Update your browser

Update your browser

You are using an old version of your browser. We recommend you update it or change browser for a better web experience.

Other Group websites Branches and ATMs
Urgent assistance Help


1. Advice for your online security

2. System security

3. Security measures

4. Prevention

5. Protection

6. Good practices

1. Advice for your online security

Read the basic security tips carefully

Security in Home banking services
When browsing the Internet and/or receiving emails, it is advisable not to enter your passport or OD number nor the security home banking access codes nor the secret numbers for performing operations nor any other sensitive data (such as numbers and codes of your debit and credit cards) , in the following cases:

We hereby inform you that BSABanc will never request confidential data (such as passwords or secret numbers) by email mail or in forms.

Do not keep your access code (PIN) anywhere near your personal code card for the home banking service and avoid third persons gaining access or seeing them.

To strengthen your computer protection

For further details, you can call our customer care line (735 666), or check the recommendations and security information available at the portals of BSABanc..

Go up

2. System security

At BSABanc we have incorporated the latest security technology and certain additional measures.


This technology encrypts the data entered on the screen and which travels through the network according to an algorithm with variable codes in each connection. These codes are the essential security element of a secure server.

BSABanc is hosted on a secure server and has these codes enabled. These certificates add supplementary security systems which incorporate fraud prevention and provide information on the security level of the page visited. The latest browser versions, such as Internet Explorer version 7 or higher, or Firefox as from version 3, support this type of certificate and indicate the authenticity of the webpage visited.

By clicking on this area you can obtain additional details on the certificate used.

If the address bar is shaded red, do not trust the page because it could be fraudulent.

If you use browser versions which do not support these functionalities, the address bar will not appear shaded.


The access code you enter in BSABanc must overcome a series of controls: a maximum number of errors per day or accumulated over several days will automatically cancel the access code. In this case, to reactivate it you need to request so in writing or in person at your branch of BSABanc.

Operations which require greater security (transfers, purchase orders, etc.) require a second code. This second code is one of those on the Online code card. This code card is different and customised to each client. Each option of this type requests a different random code. The code card is a basic security component for your operations. You must therefore always keep it with you and notify the Online service immediately if lost or stolen (735 666).

When connecting to Online, you are shown the day and time of the previous connection. Check that this is actually correct. This information enables you to make sure that only you know the security codes and therefore only you can access the service.


In certain operations, the operation amount is limited (and the accumulated sum over a period).

As from a certain amount, the branch is immediately informed and if anything abnormal is detected, it will make the checks it considers suitable.


The three above elements (encrypting of messages, control of access codes and limiting amounts), conform a security level which allows you to operate with the Online system without any concern.


So far we have discussed the measures we have taken regarding our service, but there are also measures you must adopt on your PC, not so much to protect your communications with the bank but to protect your own computer and the information it contains. Your PC is the only point which the bank cannot control for you.

VIRUS OR MALWARE.The possibility of your PC becoming infected by a virus or malware via discs, diskettes or simply browsing the Net is well known.

For this reason, a virus detector must be installed on your PC which runs every time you start the computer. And the antivirus program version must be kept up to date.You must be prudent when visiting unknown websites and be particularly vigilant when downloading files and programs from the Net. A virus or piece of malware is a program dedicated to creating problems in the information stored or even the PC itself.

Try not to store programs of unknown origin on your PC.

Additionally, we recommend you make frequent back-up copies of the files on your PC.

Go up

3. Security measures

Glossary of terms

Below is a series of tips to help you maintain confidentiality and security when browsing and about the BSABanc home banking services.

You can contact the bank with a query or to ask questions about security via different channels. If you use the electronic form, select “security” as the reason for your communication.

Do not trust any email messages from unknown sites or which contain incoherent information. Email messages which come from known addresses have a high probability of containing computer viruses or malware, especially when the subject line contains incoherent information (for example, if it is written in an unusual language or not related to subjects generally discussed with the sender).

It should be remembered that even if the sender of the message is known to us, when the subject line we see is not consistent with the send, the message could have been sent by a computer virus or malware from the sender’s computer or another infected computer which has your email address stored.

