Security
Security is the basis for trustin banks.
In tough times more than ever.



Your safety is our highest priority. This is the reason why we not only carry out extensive measures to protect your data against unauthorized access by third parties, but also guarantee the protection of your funds through the statutory deposit protection of up to € 100,000 per investor.
A major challenge that we are all currently facing is security. In our daily corona-struggle this means: washing your hands carefully, keeping a sufficient distance, wearing a mask.

And in online banking? Here too, increased caution and adapted security measures are advised, since, in parallel with the Coronavirus, attempted online fraud is massively increasing as well. Cyber-criminals are using the current flood of news about the Corona crisis in a targeted manner to try and breach sensitive customer data or to send malware to unsuspecting victims.
On this page we want to give you the opportunity to inform yourself about safe and secure online banking, especially during these times of Corona. This space is dedicated to your safety, attention and caution. Please read the following sections carefully and protect yourself proactively from attacks online.
We recommend you'll have a look at our Self Services. Change of your personal data? Applying for a new FIN? Forgot your password? Activate geoblocking? You can now do all of this and much more in the Fidor Self Services - flexibly, time-saving and without the support of customer service.



Criminals are impersonating employees of financial institutions to defraud customers.
Stay alert. Learn how to spot scams and protect yourself and your finances here.

Phishing
- Phishing can be defined as the attempt of fraudsters trying to obtain to your personal information (such as usernames, passwords and credit card details) in order to gain access to your money.
- Phishing occurs when fraudsters send users seemingly genuine communications via digital channels, such as instant messages or emails asking them to click on a link provided, either to obtain their data or to infect the user’s device with malware, which is a software specifically developed to grant unauthorized access or jeopardize the target’s operating system.
- These fraudsters often falsify their sender details, posing for example, as Fidor Bank, and asking you to enter your PIN, FIN or other sensitive information.
Fidor Bank will never send you an email asking
you to enter your personal information such as a PIN or FIN.
Fidor Bank will never send you an email asking you to enter
your personal information such as a PIN or FIN.
- Don’t give away sensitive information online, unless you are very sure that the website or message recipient is the right one.
- Don’t click on any links from unknown or suspicious senders
- Users can be asked to click on a link that redirects you to a website which looks confusingly similar to the original page. Therefore, be careful which website you visit in your browser and pay attention to any small typos, alterations or irregularities within the domain
(e.g. fiidor.com, flidor.com, fi.dor.com, etc.).
Make sure that you always use a network that is as secure as possible and not publicly accessible when you exchange private or sensitive information over the Internet.
- If you believe your security has been jeopardized, please call the numbers
below or contact our customer service immediately. Alternatively,
please visit Contact & Help for more details.
Emergency Card Blocking Hotline:
Within Germany*: 116 116
Outside Germany**: 0049 116 116 OR 0049 30 40 50 40 50
*Calls from within Germany are free of charge
**Calls from abroad are subjected to prices from foreign providers
Emergency Account Blocking Hotline:
0049 89 189 085 454 (Monday to Friday - 08:00 am to 06:00 pm)

Pharming
- Pharming is derived from combining the two terms “phishing” and “farming” and is a form of cybercrime or online fraud involving malicious code (e.g. malware such as viruses or Trojans) and fraudulent websites.
- Pharming is a two-step process. First, cybercriminals install malicious code onto your computer or server. Second, the code sends/directs you to a phony website where users will be tricked into providing their personal information.
- Unlike phishing, pharming doesn’t require the initial click of a link to redirect you to a fraudulent website. Instead, users that are infected with malware are redirected to a phishing site automatically, despite their seemingly secure and correct address entry.
- We recommend that you always check for the latest versions of your browser,
firewall and virus scanner. Make sure to regularly "update" these programs
and to perform regular scans for viruses.
- Never store your passwords (or any private access keys) unsecured on your computer
and make sure to change your passwords regularly.
- If you believe your security has been jeopardized, please call the numbers
below or contact our customer service immediately. Alternatively,
please visit Contact & Help for more details.
-
Emergency Card Blocking Hotline:
Within Germany*: 116 116
Outside Germany**: 0049 116 116 OR 0049 30 40 50 40 50
*Calls from within Germany are free of charge
**Calls from abroad are subjected to prices from foreign providers
-
Emergency Account Blocking Hotline:
0049 89 189 085 454 (Monday to Friday - 08:00 am to 06:00 pm)

