The Security Policy of Bankia establishes our customers' data protection as one of our top priorities. For this it adds high security standards to its applications and systems and it implements the most advanced protective measures in order to look after the confidentiality and integrity of the information.

  • All the information transmitted via the internet between the customer PC, mobile devices, digital tablets and applications owned by Bankia and our systems use the SSL-256 bit protocol. This encrypted protocol prevents a third party from accessing the above-mentioned information flow.
  • Use of a digital certificate issued by VeriSign, an international certification authority, guarantees that you are connected to Bankia. A digital certificate is a digital file protected by cryptographic techniques that guarantees identities on the internet.

VeriSign logo

  • Our computer systems are protected from the exterior by a system of firewalls, anti-virus and anti-intrusion software programmes, that avoid any attack and isolate the software environment.
  • At Bankia we carry out a constant monitoring of all applications and an immediate follow-up of incidences in our internet service.

Besides all of this, because of the changing technological environment in which we find ourselves, we are in an ongoing process of evolution of our electronic, physical and logical security techniques.

If you have any doubts about the security of Oficina Internet, Oficina Móvil or Bankia proprietary applications, don't hesitate to contact us at our Customer Service hotline 902 246 810 or via the form (PDF, 38.29 kB) available.



Below we offer a series of security tips that will help you browse and shop on the Internet with greater confidence and security:

1. Secure Internet browsing

  • When entering sensitive or personal data, verify that the website is secure, examine the type of connection (https:\\) and check that there is a padlock at the top of the web browser. You will find it on the left or the right depending on the type of web browser you use.
  • Protect your computer from potentially dangerous elements by installing an antivirus program, as well as a firewall that will safeguard you from possible intrusion threats on your devices. You are recommended to check periodically that these elements are updated with the latest available version.
  • Avoid downloads from unknown websites or suspicious emails. Many of the files we download can contain elements such as computer viruses that endanger our security.
  • When you download files, try and ensure that they are from reliable sites with a confirmed identity and it is always with your consent.
  • Avoid suspicious links, they are used to direct users to malicious sites. These links can be in emails, chat windows, advertising banners or messages on social media.
  • Never access websites that don't offer a certain degree of confidence.
  • Avoid entering personal data on unknown forms. It is good practice is to ensure that the domain is correct and that the protocol used is https; that way you can avoid phishing attacks.
  • Bankia will never request details of your accounts on any website or social media, and even less so your passwords.
  • If you make contracts through online mandates, ensure you do this securely by using an OTP to sign the contract.
  • Try not to enter sensitive or personal information using public computers on which you have no control over the programmes installed.
  • It is recommended to delete the temporary files from this type of computer before ending the session.
  • We also recommend you learn more about the subject and keep yourself updated via the National Institute of Cybersecurity website.

Logo of the Spanish National Cybersecurity Institute

2. Malware or malicious software prevention

Malicious software or malware is a term that includes all types of malicious programs or computer codes whose purpose is to damage a system, cause a malfunction or compile information illegally. Due to the proliferation of this kind of software, you need to take special care to prevent information loss and the malfunctioning of your devices.

It is important NOT to install software from unknown sources and only to browse reliable websites. Take these simple measures and you will avoid many types of threat.

You must have a reliable anti-virus on your device and keep it updated at all times.

3. Computer viruses

Computer viruses are programs designed to carry out actions in infected equipment without the user's knowledge or permission. There are different types of virus, but their common denominator is that they are generally propagated and disseminated via the Internet.

The following are the most common types of virus:

  • Trojan: designed to steal information or take the control of the infected equipment from another computer connected to the network.
  • Maggot: automatically sends information to other computers connected to the network. Usually spread by using mailing lists to infect other computers.
  • Logic bomb: programs that activate at a certain time and cause an anomaly in the infected equipment.
  • False rumours or hoaxes: emails containing false information designed to be forwarded to other computers with the of aim increasing the amount of false information on the internet.

4. Phishing

4.1 What is phishing?

Currently there are various techniques whose objective is to obtain customers' passwords in order to perpetrate all types of financial fraud.

The technique most commonly employed is referred to as "Phishing ", which consists in the sending of emails , in which customers are required to enter in their login details on a simulated Oficina Internet page.

