• Keep your card in a safe place and separate from your PIN number.
• Protect the magnetic stripe on the back of the card from physical damage, moisture, radiation, and similar influences.
• Never leave your card unattended.
• Sign your new card as soon as you receive it and keep it in a safe place.
• Do not allow anyone else to use your card to carry out transactions.
• Check your card’s expiry date and contact the bank if your new card has not arrived on time.
• Immediately report a lost or stolen card.

• When you receive your PIN, memorize it and destroy the envelope.
• Do not write down your PIN number.
• When entering your PIN at an ATM or POS terminal, cover the keypad with your hand for greater security.
• Do not share your PIN with anyone, including bank employees or the police, and do not write it down in a way that makes it easily recognizable.
• Never enter your PIN over the phone.
• Do not allow others access to devices containing this information.
• Do not disclose login codes (one-time passwords – OTPs) and transaction authorization codes generated by mToken to anyone who contacts you.
• If you suspect that someone has learned your PIN, change it immediately.
• If you believe someone has used your card or may use it, contact the bank and the police as soon as possible.

• If you are not sure how to use an ATM, contact Bank staff or call our Contact Center at 19905 – we will be happy to provide you with all the necessary information and instructions.
• If you notice suspicious or inappropriate behavior in the surroundings, or any irregularities on the ATM (e.g. additional installed equipment), cancel the transaction.
• If the ATM does not return your card, immediately inform the nearest Bank branch or call our Contact Center at 19905.
• Do not attempt to remove suspicious devices from the ATM.
• Do not allow anyone to distract you while performing a transaction, even if they appear to be trying to help.
• When entering your PIN at the ATM, cover the keypad.

• Always keep your card in sight when making a transaction.
• If the POS terminal is not within reach, insist that the merchant processes the transaction only in your presence.
• Never leave your card unattended during a transaction.
• By entering your PIN (personal identification number) or signing the receipt, identification at the point of sale will be completed.
• The user must sign the receipt in the same way as the card and request a copy of the receipt for their records.
• Do not discard or leave transaction receipts in public places.
• Always check whether the displayed amount matches the amount that will be charged to your account.
• Keep the receipt and transaction confirmation, and carefully compare the amounts with those shown in your transaction statements.
• If you notice an unfamiliar transaction, contact the Bank immediately.

• If possible, use a mobile device or computer protected with the latest security software (antivirus and antispyware programs).
• Before sharing your card details online or over the phone, verify the credibility of the merchant. Carefully review the terms of business, including payment, delivery, complaints, and returns.
• Register for Verified by Visa or Mastercard SecureCode security services.
• Enter your card details only on secure websites – look for “https” at the beginning of the website address and a closed padlock icon next to the address bar (“s” stands for secure, not the usual “http”). Click the padlock and verify that the website address matches the company you intend to buy from.
• Do not enter card details on public or shared computers.
• Always log out after completing your purchase and keep the confirmation email as proof.

• Write down the bank’s emergency number in case you are traveling abroad.
• Take an additional card or another alternative payment method with you so you do not depend on a single card.
• Keep copies of receipts and, after returning home, carefully review your bank statement.

With the development of the internet, fraudsters have developed a new type of scam called Phishing, aimed at collecting your confidential data. Phishing is a form of social engineering involving fraud, where scammers send you messages via email, phone, SMS, or social networks. These messages appear to come from the Bank (they may include the Bank’s image, logo, and contact details).

Through these messages, scammers will ask you for confidential and personal data such as your bank account number, username and password, credit or debit card number, and PIN.

As a reason for requesting confidential data, scammers may claim:

– service improvement;
– system upgrade or security maintenance;
– account or payment verification;
– refund offers to your account.

Messages allegedly sent on behalf of Hipotekarna Bank often contain grammatical errors. Please read them carefully in order to more easily recognize attempts of brand misuse.

Most common phishing methods:

– requests for clients to send confidential data via email – the scammer falsely presents themselves as a Bank employee and claims the need to collect data for the reasons mentioned above;
– fake links or attachments in emails that lead the client to a malicious website where they are asked to enter confidential data;
– links that direct clients to websites not owned by the Bank while collecting the data entered by the client;
– fake pop-up notifications/windows on the Bank’s website with fields for entering confidential data.

How to prevent phishing scams?

Do not respond to emails requesting your data. Hipotekarna Bank already has your personal data and will never ask you to enter your password, card number, or PIN.
Do not click on links in suspicious emails, especially if you are not sure who the sender is.
Always verify that the website address is the legitimate Bank address (fake websites may differ by just one letter). The Hipotekarna Bank website uses HTTPS protocol and starts with HTTPS://.
Do not open unexpected emails, SMS, or chats, and do not click on attachments or download and open them.
If possible, use a personal firewall and antispyware software and keep it regularly updated.
Regularly monitor your account balance.
If scammers succeed or attempt to obtain your confidential data, immediately contact the Hipotekarna Bank Contact Center at 19905.

Change your password on your computer or mobile device. Scan your computer to remove viruses and malicious content.

Hipotekarna Bank will always contact you exclusively through its official communication channels and will never request confidential information such as your username and password.