Secure online and mobile banking
Secure online and mobile banking
The N26 security model
Security for your account balance
The funds in your N26 account are covered by all of the statutory requirements, such as the German deposit protection scheme.
Maximum protection for your data
We attach great importance to protecting your data. We will never pass your data to third parties. We can make this a firm promise, thanks to the support we receive from external technology and data protection experts.
N26 uses an industry-standard security procedure called 2 factor authentication. And we’ve developed a clever way to implement it without requiring you to have 2 separate devices. We also utilize intelligent anti-fraud algorithms to protect your account.
Our three-tier security procedure guarantees advanced levels of technological security for your N26 account and your banking transactions. Security measures include verification of all your banking transactions via the smartphone associated with your account and your PIN number. You also need your personal user name and your password to gain access to your N26 account, just as you do with your existing bank accounts. Our security algorithm monitors authorization requests and immediately detects irregularities. In this way, phishing attempts can be identified and blocked.
Complete transparency for your account
Your N26 app will inform you within a split second of any movements to or from your account. This means you’ll always know what’s happening to your money and you’ll no longer need to check your statements at the end of the month.
Customized security settings
With our mobile app, you can choose your own settings and restrictions for your N26 Mastercard. With your one click you can select:
- Whether it can be used for payments abroad
- Whether it can be used for online payments
- Whether it can be used for withdrawing cash
If you’ve misplaced your card or for security reasons want to restrict all of your card’s functions, you can block and unblock the card with a simple click. If you report that your Mastercard has been stolen, it will be blocked right away and a new one sent out.
Our commitment to constant improvement
We now have a bug bounty program, a common security best practice used by the world’s largest digital companies like Google and Facebook. We’ll award prizes to security researchers who inform us about bugs or vulnerabilities, so that we can fix them before any damage can be done.
We have also been granted a 700.000€ subsidy by the Investitionsbank Berlin to accelerate our innovative research and development in credit card fraud prevention. Our technology is designed to detect potential fraudulent activity, block such activity, and notify users of the activity, all in real-time.
To foster continued innovation in security technology and to fund promising PhD students and their research in security-related fields, N26 is announcing a new “Future Security Innovators” program. Complete application details will be provided in late January 2017, with award recipients to be announced and grants provided during the 2017 summer semester.
Bug Bounty Program
Security has the highest priority at N26 and we are continuously working to provide secure products. We follow international standards as defined by leading tech companies and security communities. However, no technology is perfect, and N26 believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you find a security bug in our API, website, web app or either of our mobile apps, we would really appreciate it if you would report this to us. This way, we can further improve the security and reliability of N26.
Before attempting anything, reporting a security bug or joining our program please be aware that testing our environment can be designated as a criminal act by the relevant authorities if you are violating German law or any other law. Please be aware that our rules do not supersede any applicable laws. However, we will not report you to the authorities, if you abide by the rules we will provide you with, as long as we are not required to do so by applicable laws. You can request an invitation to our bug bounty program by sending an email with your HackerOne username or email to email@example.com. Rewards are granted at our discretion. Please do not send unencrypted reports to us.
Tips for secure Online Banking
Phishing – Be cautious about emails and fake internet sites
Phishing (from the word “Fishing”) referrers to attempts to gain your password or other login credentials through deceptive emails, text messages, or fake internet sites. Often the target is asked to click on a link which redirects to a fake website, which then asks for sensitive personal information. Often the fake site is designed to look similar to a real bank or other well-known site. Once the personal information is collected, it can be used by criminals to log into real sites.
Never click on links in emails or text messages which seem suspicious. Neither N26 nor any other reputable bank will ever ask you for your password, PIN or TANs by email or text message. Klicke daher auf keinen Link in E-Mails oder SMS die dir verdächtig vorkommen. If you’re in doubt, please contact customer support.
Take care to type internet website addresses correctly, without errors. Criminals often operate websites named for well-known sites, but with small typos. The sites often look like the originals, and are solely designed to capture your password, TAN, PIN, or other sensitive information.
It’s also important not to enter personal information on a website which starts with a normal „http://“-address. Instead, always look for a secure „https://“-address in your browser window. Such secure sites will also be indicated in your browser with a small lock symbol. All N26 websites and web services use a secure connection – from our homepage https://n26.com/to our online banking pages https://my.n26.com/.