Never reveal your identifier or password or other personal data when asked for them via SMS messages, fax, email messages or a link which does not point to a secure address (i.e. one which begins with “https:”). BSABanc will not request any confidential or personal data such as codes, account numbers, card numbers, etc. via SMS, fax, email or forms. BSABanc will only refer to you its portals via secure pages (https) which will display a padlock on the browser. When entering the home banking system, check that your name and surnames are shown correctly with the last date and time of connection.

Remember that your access code is personal and non-transferable. We recommend you change it regularly to prevent third party access. And memorise and avoid noting it down. As an additional measure, you should refrain from choosing a number associated with your personal details or with any other code which can be easily guessed by third persons (date of birth, telephone no., series of consecutive numbers, repetitions of the same figure, etc.). Neither should you write down the codes or passwords on any physical medium and never together with supplementary identification documents (cards).

Carefully keep your code card without letting any third persons gain access to it. These cards are the key which allows you to carry out operations.

Avoid third persons seeing or gaining access to your code card and do not make any copies. Check if the date and time of the last access shown on entering the home banking system really matches the last time you used them. If you suspect that the last access date and time do not match with the last time you accessed, notify the bank immediately.

Use an antivirus and antispyware system and update it frequently, preferably automatically. The proliferation of computer viruses is increasingly common. Check you have a good antivirus system and, more importantly, keep your virus detection libraries permanently updated. Having an antivirus system can be of little use if you do not have the latest detection libraries for the most recent viruses. In addition, do not install software from unknown sources or browse sites which inspire little confidence. Likewise, it is advisable to have protection against "Spyware". You can use an antivirus program which also protects you against "Spyware" or use a specific program for itor use a specific program for it.

Update the browser and operating system with the security enhancements offered by the manufacturers in accordance with their instructions. Improvements and new versions of browsers and operating systems periodically appear which provide greater security when browsing or using the Internet.Read the manufacturers recommendation and update the browser and operating system in accordance with their instructions.

If you have a permanent connection (ADSL, cable or similar) it is advisable to install a personal firewall. While your computer is connected to the IInternet, it can communicate with any other network user. To prevent any unwanted access to the information on your computer, we recommend installing a personal firewall, especially if you use a permanent connection (ADSL, cable or similar).

Take additional precautions when using public or shared computers. Use public computers only for queries which are not of a personal nature. Remember that you may be observed by third persons or even via electronic surveillance systems.

If you detect or suspect that there is any security issue, immediately contact the bank. You can contact the bank via different channels.If you use the Internet form, select the “security” option as the reason for your communication.

Security Policy.

BSA Empreses has incorporated the most advanced security technology in addition to a series of supplementary measures to ensure confidentiality in transactions. The user should comply with the following conditions:

Applicable law and jurisdiction

These general conditions are governed by the Andorran legal system; for any dispute arising from the relation with the portal, the parties submit the courts of the registered offices of BSABanc, S.A.

Go up

4. Prevention

Computer viruses and malware

Viruses and malware are small programs which install themselves on the computer without the user realising for malicious purposes, such as destroying or stealing information or causing disruption in the computer or network to which it is attached.

A virus, in addition to affecting the machine in question, propagates to other computers the machine is connected to in different ways which have evolved over time. Years ago, viruses spread mainly via diskettes. With the arrival of networks, the iInternet and email, viruses have found the ideal way of spreading although physical information media are still used. New viruses appear on the internet every day, although not all represent the same danger. To avoid infection, a series of precautions must be adopted:

Useful links about viruses
Below we provide the following links for information purposes:




http://www.mcafee.com (ENGLISH)
http://www.symantec.com (ENGLISH)
http://www.norton.com (ENGLISH)

Useful links about spyware

http://microsoft,com/athome/security/spyware/software/default.mspx (ENGLISH)
http://ca.com/products/pestpatrol (ENGLISH)

Useful links about encryption

http://www.pgp.com/products/personal/index.html (ENGLISH)
http://www.pgpi.org (ENGLISH)

Attempted theft of access codes or other confidential information (Phishing)

One of the frauds on the Internet is the creation of false pages and/or portals and the forgery of email message sources. These two techniques combined are used to fraudulently capture access codes for services and third party applications or other confidential information such as account and card numbers (including the expiry date), so as to access you information or perform operations in your name.

