Security Measures on Digital Banking

Internet security is an essential objective that requires effort from both Internet users and the companies that offer services on the web.

Unicaja, aware of this, has taken all necessary measures to make its website a safe place to browse. Some of these actions are listed in the following points:

• Secure server hosting: All information exchanged between your computer and our web server is encrypted to prevent unauthorised third parties from accessing the information or intercepting communications between the customer and the bank. This encryption is based on the TLS protocol and uses 256-bit encryption keys.
• Advanced DNS: our server is set up so that telecommunications operators can detect phishing using the name of Unicaja Banco.
• Anti-phishing service: our permanent monitoring service detects attempted identify thefts even before they occur.
• Access to Digital Banking is made by entering a password to enter Digital Banking on a virtual keyboard. This system avoids the risk of information being captured by spy programs that record everything typed into a computer's traditional keyboard. Moreover, you will periodically be asked to input a security code sent to your mobile phone. Unicaja Banco also offers the option to identify yourself through DNIe, which is another way to access Digital Banking with full security; as well as using biometrics for access by Unicaja Móvil App.
  
• Access blocking, in the event that there are three failed attempts to enter a password.
• Transactions involving a movement of funds or modification of the initially agreed contractual conditions must be authorised by entering a code from your code card, which is also delivered to the holder when they sign the Remote Services agreement. This means that you will be required to enter a second variable code from the 64 on your code card, besides your password, for every operation. Furthermore, in order for certain transactions to have higher security, Digital Banking incorporates a simple procedure known as a two-step signature. When carrying out a more important transaction⁽¹⁾, we will send a text message to your mobile phone with a code that you must enter, in addition to the coordinates from your card, on the screen to confirm the transaction. This type of additional authentication by SMS is also used as a means of reinforcing access to Digital Banking.
• Entering the signature code: Unicaja Banco never asks you to enter the signature code, except once you have accessed the service (after identifying yourself) and to confirm all transactions.
• Automatic disconnection system, which disconnects you after a few minutes have passed without you doing anything.
• Date and time of the last connection, so that you can see whether there have been any connections that were not made by you
• Establishment of quantitative limits: you can establish limits that will block any transaction through Digital Banking that exceeds them. You must visit one of our branches to modify these limits.
• Blocking the service and transactions: For security reasons, Unicaja Banco may block both the service and certain transactions when it has reason to suspect that there is unauthorised or fraudulent activity. Unicaja Banco will inform you, by telephone or through the service itself, that you have been blocked and why, unblocking it once these issues have been resolved. Customers can ask Unicaja Banco to unblock the service by telephone or at a branch, depending on the circumstances surrounding the block
• The customer's normal behaviour is analysed: any transactions that may be unusual are analysed and if they seem suspicious you will be notified immediately.
• Blocking and unblocking procedure: In the event that your login details and/or code card are blocked, you must request their unblocking in person at our branches. If certain transactions are blocked for security reasons, you may ask Unicaja Banco to unblock them at our branches and/or by calling +34 952 07 62 63, depending on the circumstances surrounding the block.

Please don't forget that all these safeguards adopted by Unicaja are useless if they are not accompanied by a series of measures that customers must always apply.

The most important points are listed below:

• Use an anti-virus and anti-spyware system, updating it regularly, preferably automatically.
• The proliferation of computer viruses is becoming more common every day. Make sure you have a good anti-virus system and, most importantly, keep your virus detection systems permanently up to date. An anti-virus system can be useless if it does not have the means to detect the most recent viruses.
• Additionally, do not install software from unknown sources or browse websites that you do not trust.
• It is also helpful to have protection against "Spyware". You can use an anti-virus program that also protects you against "Spyware" or use a specific program for "Spyware".
• Update your browser and operating system with the security improvements provided by the manufacturers and always following their instructions.
• Improvements and new versions for browsers and operating systems appear regularly and these provide greater security when browsing and using the Internet.
• Read the manufacturers' recommendations for these products and update your browser and operating system in accordance with their instructions.
• You should never send your  login details for Digital Banking or any codes from your code cards by e-mail, telephone,  text message or any other means.  
• Unicaja Banco will not ask you to send confidential or personal data such as passwords, account numbers, card numbers, etc. by text message, e-mail or forms.
• Remember that Unicaja never sends e-mails or makes phone calls asking its customers for their user codes or passwords, or any other private information about the customer. The technique known as PHISHING is quite common. This consists of sending e-mails from fake addresses using the names of financial institutions. These e-mails ask customers to send their login details, or to click a link that will take them to a fraudulent website imitating and impersonating the real one, so that if they enter their login details there, criminals will have this information and and it may used for fraud.
• Your login details are personal and non-transferable. We  recommend that you change your password regularly to prevent access by third parties. Also remember to memorise it and avoid writing these login details on any physical support, especially one that is kept with your code card.
• Carefully store your code card so that it cannot be accessed by third parties. This card is the key that allows you to carry out transactions.
• Always access Unicaja Banco's website by entering the url https://www.unicajabanco.es directly into the address bar. Avoid accessing Digital Banking by using the "Favourites" feature on your browser, or through links found in e-mails and websites, unless they are from our Bank. Links to web services can easily be altered to connect you to other web services that are not actually those shown in the link itself.
• Always check that your connection to Digital Banking has been made correctly. A quick way to check the authenticity of the Unicaja website, to ensure you are not tricked by websites designed specifically to "capture data", is to double-click on the closed padlock that appears in your browser. This action will display the authentication certificate issued by DigiCert⁽²⁾, which guarantees the identity of our web service.

⁽¹⁾ An important transaction is any monetary transaction made through Digital Banking that, at Unicaja's discretion, requires two-step signature to provide it with greater security.

⁽²⁾ DigiCert is an internationally recognised Certification Authority for Internet web services.