Spoofing
- Spoofing is the act of disguising a communication from an unknown source as one
from a known and trusted source. It is another method of data theft,
where cybercriminals disguise themselves as trusted sources (or devices) to mislead
users into completing certain actions. These actions are designed to steal information
and can cause you and your data significant harm.
- Spoofing can roughly be divided into two different categories:
i) Email Spoofing and ii) IP Spoofing.
i. Email Spoofing occurs when an attacker uses an email to trick a recipient into thinking it came from a known or trusted source. It is one of the most widespread attacks since victims believe they are being contacted by someone they know (e.g. customers, coworkers or managers) who is urging them to react. These emails may include links to malicious websites or contain attachments that are infected with malware (e.g. viruses or Trojans). Email spoofing may also use social engineering – which is the ability to convince a human user to believe that what they are seeing is legitimate, urging them react and open the attachment, transfer money or further disclose sensitive information.
ii. IP Spoofing focuses on networks instead of users, leveraging the fact that many IP services authenticate themselves to the external system using the IP address. This attack is based on an IP protocol weakness, namely that the IP packets are not separately authenticated. In this case, the user enters the URL in the browser but does not visit the desired target page, but the attacker's page.
- The best protection against spoofing is awareness. Pay close attention to the smallest details when emailing or visiting websites. Should you have any doubts about the legitimacy of an email, then it is advisable to make a phone call to confirm if the information is accurate and actually came from the sender. When visiting a website, pay close attention to how the website looks and behaves.
If anything seems irregular or suspicious, delete the email or leave the website. It is therefore vital that your systems are regularly updated with robust security software, that is able to protect you from fraudulent websites and can eliminate malware as soon as it attempts to infiltrate your system.
- If you believe your security has been jeopardized, please call the numbers
below or contact our customer service immediately. Alternatively,
please visit Contact & Help for more details.
-
Emergency Card Blocking Hotline:
Within Germany*: 116 116
Outside Germany**: 0049 116 116 OR 0049 30 40 50 40 50
*Calls from within Germany are free of charge
**Calls from abroad are subjected to prices from foreign providers
-
Emergency Account Blocking Hotline:
0049 89 189 085 454 (Monday to Friday - 08:00 am to 06:00 pm)

Secure Browsing (http:// vs. https://)
-
HTTP (Hypertext Transfer Protocol) is a protocol used to transfer data in networks. HTTP is a general technical standard that defines how a Web browser communicates with a server so that the data requested by the client can be loaded and displayed.
- HTTP focuses on providing the information, but cares less about how that information gets from one place to another safely and unaltered. This means that the data can be intercepted and also changed during communication, making both the information and the receiver (you) vulnerable.
-
HTTPS or “Hyper Text Transfer Protocol Secure” on the other hand, is the more advanced and protected protocol, completing the same task but in an encrypted manner. This ensures a tamper-proof connection between the website operator and your web browser.
The easiest way to identify if your connection is secure, is i) by looking for the https:// at the start of the website address in your web browser’s address bar, and ii) by the closed padlock symbol located next to the address bar.
All of our websites are encrypted with HTTPS – protecting your data from vulnerabilities and potential fraud from third parties.