This technique steals access codes by creating an address and Internet pages with a name which is practically identical to that of the company or portal being spoofed. The name differs in a few characters, frequently just one. At the fraudulent address pages are created which are identical or very similar to the authentic ones. The victims of the fraud receive emails supposedly sent by the real company (in this case the mail address used is imitated in full) in which the victim is invited, using some excuse, to visit the fraudulent pages where they are asked for their identification, password or other access data. After entering the information in the fraudulent pages, the information is stolen and they can access the real site and perform operations using the stolen information. Some variations on this technique consist of asking for the same information via SMS messages, fax or over the telephone.

How to prevent this?

Follow the instructions above and the announcements and security information offered to you by BSABanc. If in any doubt, contact the bank. You can contact the bank via different channels. If you use the electronic form, select “security” as the reason for your communication.

Useful links on attempted theft of access codes or other confidential information(phishing)

Below we provide the following links for information purposes:

http://www.consumer.gov/idtheft (INGLÉS)

Go up

5. Protection

The protection systems described below supplement each other:no single one substitutes the others.

Digital Certificate

A digital certificate is a guarantee of the identity of a given server and associated pages which offer a service in the electronic world (chiefly the Internet).

A digital certificate is issued by a trusted company (Certification Services Provider), such as VeriSign or the FNMT (Fábrica Nacional de Moneda y Timbre), which after thoroughly checking the identity of the applicant, assigns them a certificate.


The digital certificate contains data on the address to be verified (for example,www.bsandorra.com), the identity of the party operating with the address, the expiry date of the certificate and other technical information.

The digital certificate is signed digitally by the certification services provider.

The trust in a digital certificate is therefore not only the result of the information it contains, but also the trust in the certification service provider who issued and signed it. Certification service providers publicly show the processes used to perform the certification (certification policies and practices). Thus, we can assess the trust a given certification service provider deserves.

How are the pages of an internet service validated?

We can display a digital certificate in various situations. The most common is to check that the pages of a given service on the Internet belong to the rightful owner and not an impostor who has copied them. This, we can guarantee that the personal and confidential information we enter will be received by the appropriate identity.

It is advisable not to offer any confidential data on pages activated by a link contained in an email. We recommend you always access the pages of our websites via the Internet addresses provided by the bank

Steps to validate the pages of an internet service (secure pages):

Check that the (URL) of the pages starts with the prefix https and that your browser shows an icon with a padlock in the lower right of your window (in Internet Explorer, in Netscape Navigator).

Click on the padlock (double click in Internet Explorer and one click in Netscape Navigator) to see the digital certificate and check the identity of the party showing the pages which will gather the information:

Data encryption

In addition, by using secure pages (pages protected by a digital certificate), all the information sent between your browser and the server hosting the pages is transmitted encrypted. Thus, the information is protected against interception by third parties.

To achieve the maximum encryption protection in communications with secure pages (protection necessary for using financial services or any other type of confidential information), it is necessary to use a browser which provides strong encryption (128 bits).

Certification policies and practices

Via certification policies and practices, the certification service providers show the public in an open manner the mechanisms and steps (identity checks) used to issue digital certificates to applicants. Thus, whoever wants to verify a certificate can trust in the certificates issued by the provider.

In practice, as the policies and practices are long documents, trust is placed in the certification service provider in accordance with our prior knowledge of same. In this respect, VeriSign is the best known worldwide for the certification of service pages in portals and servers.

Certification Policies (CP).

The policies show what the certification service providers do and the type of services and certificates they offer.

The link below shows the certification policies (CP) of VeriSign, the world leader in certification services:

https://www.verisign.com/repository/vtnCp.html (ENGLISH).

Certification practices(CPS)

Certification practices detail how the policies are guaranteed, i.e. what procedures and specific systems are used for issuing digital certificates.

The link below shows the certification practices (CP) of VeriSign, the world leader in certification services(ENGLISH).

http://www.verisign.com/repository/CPS/ (ENGLISH).

Useful links about digital certificates and certification service providers:

VeriSign (ENGLISH)


Thawte (ENGLISH)


Personal firewall

A personal firewall is a program which blocks non-authorised access from the Internet to our computer and also uncontrolled access (caused by a new virus or malware) from our computer to the Internet.

