Gira tu dispositivo a modo "landscape"



Online Banking Security

In Kutxabank we have various systems and measures for protecting your codes and transactions:

  • Transactions with better protection: More sensitive transactions have a higher level of security. Kutxabank may request additional authentications to carry these out.
  • Hosting on a secure server, ensuring the confidentiality of the information exchanged between your device and our server, since there is an encrypted connection established between both and by using a secure protocol, making it impossible for third party access to the information sent.
  • Website monitoring: our monitoring service detects phishing attempts of our website portals.
  • Entering your access code by means of a virtual numeric keyboard: when connecting as well as signing your transactions, the virtual keyboard will appear on your screen. This system makes it possible to prevent data capturing by spyware which registers everything keyed in on traditional computer keyboards.
  • Control of failed attempts: you have a maximum of five attempts to enter your access code. If this is exceeded, it will be blocked and you will receive an SMS message informing you of the steps to take.
  • Automatic shut-down system, which shuts down in the event more than five minutes have elapsed without making any transactions.
  • Date and time of the last connection, in order for you to detect whether a connection has been made by someone other than you.
  • Setting quantitative limits: Kutxabank may set quantitative limits, which if exceeded will not process the transactions made through this Service until the customer visits any branch office of the Entity in-person.
  • Confirmation and signing of transactions: Kutxabank will never ask you to confirm a transaction until you have previously identified yourself and you are on the secure Online Banking service environment. Always keep your telephone number updated on our database and, for making your transactions easier, verify your App (see how to do it here).
  • Blocking of service and transactions: For security reasons, Kutxabank may block the service as well as certain transactions when it has founded suspicion of unauthorised or fraudulent activity. In order to unblock the service, visit your branch office.
  • Some access and queries are protected: for increased protection of your privacy, you will see that an additional authorisation is required at times by means of a single-use code sent via SMS message to your mobile phone.


1. Make sure that you are in a secure webpage of Kutxabank: in the address bar of your browser you will see '' (instead of the usual 'http://). Besides, next to the address bar of a secure website there is always a locked padlock indicating that the communication is encrypted. By double-clicking on it, you get access to the SSL security certificate with information about the issuing entity, the validity period and the server you are connecting to.

 2. Abide by these rules when creating and safeguarding your passwords:

  • Outside these secure pages, you must never provide your personal data or passwords. In this regard, Kutxabank assures you that they will never request these confidential data via email, the phone or any other similar means.
  • Likewise, you must never access the service through links included in email messages, see 'phishing' section. You must always access the service from the website
  •  Do not provide your passwords over the phone, except when you phone Kutxabank on 900 44 55 66. If you find a site, receive an email or phone call requesting your access passwords or any kind of identification on behalf of Kutxabank do not trust them, even if they claim that it is for security reasons or system validation, and contact us on the phone number above.
  • Use your passwords only to log in or if you phoneKutxabank.
  • Do not use passwords which can be easily guessed, such as your date of birth, car registration number, ID card no... Use random passwords and change them regularly.
  • Keep you passwords in a safe place, do not write them in places which are accessible to others or keep them in a file on your computer.
  • Keep the Code Card in a safe place and do not let anybody have access to it.
  • Change your password regularly.
  • Passwords are personal and you must not share them with anybody. In Business online banking, where several people may have access to accounts on the Internet, each of these people must have and safekeep their own passwords 
  • Remember that, as the holder of the service, you assume the responsibility for any transactions which may be carried out using your "password" and, if appropriate, for your Code Card.

3. Follow our recommendations to keep your computer up-to-date and browse the net securely:

  • Install an antivirus in your computer and update it regularly. Besides, it is advisable to install a personal firewall to filter the information you receive and you send on the net.
  • Regularly update the apps on your computer (operating system, internet browser, email manager...) using the security patches provided by manufacturers.
  • Always use the latest version of your favourite browser, which will enable you to use the most secure encryption protocol.
  • Analyze all the emails you receive before opening them. If you are not sure (unknown sender, response to an email you have not sent...) the best thing is to delete them and empty the trash bin.
  • Beware of messages which request passwords for security reasons, offers, statistics...
  • Be very careful with the files you download from unreliable websites on the Internet, those you receive attached to the mail or through file sharing programmes (P2P).
  • Make security copies of the basic information on your computer regularly.
  • Do not use the AutoComplete password feature in your browser, since the password is then stored in your computer and therefore it becomes accessible to other possible users of the computer.
  • Do not use the service on public or shared computers or in unprotected Wi-Fi networks.
  • Once you finish operating in secure environments, use the "close session" option which logs you out and prevents any further transactions from being carried out in the same session.
  • Software downloading: companies must pay special attention to the security risks derived from the use of file generation tools. To this end, you are advised to use the e-notebook application of Kutxabank. This software is digitally signed for clients to be able to verify its originality and thus guarantee the security of the payments. 

