One of PKO Bank Polski SA’s priorities is to set the highest security standards. Customer security in the process of using the Bank’s and the Group’s products primarily includes security of the funds of customers, as well as physical security of customers. The matter of security is regulated by the Security Policy and – in detail – the provisions regarding specific areas of security, i.e.:
- protection of people and property;
- IT System security;
- security incident management.
Security of customer funds
The activities of the Bank and appropriate entities of the Group related to ensuring the security of customer funds apply to both the assurance of security of the funds entrusted, as well as the funds invested with the use of the products offered. The initiatives implemented regarding the assurance of a stable and secure ICT infrastructure enabled the achievement of very high reliability indicators for the operation of the IT infrastructure applications in 2017.
Security of funds invested
The Bank makes every effort to ensure that the products offered to customers do not generate the risk of a loss of funds. This is particularly important for investment products. Therefore, within the framework of the obligations imposed by the MiFID Directive, the Bank informs customers before conducting a transaction on financial instruments as to whether the given product is suitable for them.
Security of entrusted deposits
With respect to deposit products, the main mechanism guaranteeing security of funds entrusted by customers is the stability of the financial result of the Bank and the other Group’s entities. An additional mechanism is the Bank’s involvement in the obligatory deposit guarantee system, operating under the Act on the Bank Guarantee Fund, the term deposit guarantee system and forced restructuring.
The security of customer funds is also guaranteed at the Bank by such procedural solutions which ensure the correct identification of the customer in every case of performance of his instructions.
Managing the risk of unauthorized access to customer funds through electronic banking
The most important threat identified by PKO Bank Polski SA and PKO TFI SA to the security of customers benefiting from the Group’s products are potential criminal activities of third parties targeted at customers using electronic channels of access to banking and investment services.
First, the Bank uses the latest ICT security solutions guaranteeing secure access to funds held by customers, while the Bank is constantly improving the quality of IT systems security, in particular, regarding the applications used by the Bank’s customers. This applies, among others to actively combating phishing websites pretending to be the Bank’s websites, tracking the development of malware attacking the Bank’s customers, developing mechanisms of detecting infected customer computers, improving the rules and extending the scope of monitoring of electronic transactions.
Second, the Bank attaches a great deal of importance to informing and raising customer awareness of the safe use of electronic banking services, as well as payment cards, as security in this respect depends to a large extent on the user’s actions. These activities include, in particular:
- mass educational campaigns, e.g. by initiating texts on the safe use of electronic banking (Bankomania magazine distributed in a paper version in over 1200 branches (i.e. in almost 2/3) and the educational portal www.bankomania.pkobp.pl);
- ongoing provision of responses and explanations to customer enquiries (e-mail, social media);
- ongoing provision by the mass media of the Bank’s position regarding false e-mails containing educational elements;
- ongoing response to other signals regarding threats;
- publication of information on the Bank’s website, in the transaction website and distributed to customers by e-mail on securely logging in and the principles of using electronic banking.
Since 2016, the Bank has been implementing its proprietary program Cyberstrażnik [Cyberguard], through which it monitors the internet for content disclosing personal data and warns internet users on making it public on the web.
The Cyberstrażnik message reached approximately 4 million internet users by the end of 2017.
The Bank was the first in Europe to start working with Microsoft, the objective of which is to raise the level of security by exchanging information on potential threats. The agreement facilitates a faster and more effective response to dangerous events appearing in the network. The cooperation was continued in 2017.
In addition, the Bank’s representatives are involved in work conducted as part of the Banking Cybersecurity Centre (BCC) operating within the framework of the Polish Bank Association. BCC’s objective is to implement comprehensive and long-term activities at several levels: intrasectoral, intersectoral (including cooperation with institutions from the telecommunications sector), national (cooperation with state administration and law enforcement agencies) and international, with the aim of increasing the level of mobile and electronic banking security and preparing tools (structures, procedures, information exchange mechanisms) enabling the management of crisis situations (e.g. in the event of a massive cybercriminal attack on the banking sector).
Physical security of customers
The Bank and the Group’s entities satisfy the postulate of assuring customers of top quality direct support at the branches, among others, by assuring appropriate standards of comfort and safety. The sites of the Group’s entities conducting retail operations, including the Bank, use state-of-the-art technical solutions in the area of physical security of customers and their funds, including physical protection and monitoring.
The Bank holds training for the employees of its branches and agencies named “Counteracting robberies and dealing with security threats”.
Being concerned about the safety of customers and employees, an obligatory first aid course was introduced at the Bank, as part of the health and safety training. In 2017 alone, 3,778 of the Bank’s employees were trained, including 2,041 employees of branches (i.e. 15% of all employees at the branches).