Bankia will never ask you to give us a password in writing, by e-mail or by phone, and you must ignore this type of fraudulent communications.

In addition, Bankia's security team will take charge of handling possible cases of phishing, analysing them, determining how they work and objective and carrying out the necessary actions for the fraudulent website to be intervened.

Bankia collaborates with national and international organisations to streamline and improve intervention procedures of these phishing sites. For any clarification or assistance on this matter, you can contact our security team at the phone number 902 2 4 6 8 10.

On the following pages you will find detailed information on how to recognise Bankia's webpages, examples of fraudulent e-mails sent in the past and also advice and recommendations on how to avoid this and other types of Internet fraud.

4.2 How to recognise a fraudulent email

An email is received that contains a link to a website that looks the same as the official Bankia Oficina Internet website (company logo, style, language, corporate image). The e-mail received says that, because of the latest practices of financial fraud and to guarantee your security, you must introduce your personal access codes.

Ways to recognise a fake e-mail:

  • The email address from which the e-mail is sent is false.
  • It includes the logo of Oficina Internet, Oficina Internet Empresas or BankiaLink and the image of the transactional web portal, in order to achieve the corporate image of the company.
  • The language is sometimes incorrect and discordant, because of the use of language translator programs by the creators of the fraud.It is common to find misspellings and incorrectly constructed sentences.
  • The aim is to convince the user by stating that due to the existence of financial frauds it is necessary for the customer to verify their personal access codes.
  • The e-mail introduces three fields in which the user has to enter their personal codes (identifier, password and signature) or a link to a fictitious page of the Oficina Internet, Oficina Internet Empresas or the Oficinas Móviles (website versions).. A fake page is easily recognisable because it does not have the following security parameters which make Bankia's various Internet Offices secure pages.

The addresses of the pages of Bankia's various Internet Offices must always be the following:

Oficina Internet:
Oficina Internet Empresas:
Oficina Móvil (website version):
Oficina Móvil Empresas (web version)

Pay special attention to those starting with https://, where the letter “s” indicates a secure or trustworthy site. In fake e-mails, the simulated page does not have the letter “s” at the beginning of the address, just after “http”.

There must be a padlock symbol in the top left or right corner of the screen (depending on the web browser), alongside the address bar.

Clicking twice on the padlock opens an information chart with details of the security certificate, the certifying authority and details of the connection.

4.3 How to distinguish a Bankia website

The different Internet branch websites (Oficina Internet, Oficina Internet Empresas, Oficina Móvil and Oficina Móvil Empresas) must always be the following:

Oficina Internet: Example url
Oficina Internet Empresas: Example url
Oficina Móvil (website version): Example url
Oficina Móvil Empresas (version website): Example url

Pay special attention to those they start with https://, where the letter “s” means it is a secured site.

  • The way of recognising that you are accessing a secure website is via the dialogue box which shows a padlock symbol in the top left or right corner of the screen (depending on the web browser).
  • If you double click on the padlock a chart of information is opened with details of the certificate, that it allows checking the following thing:
    • Term of application and validity.
    • Verify that you are connected to the Bankia server.
    • Check that the Bankia name appears in the Details section (Subject field, register O = Bankia) on the certificate.
      Check that the certificate is issued by Symantec and belongs to the class V3 ( Ref. LIABILITY LTD. (c) 97 Verisign).
    • The contact phone number must always be 902 2 4 6 8 10.

5. Phishing examples and characteristics

Below we show you an example of a fraudulent email sent in the name of Bankia to our customers. It concerns the Oficina Internet and stands out for the following characteristics:

  • It includes the Oficina Internet logo and photographs of the website, in order to achieve the corporate image of the company.
  • The wording is often incorrect and incongruous due to the use of automatic translation tools by the fraudsters.It is common to find misspellings and poorly constructed sentences.
  • It contains a link to a page that simulates Bankia's Oficina Internet in which the user is asked to enter their access codes.
  • The fictitious page to which it links does not have the following requirements that make the Oficina Internet a secure website:
    • The web address does not match that of Oficina Internet:
    • It does not appear the padlock does not appear in the top left-hand corner of the screen.
    • The contact phone number is not Bankia's one, which should always be: 902 2 4 6 8 10.

