Banco Português de Gestão presents a set of information, recommendations and best practices that should be consulted and followed in order to minimize the risk of Internet browsing and unauthorized access to your bank accounts.
Protect your computer
Security vulnerabilities are often discovered in computer software, and software companies are making patches and security updates available. These vulnerabilities or security breaches can be exploited by viruses, malicious programs or hackers who want to access your computer. To avoid these problems, you should regularly update the operating system of your computer and your Internet browser.
It is recommended that you have antivirus software installed and updated as well as antispyware software to protect your computer from viruses and other malware.
Always use a firewall to protect your computer. The firewall prevents unauthorized remote access to your computer and prevents external attacks. Operating systems often have their own firewall that should be turned on, but you may also install a firewall from a credible security company. To help protect your computer, you can consult the Microsoft Security Center at http://www.microsoft.com/security/default.aspx.
Protect yourself from "phishing"
Phishing is a form of electronic fraud, characterized by the attempt to obtain various personal data, such as bank details, access codes, credit card numbers, or other data, through electronic messages such as electronic mail (email), sms messages, etc.
Phishing attempts most often occur through the sending of e-mail messages. Typically, a phishing email contains text (often misspelled) where you are asked to update data, confirm and/or change access codes or bank information. Most of the time this email comes with a link.
This link redirects you to a fake page that looks exactly the same as the actual bank page, which may include images and logo of the institution, or can even try to install malicious software. Often, email notifies the user that it should act quickly, otherwise its access to accounts will be inhibited or restricted. Do not open e-mail messages of unknown or dubious origin.
Never respond to any email that asks you to fill out personal, bank or confidential information, even if it comes from a source that seems credible. Never click on a link in an email that is supposed to take you to the BPG page.
You should never give third parties any bank details, personal data, access codes or any other type of information that allows access to your BPG accounts. Banco Português de Gestão never asks for bank details or access or security codes through email or other messages. Never click on a link to access the BPG page.
You should always write the complete address www.bpg.pt in the address bar of your browser. Do not use any bookmarks or history links to access the BPG page. Watch out for attachments to e-mail messages, even those that have been sent by known senders. Files with the extension .exe, .scr, .pif, .com, .vbs, or with double extension .jpg.exe, .doc.scr, etc. may install a virus on your computer.
Note that, by default, Windows usually hides known file extensions such as .doc, .exe, and so on. Disable this option.
Avoid installing unknown or suspect software on your personal computer. Do not access your bank accounts through public computers such as the computers of an Internet café, hotels, airports, etc., or through third-party computers.
Check your bank accounts frequently. If you notice any unusual banking activity, contact BPG immediately.
Always suspect emails with quick and easy profit offers, especially if they contain links. Never open these links and never make transfers to unknown recipients. Do not use your mobile phone to access your bank account.
Access to your bank account
Access to your bank account is done through the BPGNet channel. This access is only possible through an authentication that the banking client must do by entering in the Login box only two data: his Identification (User) and his PIN code (Password).
For security reasons, the PIN code is entered through a virtual keyboard. You should never choose a PIN code identical to the one you use with other banking services or Internet services.
Whenever you access BPGNet to your BPG bank accounts, the connection will be made securely, privately and encrypted with an address beginning with https://. This secure connection indication is confirmed by the appearance of an image with a padlock in the lower right corner of your browser window or at the top in the address bar. By clicking on the padlock, you can verify that you are on the access page to individuals (https://particulares.bpg.pt) or to companies (https://empresas.bpg.pt).
Your codes are personal and non-transferable. Never disclose your codes to third parties.Codes should be changed regularly and should be memorized and not written. Avoid using easy codes or include personal information in your access codes. Make sure you no one is looking when you are entering your personal code. Do not always use the same code for differentiated services.
Whenever you perform a banking operation, you may need to enter two coordinates of your confirmation key as well as a code sent by SMS. Please note the following: BPG never requests the full coordinates of your confirmation key. BPG never asks you to enter the coordinates of your confirmation key and your PIN code together. When leaving your bank session, always click on “End Session” and avoid to simply close the browser (browser). For security reasons, if at the end of a predetermined time your session does not show activity, it will be terminated automatically.
The files do not contain personal data, nor do they allow the identification of the user, and their sole purpose is to customize the navigation according to the preferences assessed. The user can prevent the generation of cookies and the installation of cookies on the computer’s disk using the tools provided by your browser.
The customer will not be able to access the BPGnet service if his browser does not accept cookies. Session cookies are used as an additional security measure, helping to prevent unauthorized access to online accounts. These cookies ensure that once terminated, the client session cannot be reactivated without a new authentication process occurring.