Authentication tools and security

Internet Bank and Mobile Bank access options

  • We advise you to have several authentication solutions so you can always access our banking services.
  • The most convenient option is Smart ID and you can obtain it in the comfort of your home. Simply download the Smart ID app on your smartphone and activate the service using your ID card or Mobile ID.

Choose the right solution for using the Internet and Mobile Bank

Smart ID

We recommend it!

Mobile ID

ID card

PIN calculator

From the age of 7 15 7 7
Internet Bank access
Mobile Bank access No
Consultation Centre access No
Electronic signature No
Issuing fee Free Free State fee

for a private person over 65 years of age (incl.) 7 €

for a private person up to 65 years of age 15 €

Monthly fee No About 1 euro No No
How to get it? Mobile network operator’s branches Police and Border Guard Board’s branches Swedbank’s branches

Smart ID is the most convenient solution for accessing the Internet Bank and the Mobile Bank. It is both secure and free of charge.

Adopting

  1. Download the Smart ID app.
  2. Create PIN 1 and PIN 2.
  3. Confirm registration with your ID card of Mobile ID.

Get Smart ID

NB! You can also get Smart ID at any of our branches – be sure to have ID card or passport.

To use this service you will need a smartphone or tablet with the downloaded Smart ID app. Internet access is required as well. The Smart ID app’s technical specifications are available on the Smart ID website.

Technical support

Mobile ID is a secure way of accessing the Internet Bank and the Mobile Bank. This solution also allows you to digitally sign documents.

Adopting

  1. Contact your mobile network operator to get a special SIM.
  2. Mobile ID must be activated with the ID card on the following website: politsei.ee.

To use the service you will need a mobile phone with that special SIM inserted and network coverage.

Technical support

  • ID helpline +372 666 8888
  • Suspension of certificates +372 677 3377 or 1777
  • www.id.ee

Use your ID card to securely access the Internet Bank and digitally sign documents. In addition to this we advise you to obtain Smart ID or another authentication solution to ensure that you can access the Mobile Bank and confirm your identity when calling our consultation centre.

Adopting

  1. ID cards are issued by the Police and Border Guard Board.
  2. Passwords are issued for electronic usage.

You will need your ID card with those passwords and an ID card reader. The corresponding ID card software must be installed on your computer.

Tehniline tugi

  • ID helpline +372 666 8888
  • Suspension of certificates +372 677 3377 or 1777
  • www.id.ee

The PIN calculator is a secure solution for accessing the Internet Bank and the Mobile Bank.

Adopting

  1. Get your PIN calculator at any Swedbank branch.
  2. When activating the PIN calculator you will choose a code for subsequent usage.

PIN calculator user instructions

Technical support

What to do in emergencies?

If you've lost your Internet Banking access codes or your access credentials are compromised, do not hesitate and call us at any time (since our services are available round-the-clock). The Bank will immediately block access to your Internet Banking user account, and no one else will be able to access money in your bank account(s) with our Bank.

  • Private clients Consultation Centre: 613 2222
  • Business clients Consultation Centre: 6 310 310

User rights

In our Internet Banking facility, you can use a number of accounts or select a single account to be used. You can set the use mode for every user and account, limiting the rights of users, e.g. only permitting viewing account information, whereas payments cannot be made.

A company can assign different user rights based on its needs which are divided into profiles: preparation of payments, information, payments and all services (information, payments and agreement concluding). An additional option for payments is double acceptance: another user who has the right to make payments from the same account must always approve payments made by a user if they exceed the amount set by the company.

User limits

You can set daily and monthly limits individually for every user and account. Choose daily and monthly limits that suit your needs and/or the needs of your company. Limits are user-specific, not applicable for every single account.

Call-approval limits

You can set limits for call approvals for outgoing payments. If it is exceeded, a bank employee will call the specified contact person and ask for an approval of the payment and its details. Alternatively, your company's representative can call the bank's customer service line and approve the payment upon authorization. Additional approval of the payment will be made by phone. It means that the bank will not execute any payments that exceed the approval limits without approval by the client.

The bank will call you back on weekdays from 9:00 to 18:00. If the employee fails to get in touch with the client, they will try again during the banking day; if they don't succeed, they will try on the next day. If the client is not reached by phone, the payment will be cancelled.

Use the SMS Banking features

Set up being notified by a text messages in case of exceeding outgoing payments and you will receive an SMS alert every time when an outgoing payment exceeds the limit set by you. This way, you will be always up-to-date with your finances or those of your company at any place and time just by the text message.

Browsing session expiration

If you're idle on the Internet Banking site for 5 minutes, you will be prompted to enter the password to continue your Internet Banking session. Time limits protect you in case you forget to log off from the Internet Banking site when leaving the computer.

Session certificate

All Internet Banking data traffic is encrypted.

Internet Banking site certificate

Before starting to enter your log-in credentials, make sure that you have the right URL entered in your Internet browser address bar. The connection must be encrypted and you can see it in the address bar which should begin with https://...security icon Also, an icon security icon is visible at the bottom of the internet browser's window. The icon is a sign of Verisign certificate.

IT vulnerability reports

It is important for us at Swedbank that our customers can feel safe and secure when doing business with us. We have therefore a structured approach to security in all of our development and management of systems and constantly strive to achieve the highest possible security and quality. Despite this, an error may slip by. If you have found a security flaw, we would like to hear more about it to be able to correct the problem as soon as possible.

How do you report?

Send an email to us at responsible-disclosure@swedbank.com. We prefer that you use our public PGP key to protect the information you send over. Make sure to have included the following information

  • Detailed description of the vulnerability containing such info as URL and type of vulnerability.
  • The necessary information that we need in order to reproduce the problem.
  • If applicable, a screenshot of the vulnerability you have found.
  • Contact information, name, email, phone number, and your public PGP key (if you have one).

