Security rules
Keep the computer safe
Make sure the computer you use to log onto the GOonline Biznes system is secured as recommended by the operating system manufacturer. Install legal software only. Install all enhancements and patches recommended by the software manufacturer. Use the regularly updated operating system and Internet browser and anti-virus programs with up-to-date AntiVirus base and, if possible, firewall software or tools. Try to avoid using publicly available computers, in cyber cafes for instance. Such computers are generally not sufficiently secure.

Why is it so important? If an unknown program operates on your computer, it may track connections with the bank, collect passwords you enter, steal your files and even modify the data you enter.
Check website address
Enter the electronic banking website by typing its full address, or use the service link at the bank's websites. Do not use references placed in e-mails or on other websites unless you can absolutely trust them.

Why is it so important? One of the password stealing techniques is to provide the website that appears identical to the bank's website. To encourage you to visit that website, you may receive emails in which you will be requested to log onto the provided address to verify data. The address provided in such emails can be very similar to the genuine address, and so many people may be easily misled in this way. Having the custom to check the website address, you may prevent such fraud attempts.
Check whether the SSL protocol is used
Check whether the connection between your computer and the bank's server is encrypted. In this situation, the address starts with https://

Why is it so important? If data is sent through an unencrypted connection (without using the SSL protocol) it can be intercepted while being sent over Internet. GOonline Biznes connections are always encrypted.
Do not share your logging keys or passwords
If you log on using a masked password, remember that the bank never needs your entire password, unless to change it to the new password. When logging, provide the requested password characters only.

If you log on using your digital signature (e-signature), do not give access neither to your USB cryptographic device and smart card where you store your keys, nor to your PIN code.

Why is it so important? It happens that frauds ask the bank customers to enter their passwords for verification. This way they acquire customer passwords which could be used to access the customer accounts.
Verify the bank certificate
Check whether you are really connecting to the BNP Paribas Bank Polska S.A. server. This is possible by verifying the certificate always before logging onto the system. To do so, click the secure lock icon that appears after entering the GOonline Biznes address in the browser. This icon always appears when you access an encrypted website - the one that starts with https://

In Internet Explorer or Mozilla Firefox, the yellow secure lock icon will appear at the bottom right side of the screen, on the status bar.

After clicking the icon or identity certificate sign, a window with certificate information will appear. Check if:
  • the certificate has been issued for,
  • certificate validity has not ended,
  • certificate has been issued by VeriSign, trusted certification authority.
Why is it so important? Certificate verification allows you to check the authenticity of the server you attempt to connect to. Thus you will avoid connecting to a website which pretends to be your bank's server for the purpose of intercepting your passwords for instance.
Check the image
One of the website graphic features is the image displayed in the upper right corner (in the selector for changing the profile/Customer). Change the default image into another available in the system. To do so, select the My profile -> 'Main setings' function.

Why is it so important? If the image displayed is not the one you have selected it may mean that the website you are reviewing is not the genuine bank's website. This mechanism enables to verify whether you really connected to the BNP Paribas Bank Polska S.A. server. Remember, however, that the image verification should not be used instead of the server certificate's verification.
Check logging dates
After logging to the service, check the last logging dates, both the successful and the unsuccessful attempts. The data may be checked in the right top corner of your browser, in the selector for changing the profile/Customer. If the dates are different from what you remember to be, this should arouse your concern.

Why is it so important? If the last logging date is different from what you remember to be, it probably means that someone accessed your account. Unsuccessful logging attempts unrelated to your actions may show that someone is trying to crack your password.
Log off the service.
When you finish using the electronic banking service, always log off the website.

Why is it so important? When you log onto the service you start a session. If the session is not closed, someone might use it to make operations on your bank account.