently visited almost instantly.

Sometimes, this feature can cause minor incidents in the correct operation of the pages. It may be that the latest version stored in your computer's cache is being displayed instead of the latest version stored in the website's server.

To avoid these drawbacks, we recommend that you mark the option of updating contents whenever you visit the page in the web browser, and regularly delete all the files found in your browser's cache folder.

SECURITY IN YOUR PASSWORDS

Advice

  • Don't communicate the passwords you use at BBVAUK.com to anybody.

  • The PIN and the access password must be different. This way, it will be harder for a third party to find them out or to guess them.

  • If you suspect that someone may have found out your access password, you must change it as soon as possible.

Storage of passwords on computers

  • Web browsers currently offer the possibility to save the passwords of the web sites that require them, with these passwords being stored in the memory of your computer. This practice, in spite of making it easier to access sites that require usernames and passwords, is completely unadvisable when what is being stored are passwords for your bank accounts or other services that, in the event of loss or theft, may cause serious harm to users

  • At BBVA we advise you to never save your passwords for our Remote Banking service on a computer. It can be the target of certain cyber attacks that can send the passwords to other computers connected to the Internet.

  • To erase the passwords stored on a computer, you need to follow a series of simple steps that you can consult in the web browser's support manual.

Prevention and detection of computer virus attacks

Computer viruses are programs intended to install themselves on a computer without the user's permission and/or knowledge. There are many types of viruses, although all of them tend to share the properties of propagating and spreading through the computer and over the internet.

It is easy to contribute unknowingly to the spread of viruses by forwarding emails with file attachments infected with a software virus. It is essential for all Internet users to work together to prevent the spread of computer viruses over the internet.

There are various types of files that can be infected with a virus; we advise you not to trust files with the extensions .exe, .com, or .bat and only execute on your personal computer files provided by fully reliable sources.

We recommend that you do not download to your computer any files that have not been checked and certified, and that you do not open any emails from unknown senders or unidentified recipients.

Precautions

  • Properly configure your system security and Internet connection security, and check the security level of connection often. Do not change your computer’s security settings unless you are sure of what you are doing. In that case, set up the computer and all its programs with the most secure levels allowed.

  • Keep your operating system, your web browser and the programs you use most often permanently updated.

  • Install a firewall and an antivirus program and keep them always up to date and activated.

  • Make regular backups of files.

  • If you use flat-rate connections (for example, ADSL and cable), turn off the computer when you end each session; this avoids exposing the computer to possible cyber attacks. 

  • Make sure that the websites where you are required to enter confidential information are secure sites: with the padlock and/or key icons starting with https.

  • Before selecting a link on a website, check that it will send you to the desired address. It is also common to include links in an email that appear to lead to a legitimate website but which, when examined more carefully, actually direct you to a website that has nothing to do with the company the message supposedly comes from. Even when the design of the website seems legitimate, remain alert.

  • Pay special attention and be extra careful when downloading programs: if in doubt, do not allow downloads from sites that are not fully trustworthy.

  • Configure your e-mail address to receive only messages in text format. Do not execute a file attachment directly from the email message from which it was sent; try save this file on the hard disk and in the event it is infected, the antivirus will detect it. Reject any files from chats or newsgroups that you have not requested previously. Encode the most important messages and files.

Symptoms of infected computers

Computer viruses are programs intended to install themselves on a computer without the user's permission and/or knowledge. There are many types of viruses, although all of them tend to share the properties of propagating and spreading through the computer and over the internet.

It is easy to contribute unknowingly to the spread of viruses by forwarding emails with file attachments infected with a software virus. It is essential for all Internet users to work together to prevent the spread of computer viruses over the internet.

There are various types of files that can be infected with a virus; we advise you not to trust files with the extensions .exe, .com, or .bat and only execute on your personal computer files provided by fully reliable sources.

We recommend that you do not download to your computer any files that have not been checked and certified, and that you do not open any emails from unknown senders or unidentified recipients.

DATA PROTECTION

At BBVA, we guarantee the protection of our customers' data.

The seal of the Electronic Certification Association (ACE) validates us as the first financial institution to adhere to its Ethical Code of Data Protection on the Internet.

The website of BBVA (Banco Bilbao Vizcaya Argentaria) in the United Kingdom, at www.bbvauk.com, does not automatically recognize any data referring to the identity of the visitors to its pages. In Remote Banking services, in order to ensure transaction security and confidentiality, users must first be identified and authenticated in the system, by requesting passwords. In cases where the user requests information about services or products or wishes to process a claim or report any incidents (by sending forms found on the BBVA website), in all cases it will be necessary to collect essential personal data in order to inform the user about their request or enquiry.

All of this data is transferred with absolute confidentiality and is not accessible to third parties for any purposes other than those for which it has been requested. Please forward any enquiries or personal comments intended for the exercise of the rights of access, cancellation, amendment and objection that are recognized by Law 15/99 on Personal Data Protection to: atencion.clientes@grupobbva.com, or in writing to BBVA Customer Service at the address BBVA Servicios de Atención al Cliente, Apdo. nº 1598 FD 28080 Madrid.