Effective protection of consumer data and privacy is a precondition of trust in financial service providers. It is also essential for our clients: no less than 61% of respondents in a stakeholder survey consider it to be very important. For these reasons, and to ensure full legal compliance, we have developed and continue to pursue a comprehensive policy in this regard.
In 2018, the mBank as well as mBank Hipoteczny, mLeasing and mFaktoring received no legitimate complaints concerning breach of customer privacy or loss of customer data. No such complaints were filed against mBank S.A. to the Polish Financial Supervision Authority.
In October 2018, we launched a series of training sessions dedicated to cybersecurity for corporate clients. The training delivered by Collegium Civitas experts instructs participants how to identify cyberattacks including malware and how to protect yourself.
Until today we have completed three training rounds for 150 participants.
In late 2018, we were the first in Poland to launch a pilot solution of customer authentication based on personal interaction with a computer of a mobile device. We offered the service to 50 thousand volunteer clients in the first phase of implementation.
Digital Fingerprints behavioural authentication is a security measure based on the unique behaviour of clients, including the use of the keyboard and the mouse pointer. mBank’s transactional system can identify users by comparing current behaviour with an existing profile. Importantly, the system stores no data concerning the use of other websites or tools.
The project is implemented in partnership with Centrum Bezpieczeństwa Cyfrowego S.A., a company in the mAccelerator fund portfolio.
Online cybersecurity emergency service
In 2018, we were the first bank in Poland to offer free-of-charge round-the-clock support to clients helping with online security outside the banking service.
CyberRescue experts assist mBank clients by phone, text message, email or chat in the event of cyberattacks, computer or phone malware, loss of online logins. The service was made possible by the investment of mAccelerator in Centrum Bezpieczeństwa Cyfrowego.
In 2018 mFinanse received two complaints concerning unauthorised marketing communication by phone. It was caused by employee omission as the company did not process personal data of the complaining customers for such purpose and the employees had access to the applicable procedures. We have taken steps to avoid such incidents in the future.