Trojans
A Trojan is any kind of malicious software disguised as legitimate. Trojans are often designed to steal sensitive information from users such as login details, account numbers, financial information, credit card information.
- A Banking Trojan is a type of malware that tries to collect the credentials of online banking customers from infected machines and poses a significant risk to banking customers and businesses alike.
- Banking Trojans are becoming ever-more sophisticated and often cannot even be identified or detected, disguising itself as a genuine app or software that users download or install. Once installed, it positions itself in a way to access the user’s banking details.
How it positions itself depends on the individual malware since each one steals
your data in a slightly different manner.
- We recommend that you always check for the latest versions of your browser,
firewall and virus scanner. Make sure to regularly "update" these programs and
to perform regular scans for viruses.
- Never store your passwords (or any private access keys) unsecured on your computer
and make sure to change your passwords regularly. Whenever possible, use a different password for each website and service.
- Keep your eyes open for suspicious behavior. If something “seems off”,
make sure to check if you actually are where you think you are
before entering any details.
- An unusual slow computer startup and slow performance when nothing else is running
on the system could be a sign of a virus or other infection.
- Browsers that load Web pages slowly and run Web sites slowly.
- Suspicious behavior such as a suddenly slow computer, opening programs or
closing programs repeatedly might be a sign you are infected.
- Failed to log on the first time you try to log on to a system or webpage,
even though your password was entered correctly.
- New or unexpected form elements in bank web pages, such as fields that
ask for credit card numbers or PINs.

Fake Accounts
- Media reports about so-called fake accounts, i.e. account openings with fraudulent intent,
have been piling up recently. For us as a bank, it initially appears like a normal account opening, which is carried out by a new customer.
Each of these account opening processes follow a personal identification via ID card as part of the video identification process.
A possible fraud can already occur here if perpetrators use fake ID documents for personal identification. Accounts that have already been opened with fraudulent intent are often offered for sale on the Darknet.
- Another variant of the fraudulent account opening is unfortunately all too often done by manipulation. A tempting offer (market research survey, job offer, loan) is used to tempt customers to open an account on their own behalf - for example, for salary payments or loan distributions. But instead of paying out an amount as promised, the fraudsters take over the legally created account and misuse it for their purposes.
- The accounts opened in this way are mostly used by fraudsters for their criminal business. We would like to emphasize that not only the victims themselves but also the bank are victims of this fraud. This affects not only pure online banks, but banks in general.
- We are continuously working to prevent any illegal activity in our online banking.
Our control and monitoring measures to prevent the opening of fraudulent accounts have been further expanded in recent years, and in many cases, we are able to prevent the planned fraud in advance.
- Protect yourself by not disclosing personal data and documents to third parties.
- If you are prompted by someone to open a bank account in your name, ignore this instruction and please contact our customer service immediately.
-
Contact for Private Customers:
Email: info@fidor.de
Tel: 0049 89 189 085 233
Fax: 0049 89 189 085 199
-
Contact for Business Customers:
Email: geschaeftskonto@fidor.de
Tel: 0049 89 189 085 300
Fax: 0049 89 189 085 399
- Opening times:
Monday to Friday: 08:00 am to 06:00 pm
Saturday, Sunday & Holidays: 09:00 am to 06:00 pm
Alternatively, please visit Contact & Help for more details.
- If you believe your security has been jeopardized or that you may have been a victim of a fraudulent account opening, please call the numbers below or contact our customer service immediately.
Alternatively, please visit Contact & Help for more details.
-
Emergency Card Blocking Hotline:
Within Germany*: 116 116
Outside Germany**: 0049 116 116 OR 0049 30 40 50 40 50
*Calls from within Germany are free of charge
**Calls from abroad are subjected to prices from foreign providers
-
Emergency Account Blocking Hotline:
0049 89 189 085 454
-
Contact for Private Customers:
Email: info@fidor.de
Tel: 0049 89 189 085 233
Fax: 0049 89 189 085 199
-
Contact for Business Customers:
Email: geschaeftskonto@fidor.de
Tel: 0049 89 189 085 300
Fax: 0049 89 189 085 399
- Opening times:
Monday to Friday: 08:00 am to 06:00 pm
Saturday, Sunday & Holidays: 09:00 am to 06:00 pm

