Security for your online banking

Reduce the risk of cybercrime in your online banking business with appropriate security standards. We give tips and current warnings.

In the event of suspected fraud or theft or loss of cards
, Blocking online banking access, accounts and cards

Blocking access to the corporate client portal (digital banking)

In the digital banking environment

Log in, click on the “My data” tab and then on “Block access”.

Via the phone

Contact your corporate client adviser or call our corporate clients hotline at +49 69 1368 0527 (English) or +49 69 1362 6360 (German) - Monday – Friday, 8:00 AM – 6:00 PM.

Or call our blocking hotline at +49 69 5050 2786. We’re available 24/7, worldwide. A customer service representative will process your request to block access.

Blocking your corporate credit card (only in German)

Blocking your girocard (only in German)

Blocking your photoTAN

You can block your photoTAN yourself in our digital banking environment. The block is effective immediately. For security reasons, we recommend that you block your photoTAN procedure in the following cases: if you have lost or sold your smartphone, or you suspect misuse.

In the digital banking environment

  1. 1.Log in to access your TAN settings.
  2. 2.Click on “Manage” in the “photoTAN” line.
  3. 3.Then click twice on the “Block photoTAN” button to confirm blocking of the photoTAN procedure.

Please note: if you are using several user numbers, carry out the process separately for each user number as described above.

Via the phone

Contact your corporate client adviser or call our corporate clients hotline at +49 69 1368 0527 (English) or +49 69 1362 6360 (German) - Monday – Friday, 8:00 AM – 6:00 PM.

Or call our blocking hotline at +49 69 5050 2786. We’re available 24/7, worldwide. A customer service representative will handle the process of blocking your photoTAN functionality.

What we do for you
, Security standards & cyber crime

Covering all bases – from authentication to encryption: Commerzbank security standards and useful information on cybercrime and social engineering

Authentication of online applications

Whenever you connect to a Commerzbank online application, the Commerzbank system automatically identifies itself via a certificate issued by an independent authority. Your device will not send data to the Commerzbank system until the authenticity of this certificate has been verified. The certificate guarantees that you are connected to the legitimate Commerzbank online system.

Access authorisation

You have to log in to use the online applications. This means that you must enter your user ID or username together with your PIN code or password. This serves to verify your user identity; no one else can gain access to your data. If incorrect access data is entered three times in a row, access to the online account is automatically blocked.

Confidentiality of data transfer – data integrity

Data exchange between your device and the Commerzbank online applications is fully encrypted. The encryption keys used for this are known only to your device and the Commerzbank system. For data spies, an encrypted message is merely a meaningless string of characters.

Encryption prevents third parties from changing the transmitted messages. And thanks to the Transport Layer Security (TLS) protocol used in the online banking system, the risk of manipulation by means of arbitrary tampering with characters is effectively eliminated.

All transactions must be authorised

Every single transaction must be authorised, i.e. approved, by you. In terms of Commerzbank’s online applications, you authorise transactions using the photoTAN app on your smartphone and/or the photoTAN reader.

Only one session

Our security concept ensures that only one session at a time can be opened with your user ID. If there is no activity for an extended period during your session, it will be automatically terminated. The same applies if an error occurs for any reason whilst your device is connected to the application, in which case the session is ended automatically.

Data traffic with 128-bit encryption

Data exchange between your device and the Commerzbank server is based on the Transport Layer Security (TLS) protocol. The level of encryption largely depends on the length of the keys. To ensure maximum security, Commerzbank encrypts the entire data exchange with at least 128 bits.

Latest warnings

Unprotected data is like an open invitation for criminals.
Currently, we are issuing warnings about:

Phishing

Social Engineering

Anlagebetrug

CEO Fraud

Payment Diversion

Ransomware

What you can do to protect yourself

What you can and should do to enhance your online security.

Keep your PIN, generated TANs, and the photoTAN graphic confidential

Anyone who knows your user ID and PIN code can log in under your name. If such individuals also know your current generated TAN or your photoTAN QR code, they will be able to debit payments from your accounts and dispose of your portfolios. Therefore, please observe a few simple rules:

  • Never share your PIN code for online applications with anyone. No Commerzbank employee will ever ask you for your PIN or request you to e-mail this number or other personal data such as your name, address or account number. Do not photograph your photoTAN QR code, nor share it with anyone. The same applies to generated TANs. They are intended for you only.
  • There has been a recent surge of fraudsters sending e-mails from legitimate company addresses, asking recipients to log onto a specific website by clicking on a link in the e-mail. These e-mails usually seem highly plausible and the websites in question closely resemble the genuine ones. Fraudsters use this scam (called “phishing“, or “password fishing”) to obtain your access data. To play safe, never click on links in e-mails that purportedly lead straight to Commerzbank login pages. Always log in through the Commerzbank homepage, or manually enter the website address.
  • Do not save your PIN code or your photoTAN QR code on your computer (not even in financial or accounting software) or on your smartphone.
  • If you have reason to think that the confidentiality of your access data has been compromised, please disable your access immediately and notify your Commerzbank branch or our Customer Service.
  • If you know you will not be using the Commerzbank applications for some time, you might prefer to disable your online access as an additional safeguard against unauthorised use.

Check the internet address

When you launch your online application, always check that you are connected to the right internet address.

The address must begin with the https protocol – not http – and the closed lock icon should appear in the status bar at the bottom of the browser. Never enter confidential data (especially your PIN code and password) without first verifying that the URL is correct (starting with https:) and encryption is activated (locked padlock icon).

Check the internet certificate

You can verify the server certificate by double-clicking on the padlock icon in the status bar of your browser to ensure that you are connected to a Commerzbank server.

The certificate must be issued for Commerzbank AG and be signed by an independent certification authority

Always log off

Make it a habit to log off at the end of your session. By clicking on the appropriate button, the browser window will be closed.

Access from third-party environments

When using Commerzbank’s online applications in environments where your privacy isn’t fully protected, it’s important to follow a few additional basic rules:

  • Never leave the computer unattended during an active online session. If you do have to leave the PC, first close the application or activate a password-protected screen saver.
  • When entering your login data, be sure that your keyboard inputs are not being recorded or observed by others in any way.
  • Extra caution is required when using public Wi-Fi networks. Such networks are generally not encrypted. In the worst case, your device could become infected with malicious software.