Pekao is withdrawing from scratch cards, PekaoToken applications and hardware tokens for authorization using a mobile application or codes sent via SMS.
Pekao changed the rules for verifying transactions in online banking on August 14. The existing methods have been replaced by authorization using the PeoPay mobile application or an SMS code.
Two ways of authorization in Pekao, which one to choose?
For those logging in to their account at the Pekao bank, there will be a surprise in the form of a message asking you to choose a new method of transaction verification. If we order a transfer in the PeoPay application, we actually don't have a choice. In the case of transfers for an amount greater than PLN 200, we will confirm them by SMS, others will be confirmed by entering the application PIN.
However, if we make banking operations through a browser, we have two methods to confirm our identity - rewriting the content of a paid SMS sent from the bank or logging in to the mobile application and confirming the payment in it. The bank itself recommends choosing authorization using PeoPay and encourages it by using paid SMSs. Although the application is not a great choice , it may actually be a better choice.
When it comes to confirmation via SMS, thieves around the world are getting better at phishing duplicate SIM cards from operators. A smart thief is too often able to obtain a duplicate of such a card without the knowledge or consent of its original owner. If they steal a smartphone from us, usually already at the first photogenic latte we realize that something has happened and we can react quickly by running to the bank branch. If you deactivate our SIM card and activate your duplicate, we may not understand for hours that something is wrong. Additionally, there are attacks on SS7 protocols operating in mobile networks.
Changing login methods to Pekao .
Bank customers are waiting not only for changes in the form of a new method of confirming transfers, but also in the way of logging into the company's online banking. Additional precautions will be taken when we log in to a new device every 90 days and when attempting to change sensitive information. It follows the PSD2 Directive, which comes into force on September 14, which imposes an obligation on banks to use strong authentication, i.e. to introduce a two-step verification method approved by the Union.
Thieves will probably like to take advantage of the changes introduced by the banks and the confusion related to it, so in the coming weeks it is worth to be extremely careful reading emails and messages allegedly coming from banks. If they raise any doubts, you can go to the nearest branch of the bank or call the phone number provided on its official website and verify that the author of the messages sent to us is certainly the bank, not a fraudster.
Bank Pekao changes the way transfers are verified. Customers have two methods to choose from