Mobile Banking - Security for your Smartphone
- Always be suspicious! Remeber every step of our banking app, down to the smallest detail. If in doubt, take screenshots and note down the individual steps of the banking process. Internalise our process and thereby be able to recognize fake queries.
- Protect your smartphone with an antivirus app and keep it up to date.
- We also recommend that you always protect your phone with a screen lock (biometric & PIN). If your smartphone is unexpectedly stolen without a screen lock, criminals will have easy access. If your phone is lost or stolen, make sure to block it immediately!
- Despite the big advantage of having access to mobile banking on-the-go, we strongly recommend that you always ensure to use a secure network. Only in exceptional cases should you resort to a mobile data network, such as 4G or LTE.

Geoblocking
Geoblocking is a security measure that we provide with our Fidor cards. The geoblocking function restricts the use of your Mastercard® in some countries. This prevents your card details from being misused in countries that are rated as particularly risky and insecure, either by theft or by preventing third parties from obtaining your card details.
More and more banks are offering geoblocking. So, what’s special about Fidor? We empower you to decide for yourself in which countries you wish your card to be valid in. Additionally, you can also set your personal limit and thus, ensure even more security.
You can use your Fidor cards anywhere in the EU and UK. All countries outside of the EU and UK are automatically blocked. If you want to unblock your card for individual countries, you can adjust the settings in the card management function of your desktop banking or in the Fidor app. While you can block or unblock individual countries in the app, you can also use the desktop banking to activate or deactivate specific regions.

12 tips for secure banking
Don't worry! There are so many deceitful scammers lurking in the depths online - but you can protect yourself! And this isn't nearly as complicated as it may appear at first glance.
We've put together for you, 12 simple, but effective tips. Let's make online banking safer together!
Regularly update your computer's antivirus program and firewall. This is the only way to ensure that viruses, worms and Trojans do not get into your computer unnoticed.
Make sure that your operating system (e.g. Windows) is always up to date. Therefore use an internet browser with automatic updates (e.g. Firefox or Google Chrome).
Only deal with relevant topics in the area of online banking on your own computer. Use only devices you know and avoid activity in places like internet cafés or other public networks.
Never save your online data on your computer. Everything that is stored can be read by foreign or Trojan programs.
Fidor Bank will never ask you to return, provide or directly enter any confidential information by phone, SMS or email. To avoid fraud, each user of a Fidor Smart Current Account is asked to indicate a reference account (for instance for changes to the email address or mobile phone number) as well as a mobile phone number (for sending mTANs). In addition, the Fidor Smart Current Account can only be used to its full extent once the identity has been confirmed by our identification procedure. Each transaction must be confirmed before execution by entering an mTAN, which the user receives via SMS on his mobile phone.
Clear your temporary storage (cache) regularly if you are not working on your computer.
Malicious programs can manipulate your turnover display. So check your account balance regularly.
Change your password regularly. Create secure passwords by using combinations of uppercase and lowercase letters as well as numerals. Avoid combinations with private reference (such as name, date of birth, phone number, etc.). A simple password can be easily guessed.
Look out for websites whose address begins with an IP number instead of a domain name (for example: http://123.45.67.89/...) or where Fidor Bank is only contained as a sub-domain
name (for example: http://www.fidor.domainname.com/...) or as a name supplement or spelling variation (for example: http://www.fidor-site.net/...).
Please always exit your online banking via the "Log Out" function, which is available to you on all pages. This disconnects the connection to your online banking.
Please think carefully about who you're lending money to. Fidor Bank is only liable for partners or for the identity, creditworthiness, reliability and dutifulness of another Fidor Smart Current Account holder in relation to transactions concluded with money lending. Fidor Bank sees itself here as an execution-only settlement bank.
Cards, PINs and passwords should always be stored separately. Never write your card PIN on your card or on a piece of paper in your wallet. Never leave behind a recorded note with your online banking data on a computer.

