Internet banking security

Our Internet Services comply with specific technical standards to provide advanced levels of security


Protect yourself from online fraud and learn how to recognise people pretending to be your bank by periodically consulting the Security section of the website > > >


Secure communication


Data transmission on our site is protected the most advanced encryption systems available nowadays. Display of a closed padlock at the top of your browser window ensures that the protection mechanism is active. When this symbol is present, information in transit cannot be viewed by others. You should verify the authenticity of the internet banking website checking by double click on padlock, if SSL certificate contains reference to Intesa Sanpaolo and to internet banking website.


When you access Inbiz, following the login, always verify that:
- the data transmission is secure (presence of a locked padlock on the browser window)
- the webpage has the prefix https://
- there are no errors in the URL


Strong authentication devices


To increase the security level, Intesa Sanpaolo has decided to adopt strong authentication devices (OTP devices for the generation of temporary passwords and USB key devices with digital certificates) that customers have to use both to access Inbiz services and to confirm operational transactions.


Temporary Passwords - OTP - One Time Password


Access to Inbiz is performed using a combined system, based on static credentials (the Holder Code, communicated by the Bank, and the PIN Code, that is the security code that was sent to you via e-mail) with a dynamic password, which can be used only once (OTP Code). Using the device with QRcode reader (delivered to you at the branch or from your business manager ) or through your mobile phone or using the Intesa Sanpaolo Inbiz App, you can generate temporary passwords to access online services and to confirm the operational transaction (ensuring maximum security on all online transactions).


Digital Signature


Digital signatures allow users to be identified with certainty and ensure the integrity of data transmitted, digitally signed in compliance with Italian and European laws, guaranteeing that the communication cannot be rejected.
Intesa Sanpaolo issues digital certificates as a Certification Authority accredited by the Agenzia per l’Italia Digitale (AgID) and within the international IdenTrust system. More information about this can be found at
Intesa Sanpaolo offers its customers two different types of digital signature, both based on current laws in force. For “local” digital signatures, the user receives a physical signature device (USB token) and access to the system occurs by entering two static credentials (User Code and a PIN Code associated with the digital certificate installed on the signature device).
Customers should remember to remove the physical signature device from their personal computers after use.
For “remote” digital signatures, static credentials (User Code, given to the user by the Bank, and a PIN Code, the security code sent by e-mail) combined with a dynamic password, which can be used only once (OTP Code) are used to access the system.
The “remote” digital signature is used by entering the PIN Code and dynamic password which can be used only once (OTP Code).


End of work session


To better ensure your security, after having logged in and spent a maximum time without using online features, the system will interrupt your work session. In order to continue to work, you then need to log in again. This arrangement serves to prevent other people from operating on the system during your absence.


Data Protection on internal systems


Intesa Sanpaolo adopts the best systems of protection from and prevention of attacks on their information systems, with complete protection of customer data contained therein. With a constant and continuous updating and improvement of our systems we can guarantee the highest security standards.

Level of security

What to do to increase level of security


Use and safekeeping of your PIN


The PIN Code is a numeric code that you are prompted to change at your first access if you use an OTP device.
To make it more secure, you should not use numerical sequences (e.g. 12345, 67890, ...), repeated sequences of numbers (e.g. 11111, 22222, ...) or use your date of birth. It is also a good idea not to use PIN codes already used for other services or accounts.
The PIN code is important for your safety: you must not tell it anyone else, preferably remember it by heart and you should never store it on your computer or sent by mail to anyone. Further, you should not select the browser option for storing or retaining user name and password.
To prevent possible intrusions, you should change your PIN at least every two months, avoiding reuse of codes already used previously.


Use and keeping of the security devices


The physical devices, that were been given to you in order to access on line services, are tools that significantly increase the level of security. These devices are strictly personal and, in the case of the digital certificate, they contain also information about your identity. Therefore they should never be abandoned or forgotten in places where they can be easily stolen and their serial numbers should never be divulgated. In the case of theft, immediately block your credentials and contact the Operation Assistance service.


Use of antivirus/antispyware software


Antivirus/antispyware software is an excellent tool to prevent intrusion attempts and viruses. Antivirus/antispyware software should always be installed on your PC. But it is not enough to be considered safe: remember to perform the regularly updates. In order to limit damages from malicious codes and other malicious software, you should pay attention to suspicious and unusual events, such as loss of files or changes on their contents with incorrect data, messages or pictures on the monitor or unusual sounds, sudden appearance of unknown files or programs, unjustified increase in the size of files or folders, slowly running of the system, email with attachments sent from unknown person, junk or chain emails, etc.




A Firewall is a tool that prevents the exchange of data between the Internet and your PC without your approval and it reduces the risk of attacks that may come from the external network by hackers. Therefore it is advisable to have a Firewall active and always up to date on your systems.




Keep up to date the Operating System of your computer and programs such as browser and antivirus. Software companies make available the appropriate updates and tools to see if your computer is updated to the latest available version. Having an updated software will prevent the fraudulent use of your PC through programs vulnerabilities. For this purpose, it is also advisable to never install software of which you do not know the source.


Access from public or shared computers


Suggest not to access e-banking services through public or shared computers (e.g. Hotels, Public libraries, etc.).


Custody of personal data (email, vital statistics, ...)


Keep your personal information (email, phone number, name, surname, ...) in safe mode, or by not keeping track of them, as for the PIN Codes, on your personal computer, on paper sheets left on the desk, or in places where they can be retrieved by others who do not want to communicate them and do not communicate them via chat, forums, etc.
In order to guarantee an high security level of information stored on your computers, it's also suggested to remove file and printer sharing services, perform regular backup of critical data. Furthermore, encryption of high sensitive data should be taken in consideration.


Care of the workplace


If you are away from your desk, remember to "lock" the computer, so one needs to enter a password to use. Please remember to log out whenever you have finished your work or you have finished to use the on line services, in order to inhibit the use of them to third parties.

Online frauds



To protect yourself from online fraud attacks just follow a few simple guidelines:
  • suspicious communications
    never act on emails, sms or phone calls that require you to input or communicate your identification codes: our policies never require you to provide us with your access codes under any circumstances. Intesa Sanpaolo will never contact you (by e-mail, sms, phone or via social networks) to ask for personal codes (such as passwords, access codes to online services, numbers of your payment cards).
  • accessing services
    only and always access the bank's site by entering the bank's web address ( directly in your browser address bar (Chrome, Edge etc.);
  • entering your access codes
    never enter your access codes to the site from a link in a message (email, sms, IM, etc.) or from a third-partty's website.

    What to do in case of suspicious contact


    If you receive a suspicious email, sms or phone call apparently sent by the bank, you must immediately contact our Customer’s Service or your branch.In the event of imprudently communication of your codes, you must change your PIN code immediately and contact customer support. Visit the CONTACT US page for more details.


    Security measures adopted by the Bank against online fraud.


    Intesa Sanpaolo makes use of security tools and measures that reduce the risk of online fraud attacks and protect its customers:
    • use of digital certificates to protect its website;
    • access by means of strong authentication tools (one time password or digital certificates);
    • software to monitor and identify unusual behaviour that is typical of fraud attempts;
    • monitoring the network to identify bogus phishing websites or other types of threats.