Keep your computer up to date with anti-virus programs and a firewall. That will help prevent the installation of malicious programs (known as Malware or Trojans) on your computer. Such programs are designed to collect information and re-use it for possible criminal purposes.
Pharming – An extension of Phishing
Classic phishing, involving having a user click on a link, has been further developed into a method called pharming. Malicious software can change the settings on a computer in a way that can redirect web traffic to a fake site, even when a correct website address is entered. Criminals then collect sensitive information from the fake site. Protect your computer, as we’ve recommended, with up-to-date anti-virus software and by activating your firewall.
Don’t write down your password and PIN
A secure password should ideally contain capital and small letters, numbers and at least one “special character” (like !@#$%). It should also be at least 6 characters long.
Please don’t store your password or PIN for N26 (or any other financial institution) directly on your computer. In case your computer was misplaced or fell into a hacker’s hands, your password could be compromised and re-used.
Computers with public access
For security purposes, avoid using “public access” computers (such as in internet cafes, hostels or copy shops) for secure transactions. These computers are particularly susceptible to malware.
Private and public WIFI
Be sure that the WIFI you use for any bank connection is secured with so-called WPA 2 security. The former WEP (Wired Equivalent Privacy) standard is outdated and no longer considered secure. Without using the newest standard, cyber criminals could intercept your internet connection and compromise your personal data.
If you use public WIFI networks, there’s a higher risk that your online banking data could be compromised. Alternatively, you can use mobile banking without WIFI (using your phone’s traditional cell service).
Regularly check your account’s activity. Respond immediately if you notice any unusual account movements. If you still use a traditional bank, you can call their hotline to block your account, or outside of business hours, call 116 116. Note that traditional banks often charge a fee to block your account.
With the N26 app you can track your account’s movements in real-time, and you’ll receive a push notification for each transaction. You can block (or unblock) your account at any time, right in the app.
Tips for secure mobile banking
The term “mobile banking” includes bank transactions carried out via a mobile browser or using mobile apps. One in seven smartphone users in Germany has already activated banking services on their smartphone.*
Mobile banking apps fall into two different categories. The first includes mobile apps specific to particular banks, such as the Sparkasse group or Deutsche Bank. In most of these, the mobile apps provided by the banks are lagging behind users’ expectations.*
The second category consists of modern banking apps, which you can use to manage your bank account in real time. The disadvantage here is that you have to share the access details for your bank account with the app provider. Especially with a banking app that provides complete access to your bank account, you should make sure you read users’ reviews of the app before you start to use it.
For today’s generation of smartphone users, the N26 mobile app combines the security of a German bank account with the very latest mobile banking functionality.
As far as security is concerned, there are no major differences between the security requirements for mobile banking and those for online banking. Nevertheless, you should still take into account our additional recommendations so that you can access your mobile banking services securely.
Locking the screen
You should make your smartphone screen more secure with the aid of a lock code, a pattern or a fingerprint. This will help you to increase the protection for your banking app, especially if you lose your smartphone.
Mobile operating system
We recommend that you regularly update the software on your smartphone. Often known safety defects of the smartphone are resolved by means of manufacturer updates.
We would also advise Android users to install virus protection, as apps can also be downloaded from sources other than the official Google Play store.
Mobile banking apps update
Make sure you download banking apps, and any other apps for that matter, only from the official manufacturers’ stores (such as the App Store or Play Store). Be suspicious of any new unfamiliar apps. In some cases they can contain malware and facilitate access to sensitive details.
Also, check regularly whether your banking app is fully up to date. Outdated versions of a banking app can also include outdated security mechanisms.
WiFi and Bluetooth
We recommend that you disable publicly accessible WiFi connections and your device’s Bluetooth function before you make a mobile connection to your bank. Even if you are using a private WiFi network, you should check that it’s secured by the WPA2 system.
Password, PINs and transaction authorization numbers
Never save any bank-related passwords, user names, PINs or transaction authorization numbers (TANs) on your smartphone. If your phone is lost or becomes infected with malware, this will increase your risk of falling prey to cyber criminals.
You should avoid using the “mobile TAN” (“mTAN”) procedure for your mobile banking. The “mTAN” system (sometimes also known as “SMS-TAN” in Germany) refers to the sending, by your bank, of a transaction code that you then use to approve a particular transaction. This procedure is not secure as the text messages is sent to the same device that’s being used for the banking transaction itself.
You can find out more in the next section on the N26 security model.