What can you report?

You can report security flaws that you have found in any of our services. Examples of security flaws are cross-site scripting, flaws in encryption or flaws with security implications in logic controls. The reporting service is not for other logical errors, errors in texts, questions about our services, questions about the security of our services or similar.

What can you expect of Swedbank?

We will confirm that we have received your description, continuously keep you updated while we process the issue, and inform you when the issue is fixed. Claims for compensation as a condition for sending in a vulnerability is not accepted.

What is required of you?

It is important for both us and our clients' security that you follow good practice, i.e. that:

  • You do not use the vulnerability to access or attempt to access information that does not belong to you;
  • You do not use the vulnerability to remove or modify information;
  • You do not affect the availability of our services through denial of service attacks;
  • You give us an opportunity to fix the reported vulnerability before going public with it.

Can you file a report anonymously?

Yes, but then we cannot respond back and keep you updated on the status

PGP key

PGP key
Key ID: 0x0AD6CCAF
Fingerprint: 2D14 4030 6D4B 68C3 F286 3AC6 333B E8E4 0AD6 CCAF

Suspicious e-mails or calls. Be cautious and on your guard!

Sometimes you may receive phone calls or letters allegedly from 'bank employees' or other 'officials' asking you to reveal your secret codes. As a general rule such phishing is designed to trick somebody into disclosing their bank or credit card information by sending fraudulent e-mails purporting to be from a bank, Internet service provider, etc. asking for verification of account numbers or passwords.

  • Internet banking users must not disclose secret internet bank codes information to anybody even if threatened or promised substantial financial reward for it.
  • Internet banking users are encouraged to call the bank and inform it of any suspicious e-mails or phone calls asking them to supply or confirm information concerning their secret internet banking access codes.
  • Internet banking users must not click on links contained in suspicious e-mails, open any attachments or reply to them.
  • Swedbank never sends e-mails asking to provide your user ID, passwords or code card numbers, or any links to websites where any of your data have to be entered.
  • Swedbank never sends any e-mails asking to install additional software to improve Internet banking usability.

If you suffered something similar please report incident to the bank phishing@swedbank.ee.

Safe browsing

  • Threat suspicious files with caution and do not open them. Do not open files from anyone you don't know or if you are not convinced that it is safe to do so. Also be wary of suspicious files from people you know - they may be infected and the file in question may be a virus or spyware. Most often viruses are contained in files with the extensions .exe, .com, .bat, .vb, .vbs, .js, .scr and .pif.
    Viruses may also be present in Microsoft Office documents, so it is well worth to exercise caution when opening them and to select 'No' when Word asks if you want to run a macro (program script).
  • When you finish your Internet banking session, log off (by clicking on “Exit") and close your Internet browser (by clicking on “X" sign). This is obligatory even if you leave your computer unattended for a little while. By following this advice, you will protect yourself against your computer (and your bank accounts) being accessed by other persons.
  • If possible, avoid banking online at public places (Internet cafes, libraries etc.) However, if you must do so, always make sure that you close the browser after banking online and change your login password as soon as possible.
  • Do not log in to your computer using a user profile with administrator rights in your day-to-day work.
  • Turn your computer off when you don't use it. Nobody can hack a computer which is offline.

Protect your internet bank access codes

  • Do not, under any circumstances, share details of your secret internet banking codes with other persons, including your family members, friends or the Bank's employees. If you want your family members to manage money in your bank account(s) with Swedbank, ask the Bank to issue internet banking access codes to your selected persons too. Remember that all internet banking login details (user ID, codes, passwords, etc.) are essentially the key to accessing your money.
  • Never send internet banking access details via email.
  • Do not store your password or PIN together with the security token.
  • Your PIN should not coincide with any part of your phone number. Avoid choosing a PIN resembling dates.
  • Change your PIN immediately if you suspect that other person might have accessed your internet banking credentials.

Keep an eye on the movement of finances in your account

  • Keep track of transactions in your account on a regular basis.

Use free online virus scanners to verify that your computer is safe:

http://housecall.trendmicro.com/
http://www.kaspersky.com/security-scan
http://home.mcafee.com/downloads/free-virus-scan

We recommend the following safety measures on computers used for Internet Banking:

  • Install Antivirus software and configure it to automatic update of the virus definitions database (at least one auto-update per day).
  • Install and turn on the local firewall. It should be configured so that it prevents connections from the Internet to your computer.
  • Regularly download and install security updates for all software installed in your computer.
  • Use the latest browser and operating system available.
  • Turn on automatic updates for all software.
  • Set your browser to block pop-ups.

We recommend the following safety measures on mobile devices (smartphones and tablets) used for Internet Banking:

  • Download and install applications only from trusted sources such as the App Store on the iPhone and iPod touch or Google Play on your AndroidTM device or Windows Phone apps store.
  • Do not root or jailbreak your mobile device to get around limitations set by your carrier or device manufacturer. It will remove protections built into the device to defend against mobile threats.
  • Configure your mobile device to automatically download and install updates for all software installed on it.
  • Use the latest browser and operating system available.

If someone else does your bank transactions

  • Any means of authentication is issued to one particular person and for the sake of security it cannot be passed on for usage to a family member or friend.
  • You should bear in mind that such a means of authentication provides access not only to the banking services, but to a wide range of other e-services as well (taxation authorities and so on).
  • If you want someone else to do your bank transactions, you can visit a bank branch to formalise authorisation enabling that person to use your bank account, also setting any restrictions that you wish to impose on access to any of your bank accounts and transaction limits within which the authorised person will be able to operate. The authorised person will be using personal passwords issued in their name.