4. Check your account statements regularly.

5. You may establish any limits you wish, including a limit of 0 Euros, from the service itself of by phoning 900 44 55 66 to prevent any transfers by these means whose daily individual or cumulative amount exceeds those limits.

6. Carefully read notices and instructions on online banking screens when you make a transaction or arrangement so as to know how to fill in the details and find out the terms and conditions, the result of the transaction and what it implies. In the case of complex business transactions, such as remittances, mandate acceptances, etc. you are advised to confirm the operation procedure with your office or by phone with the Business Support Service 94 401 79 07 the first time you make them

7. You may also establish access rules:

  • Indicate the access channel (online banking or telephone banking) and establish the minimum security level: no access, password-based access or access requiring a CC coordinate.
  • Limit the access channel to Internet only or telephone only.
  • Establish the security level for the access: basic mode, with password or reinforced with a coordinate from the Code Card.
  • You may also prevent access to accounts linked to companies, should you have any.
  • In the case of Companies, the holder of the contract may regulate the use of the service by the various “users” (each person, department, etc. with their own password) or establish a “consultation only” access mode, as well as establish the persons whose signature is required to authorize transactions, either individually or jointly, and up to what amount.


Menú de pie de página

Cookies settings

We use our own and third-party cookies to analyse our services and show you advertising related to your preferences, based upon a profile drawn up from your browsing habits (for example, visited pages).

You can set or reject the use of cookies or obtain more information.

Privacy Preferences Centre
Your Privacy

When you visit a website, it can store or retrieve information in your browser, primarily in the form of cookies. This information may be about you, your preferences or your device and is primarily used in order to make the site work as expected. The information does not generally identify you directly, but it may provide you with a more personalized web experience. Given that we respect your privacy, you may choose to exclude some types of cookies. You may click on the different category headers to obtain more information and change our default setting. However, if you block some types of cookies, your user experience on the website may be affected as well as the services we can provide you.

Technical cookies
Disabled Always enabled

These cookies are necessary for website function and cannot be disabled in our systems. Generally speaking, they can only be set in response to the actions you perform requesting services, such as setting you privacy preferences, initiating a session or filling in forms. You can set your browser to block or alert you regarding these cookies, but some site areas will not function. These cookies do not store any personally identifiable information.

Analysis Cookies
Disabled Enabled

These cookies enable us to keep track and analyse user behaviour on the page, and in particular, count the number of visits and traffic sources in order to assess and improve the performance of our website. They help us to know what pages are visited the most or the least, and how visitors browse through the website. All the information collected by these cookies is aggregated and is, therefore, anonymous. If you do not allow the use of these cookies, we will not know when you visited our website and we will not be able to assess whether it functioned correctly.

Personalisation cookies
Disabled Enabled

These cookies enable the website to provide a better functionality and personalization, allowing the user to access the service with some general characteristics predefined according to a series of criteria in his/her terminal such as, for example, the language, the type of browser through which he/she accesses the service, the regional setting from which he/she accesses the service, etc. This Category of cookies may be established by our company or by external suppliers whose services we have added to our pages. If you do not allow the use of these cookies, it’s quite possible that some of these services will not function correctly.

Advertising Cookies
Disabled Enabled

These cookies may include standard advertising cookies as well as behavioural advertising cookies. The former enables the effective management of advertising spaces based on criteria such as the edited content or the frequency in which the advertisements are shown. The latter are those established via our website by our advertising partners. These cookies store user behavioural information obtained via the continuous observation of their browsing habits, enabling the development of a specific profile to display advertising in accordance to it. If you do not allow these cookies, you will view less targeted advertising.