Nowadays we can find firewalls in separate programs or integrated into other security programs (such as antiviruses) or the operating systems themselves (such as Windows XP).

They are called personal firewalls to differentiate them from perimeter firewalls which usually carry out this function to protect a group of connected computers from unknown network connections (usually Internet or third party networks).

By using a personal firewall we can control the connections with the Internet or other networks for all the programs contained on our computer. When the firewall is installed, all connections are prohibited and the usual connections we use on our computer must be expressly authorised. When the firewall warns us of any attempt to start a connection which has not been expressly authorised, we need to indicate whether or not we want to authorise it, depending on if the connection is related to the use we are making of the computer, or if the connection is produced by an external agent (attempted access via the Internet, virus or similar). A personal firewall is a program designed for users knowledgeable about the Internet.

It is also advisable to periodically update the version of our firewall in keeping with the manufacturer’s recommendations.

Useful links about firewalls

Below we provide the following links for information purposes:


Go up

6. Good practices

Browser and operating system security updates

In order to avoid security problems arising from the occasional vulnerability discovered in the software being used, it is advisable to visit the security pages of the manufacturers of the programs we use, especially the browser and the operating system itself.


The browser, as the chief means of accessing the Internet, is the main program to be maintained up to date with the latest security recommendations.

Use strong encryption (128 bit encryption) for communications with secure pages (https).

Regularly visit the pages of the manufacturer of your browser and update it with the security recommendations which appear there.

Useful links on new versions and security updates for the browser.

Below we provide the following links for information purposes:


Operating system

Some operating systems, such as Windows with its Windows Update functionality, are useful for checking the existence of operating system updates which include security updates. Use these utilities or regularly visit the pages of the manufacturer of your operating system and update it with the security recommendations which appear there.

Useful links on operating system security updates

Below we provide the following links for information purposes:

http://www.microsoft.com/security/ (ENGLISH)

Use of strong encryption (128 bit encryption) for communications with secure pages.

Strong encryption (implemented by using 128-bit encryption codes) is achieved by using specific software on the servers which show the secure pages and using browsers capable of using this encryption.

Due to their power, their use is usually only authorised on the servers of financial entities and other companies with similar security requirements. However, they can be freely used on any browser. For this reason, the home banking services of financial entities are generally capable of using strong encryption. The use of strong encryption in communications with these services depends on whether the browser has the capability for strong encryption.

Check you are using a browser version capable of strong encryption (128 bits). If not, update to a version which allows this.

How can I know if a server allows strong encryption (128 bits)?

A server which uses strong encryption usually announces it on its pages, generally in a specific security section. Otherwise, you will need a browser with this strong encryption to ascertain the type of encryption a given server uses.

How can I know if I am using strong encryption (128 bits)?

To know if we can exchange information via strong encryption, first we need to check that the padlock in the bottom right hand corner of the window is locked. After this:

If you have a browser capable of using strong encryption, you can also communicate securely with servers which lack this feature. In this case, the highest type of encryption the server supports will be automatically used for the communication and the length of the encryption code will appear as lower than 128 (generally 40 or 56 bits).

How can I update my browser for it to use strong encryption(128 bits)?

Visit the download and update page of the manufacturer of your browser and look for versions of updates of 128 bits for your browser. Remember you can only communicate using strong encryption with servers which have this feature.

Useful links about 128 bit encryption

Below we provide the following links for information purposes:


Back-up copies

In case we ever have a problem with the computer and need to recover the information contained on it, we must make back-up copies and keep them up to date. And if we need to use them, the place we keep them is an aspect to be taken into account. The copies should be kept in a place separate from the equipment which stores the original data so as not to lose the copies as well in the event of an incident. This is particularly important in the case of a portable computer, when it is totally inadvisable to keep the copies in the case or bag used for the portable.

Back-up copies are made on removable information media, i.e. they can be extracted from the computer containing the original data. These media can be diskettes, recordable CD or DVD, tape units, ZIP units, devices which can be connected via a USB port (Universal Serial Bus) and external discs, etc.

Useful links about back-up copies

Below we provide the following links for information purposes:

http://www.iomega-europe.com/eu/en/products/products_en.aspx (ENGLISH)
http://www.pricingcentral.com/best/backup_utility_software.html (ENGLISH)

Go up