More Security with Fidor Alerts
In order to make our banking more secure for you, choose the option to receive notifications for all your transactions. Whether as an SMS or push notification on your smartphone - or simply via email. With Fidor, you'll always stay in control.
Push Notifications
In order to receive push notifications from your Fidor Smart Banking App (e.g. when paying with your Smart Card or via contactless NFC), activate the push notifications functionality in the settings of your smartphone.
Fidor Alerts
To set up your SMS- or email-alerts, log into your online banking. In the top navigation bar, select the menu item "Einstellung", then "Kartenverwaltung". In the row labelled "Benachrichtigungen" you will find the link to "Alerts verwalten". Here you can set your individual notification options. You can choose between email and SMS alerts. Check-off the desired box and click on “Speichern” to save. Now you’re good to go!

Internet Security
Always make sure you're on the real Fidor Bank site. Check this in the first step by comparing the internet address in your browser. In addition to the mTAN procedure, Fidor Bank uses the SSL (Secure Socket Layer) encryption procedure to encrypt the online pages. You can tell by the "s" in the URL when you are logged in.
It stands for an SSL connection, which ensures that the transmission between your computer and the bank computer is encrypted and thus secure for the duration of your online session. Your data is thus protected from unauthorised access by third parties. As long as this 128-bit encryption is active, the data cannot be read or used by third parties.
Mozilla Firefox: you can find the lock symbol in the status bar. This appears during a secure connection. If you click on the lock symbol in the status bar, a dialogue box with the security information opens. Click on the "More information" button to see information about the validity of the certificate and to see who the certificate is issued to (issued to fidor.banking.de). To view the information, please click on the button "Show certificate" and then on "General".
Google Chrome: you can find the lock symbol in the top left of the entry bar for Internet URLs. A double-click on the symbol opens a dialogue box with the properties and contents of the certificate.
The free mobile TAN is one of the most secure procedures in online banking. In addition, phishing attacks on TANs in the mTAN process are also made more difficult. You will receive these via SMS on your mobile phone. If you enter the mTAN incorrectly three times in a row, your transaction will be aborted and you will receive a new mTAN. For security reasons, your mTAN is only valid for a certain period of time.
An mTAN is a mobile TAN or smsTAN and is transmitted via SMS to electronic banking users. As an online banking customer, you will receive a TAN on your mobile phone from Fidor Bank via SMS, which can only be used for this transaction, after the completed transfer has been sent via the Internet. The order must then be confirmed with this mTAN.
Why is this variant more secure? By limiting the validity period of the mTAN to only the transaction ordered in each case, redirection to another account should be prevented. In addition, phishing attacks on TANs in the mTAN process are also made more difficult.
Even if you lose your mobile phone, you don't have to worry because the validity of the mTAN is limited. SMS may also tell you about unauthorised transfer attempts, so you can immediately block your account. The use of mTANs at Fidor Bank is free of charge.
We require your mobile phone number for the mTAN procedure: Whenever you place an online order with us, you will receive an mTAN by SMS on your mobile phone. It is necessary to enter the mTAN to confirm the order. In addition, you can subscribe to various alerts (SMS / e-mail) for your Fidor Mastercard® in order to always be well informed about your card-transactions.
Please remember that we will never ask you online enter personal data such as PINs or TANs or to update your mobile phone with software. Do not upload any updates to your mobile phone that you have received via SMS or MMS.

Emergency Hotline - Card Blocking
The following numbers are available for you around the clock. Report the loss immediately!
Within Germany: 116 116
Outside Germany: 0049 116 116 or 0049 30 40 50 40 50
The Emergency Hotline 116 116 is free of charge in Germany.
Calls from abroad are subject to prices from foreign providers.


Account switch service
Fidor makes it easy for you to switch to your new Fidor Smart Current Account.