Fictitious page



Bankia Oficina Internet constitutes a secure service channel with which to carry out all your financial operations. We dedicate considerable investment and resources in equipping our systems with state-of-the-art security facilities, in order to protect the confidentiality and integrity of user data.

It is important, however, to follow the recommendations detailed below.

Safeguard your passwords

Keep your username and password secret. Do not tell anyone and do not keep a note of them in visible or easily accessible places, such as attached to the screen, keyboard, calendar, on the computer, etc.

Change your passwords regularly and always be aware of whether they may have been discovered by other persons. Do not use trivial or repetitive passwords that could be easily guessed for their simplicity or for their relation to you.

Remember that you must have a mobile phone number updated and registered in Bankia in order to receive the OTP and thus be able to validate your operations with full security. At Bankia, for further security when carrying out certain operations via the Oficina Internet, in addition to the electronic signature, you will be required to enter an additional validation password (called OTP or firmamóvil) that you will receive via SMS on your mobile phone.

Bankia will never ask you to give us your passwords in writing, by e-mail or by phone.

Proper identification of the Bankia website.

  • The Bankia website is easily identifiable by its corporate image. Users should also be sure to check that the URL begins with https://
  • As well as this, there is a way to univocally identify the site. The browser informs you that the connection is secure by means of a dialogue box, showing a padlock in the top left-hand or right-hand corner of the screen (depending on the browser), next to the address bar. If you click twice on this padlock, an information window will appear with details of the certificate which will permit you to check its validity and term and verify that this is connected to the Bankia server. You can also ensure that the name of Bankia appears in the Details section (Subject field, register O = Bankia) of the certificate. Example url
  • The Encryption is a process that ensures that all information sent can only be read by the user’s computer and the Bankia server, ensuring that third parties cannot view or save the information exchanged.
  • Before entering the website, ensure that the rest of your applications are closed.
  • Log out when you have completed your session with Oficina Internet and make sure you lock or turn off your computer when it is unattended.

Private computer

Do not access confidential information, such as Bankia Oficina Internet account details from public or non-trusted computers.



Online sales represent a high percentage of the total sales of the businesses that have made the move into Internet.

E-commerce has changed the scenario in which clients relate with businesses.

For all of these reasons, Bankia has a system to make online shopping secure.



The virtual POS, is a secure payment platform for making purchases safely on the Internet.

Computer keyboard with icon of purchase basket

Bankia cards - Security in any situation.

We want you to enjoy all the advantages your Bankia cards give you, safely.

Advice for Internet shopping

The details you are normally asked for are found on the front of your card:

  • Name of the holder
  • Card number(16 digits)
  • Expiry date

In addition, depending on the online merchant, you may be asked to provide (one or both details):

  • If it is Comercio Seguro (Verified by Visa or MasterCard SecureCode), one-time-use numerical password sent to your mobile phone. See the Authentication Service in online shopping (link). Businesses recommended by Bankia.
  • Other businesses: Card Verification Code (CVV). For Visa and MasterCard the CVV is 3 digits and is found on the back of the card, next to the space reserved for the signature. On American Express cards, the code is 4 digits and it appears on the face of the card.

What can you do to improve your security?

  • Do not divulge your PIN or any more personal details than necessary.
  • Do not enter your credit card number on websites where the objective is not a specific purchase.
  • Do not shop online if the information is not encrypted.Check that a padlock is shown on the upper left-hand side of the page.
  • Do not send details of your card (number, PIN or expiry date) by email or through any social media.
  • Check the transactions on your card to see if they are correct. Easy from Bankia Oficina Internet.
  • Keep your personal details updated in the Bankia database.
  • For internet transactions, only use your card to make purchases from trustworthy businesses.
  • Do not enter your credit card number on websites asking you for it without the clear purpose of performing a specific purchase by the customer.
  • Never reveal your password or PIN. Furthermore, do not provide more personal details than the mandatory basics.
  • Always verify that you are using Encryption to send information. To do this check that a padlock is shown at the top of the web browser.
  • Check your account balance with your Entity to ensure that all amounts charged match the purchases you have made and for the exact amount.
  • You can use iupay! to have a virtual wallet and not have to enter your card details every time you make a purchase. iupay logo