Security

IN SECURITY TERMS AND CONDITIONS

At Crèdit Andorrà we are aware of the need for ensuring the security of information exchanged between the bank and its customers. Therefore, we adopt the strictest security measures to ensure the confidentiality of information. It is important to follow the advice on security described below whenever personal details are requested online.

PRACTICAL ADVICE

1- Do not open messages or files from unknown sources or provide your log-in details over the telephone. Identity theft (phishing) happens through emails, text messages or misleading telephone calls.

2- Verify that your connection is made through a secure server by checking on your browser that the online log-in page or any other page that requires your log-in details starts with HTTPS (Hypertext Transfer Protocol Secure). Likewise, you can check a page's security certificates by clicking on the image of the padlock on the left-hand side of your browser that appears whenever you go to a secure page.

3- Avoid using passwords whenever you can that third parties will find easy to deduce (birthdays, names, telephone numbers, etc.).

4- Disable the autocomplete options and do not save your log-in details.

5- Never write your log-in details down in a document, and keep them and your online banking log-in device in a safe place.

6- Keep yourself informed about general security on the Internet.

7- Check a page's security certificates; to do so, click on the icon of the padlock that appears when you go to a secure area on the bottom right-hand side of your browser, and check that the expiry date and domain of the certificate are still valid. Details are given about the issuer, the period of validity and to whom the certificate has been issued.

PROTECT YOUR PC AND ANY OTHER DEVICES

- Update your browsers whenever you are asked to do so.

- Avoid browsing unknown websites.

- Avoid connecting to an unsecured WI-FI network and keep an eye on your Bluetooth connection.

- Do not leave your device unattended while it displays your log-in details.

- Find out about potential malicious viruses.

- Do not allow programs to run that do not need your prior consent.

- Enable the autoblock function on your mobile device.

- Make backup copies whenever you can.

PHISHING

Phishing or identity theft us the term used to refer to a scam committed by cybercriminals to obtain confidential information.

Identity theft happens through emails, text messages or misleading telephone calls that attempt to simulate or imitate your bank.

To this regard, you are reminded that Crèdit Andorrà will never ask you for your log-in details in an email or over the telephone. They are personal and non-transferable.

Should you receive a misleading message, please do not provide your details and contact Crèdit Andorrà immediately by calling +376 88 87 00.

- All user online banking details are stored irreversibly encrypted on specialised user and identity systems so that no-one can decipher them.

- The way in which the e-Crèdit online banking service works does not require anyone from Crèdit Andorrà to have the log-in details of its customers, so none of its employees knows

them or will ask you for them.

- All transactions are made from a secure server that uses the SSL (Secure Socket Layer: HTTPS) protocol, which is enabled whenever the service is accessed. By using the SSL protocol, customers are guaranteed that their data are sent to the central server of Crèdit

Andorrà, SA, encrypted, thus preventing third parties from potentially reading or handling them. Crèdit Andorrà, SA has an automated privilege management system for accessing information that ensures that access to it is controlled and restricted to authorised personnel.

- The information stored in its databases and internal systems is protected through different security systems.

- Crèdit Andorrà, SA has an automated privilege management system for accessing information that ensures that access to it is controlled and restricted to authorised personnel.

- To end a browsing session on the Crèdit Andorrà website, you should always use the disconnect button on the toolbar; by doing so you will end your browsing session securely,

and the next time you go to Crèdit Andorrà&'s log-in page you will be asked for your username and password again. Should you fail to disconnect properly, the server will not close your browsing session until it times out, that is, it automatically disconnects when a certain amount of time has passed.

SECURE ELECTRONIC COMMERCE

Crèdit Andorrà uses 3D Secure for online Visa and MasterCard payments. As a secure e-commerce payment system, it prevents the fraudulent use of cards used online and ensures that payments made by customers are secure.

For an online payment to be secure, customers must enable the secure e-commerce system on e- Crèdit, under the section "Cards". The dealer’s system must also be compatible with this technology. If the service is not enabled, customers may make online purchases but the payments will not be protected.

- How can I make a secure online payment?

When you make a purchase online, the dealer will ask you for the number of your card, its expiry date and security code to make the payment. Once you have entered your details, you will be redirected to a page on the Crèdit Andorrà website where you will be asked to enter a code that your will have received on your mobile device if you have enabled the secure e-commerce service on your e-Crèdit account.

- Can I make a purchase if I have not enabled the secure e-commerce system?

It will depend on the dealer. Although 3D Secure is becoming the standard security system for making online payments, some dealers' systems are not compatible with this technology. In such cases, you may complete the purchase but the transaction will not be protected. However, if a dealer has the secure e-commerce system but you have not enabled it, the dealer will decide whether or not to accept the transaction with the consequences that this may involve.

- How can I enable the secure e-commerce system on my cards?

You can enable the secure e-commerce system by selecting this option under the "Cards"; section of your e-Crèdit account. You may do so for all of your cards free of charge.

- What happens if I have enabled the service but do not receive a code on my mobile phone when I make an online purchase?

In this case you should contact your Crèdit Andorrà manager who will check that the secure e- commerce system has been properly enabled.

- How can I change the telephone number associated with my card for payments using the secure e-commerce system?

You can change the number associated with the secure e-commerce system under the section with your card details on your e-Crèdit account. You can also do this by contacting your Crèdit Andorrà manager.