How secure is your Mobile Banking service?
We’re committed to providing you with a secure Mobile Banking experience. We use industry-accepted security practices to safeguard your personal financial information, and we’re constantly assessing our website and mobile app security.
We use a multi-layered security approach (defence-in-depth) to protect all personal data including security controls at the network level (firewalls, intrusion detection services, and network segregation), operating system level (operating systems are patched and kept up-to-date, systems are hardened to reduce vulnerability exposure), and database level (data access is restricted and the principle of least privilege is applied).
How is the communication with your Mobile service secured?
Communication between your computer/phone and the Mobile Banking service is encrypted using a secure Extended Validation (EV) SSL/TLS connection (using 256-bit AES and 2048-bit RSA).
All our servers are monitored by our internal security team and periodically audited by reputable security providers to ensure that any identified risks are dealt with immediately.
How secure is your Mobile Banking server infrastructure?
Our server infrastructure is hosted with an ISO27001-certified reputable third-party co-location provider and access to this infrastructure (e.g. application servers, database servers, networking equipment) is tightly controlled to ensure that access is only granted on a need-to-know basis and separation-of-privilege is implemented. Our server infrastructure is protected by industry-grade firewall services and intrusion detection services to detect and identify any potential intruders and incoming attack attempts.
We back up regularly and these backups are securely stored and protected. All systems accessing your data are also adequately protected using end-point security controls (e.g. anti-virus/malware, firewall, etc.).
What security measures protect my user account?
To access the SweepBank app, you will need to choose a 6-digit PIN Code for each mobile device. Each PIN Code is linked to that specific device for increased security. Your PIN isn’t saved on our servers or on your device.
Which devices are supported?
The SweepBank app is available for both iOS and Android via the App Store and Google Play.
The minimum versions currently supported are:
Please note the app is not supported on tablet devices
How secure are my accounts and transactions?
The SweepBank app services provide end-to-end encryption to secure transactions while in transit. Your user accountis also protected with a device PIN Code for the App. This PIN code e is known only to you, and only you can access your account and authorise payments. A second level of authentication is required to sign transactions and/or instructions before they are submitted to the Bank.
What can I do to protect my information when using the SweepBank App?
- If you haven’t already, make sure your device is protected with a PIN or password – this gives you an additional security layer in case your device falls into the wrong hands.
- Log out of your SweepBank app session via the ‘Logout’ menu option when you’re finished.
- Don’t share your device PIN Code with anyone, and don’t write it down anywhere.
- Make sure nobody is watching when you enter your PIN Code.
- If you think someone may know your PIN Code, change it immediately:
- Use the ‘Change PIN’ option in the ‘My Card’ option of the SweepBank App menu, or
- Call Customer Support and request your device to be unlinked.
- Don’t log into your account on anyone else’s device.
Will customer service ever ask me to provide my Access Code or PIN Code?
No – our Customer Support team will never ask you for your SweepBank app PIN. You should never give that information to anyone – including us!
Can I send payment instructions via email?
No. Email is not a secure channel and, therefore, you should never use it to send payment instructions.
Are my account details stored on my device?
No. SweepBank does not store any account details or customer data on your device or within the App.
When you log in, a secure encrypted connection is made to our servers and your data is downloaded to your App. When you log out, this data is automatically wiped from your version of the App and your device. That’s why it’s important to log out when you’re finished – your log in will timeout eventually, but it’s best to be safe.
How do I know if I am downloading the real SweepBank app?
Only download mobile apps from the official App Store or Google Play, and make sure the official publisher of the app is Ferratum.
The official SweepBank app can be downloaded by visiting https://www.sweepbank.com/app
If you think an app claiming to be ours is suspicious, please get in touch.
What is an Extended Validation (EV) SSL/TLS certificate?
This is a security tool which provides the strongest encryption level available and identifies a website as genuine. It’s what the little green padlock in your browser address bar means – if you see the green padlock, and the ‘Ferratum Bank plc. [MT]’ text before the URL, you’re in the right place!
An EV SSL/TLS Certificate means that the owner of the website (in this case, FerratumBank) has passed a thorough, and globally standardised, verification process. To get this certificate, a website needs to prove it has exclusive rights to use a domain, confirm its legal, operational and physical existence, and prove the entity has authorised the issuance of the Certificate.
What is encryption and how does it protect my information?
Encryption scrambles information being sent across the Internet. It makes sensitive information unreadable while its being sent, then when it arrives at the other end, it is decrypted back into a readable form. It stops malicious hackers reading that information if they can intercept it. It’s pretty cool James Bond-type technology actually!
What is phishing?
Phishing is an email scam that tries to get customers to disclose their sensitive information such as account numbers, passwords, PIN numbers, Social Security Numbers (SSN), etc. An email asking for this information may look authentic but it’s not from your bank. We will never ask you for sensitive information such as this in any emails.
What can I do to protect myself against phishing?
You should always be cautious about suspicious emails. If you don’t like the look of an email don’t follow any links it may contain. If you suspect an email from Multitude Bank isn’t genuine, please let us know and we’ll be able to check if it came from us or not.
What is the Depositor Compensation Scheme?
Important information about the Depositor Compensation Scheme :
Multitude Bank is a member of the Depositor Compensation Scheme (‘the Scheme’) established under the Depositor Compensation Scheme Regulations, 2015 (‘the Regulations’). The Scheme is managed and administered by a Management Committee, which is composed and regulated by the provisions of regulations 3 and 5 of the Investor Compensation Scheme Regulations, 2015. In case we are unable to meet our obligations towards you or have otherwise suspended payment, the Scheme pays compensation up to a maximum amount established by law (currently set at a maximum of euro 100,000 or its equivalent in any currency of a depositor’s total deposits held with us), subject to the limitations imposed by the Scheme. In any such event, our net liability towards you is the aggregate of all accounts in your name in euro or other currency, less any amounts due to us (such as loans).
In addition to the protection described above, deposits may be protected in some cases up to a maximum of €500,000 for six months after the amount has been credited or from the moment when such deposits become legally transferable. In order to qualify for such higher protection, a deposit in excess of €100,000 must meet any one of the following additional criteria:
(A) it comprises: (i) monies deposited in preparation for the purchase of a private residential property by the depositor; or (ii) monies which represent the proceeds of sale of a private residential property of the depositor; or
(B) it comprises sums paid to the depositor in respect of: (i) a separation, divorce or dissolution of their civil union; or (ii) benefits payable on retirement; or (iii) a claim for compensation for unfair dismissal; or (iv) a claim for compensation for redundancy; or (v) benefits payable for death or bodily injury; or (vi) a claim for compensation for wrongful conviction.
For further information about the Scheme (including the amounts covered and eligibility to claim) please call us or refer to the:
Compensation Schemes Management Committee
c/o Malta Financial Services Authority, Notabile Road, Attard BKR 3000, Malta. Tel: (+)356 2144 1155; E-mail: [email protected]
What advice can you give customers to avoid bank account fraud and scams?
At Multitude Bank, we take our customers privacy, security, and data seriously, and we work hard to protect our customers from scams and cases of fraud.
Please read the following link to familiarise yourself with some of the typical scams to be aware of and how to avoid becoming a victim of a scam or fraud: https://mymoneybox.mfsa.com.mt/scam-warnings/typical-scams
If you think you may have been involved in a scam or case of fraud, please contact our customer service team immediately.