Keep your valuable documents in a safe place, destroy important financial information and keep your contact details up to date with the bank. Carefully check all your statements on a regular basis. If the origin of any emails, SMS messages or phone calls you receive is unknown, do not provide any information about your personal data, contact details and/or access codes.
Stay alert on social media and in online games. These may be a means to fraudulently obtain personal data, contact details and/or access codes.
Keep your card in a safe place and do not allow others to use it
Do not tell anyone your PIN and do not make a note of it
Always memorize your PIN and keep it separate from your card
Do not share the numbers in your password with anyone and make sure you change them regularly
When choosing a password, do not use your birthday, age or any other information that can be obtained from stolen data.
Remain vigilant against unexpected or suspicious calls and emails, and never disclose your card details or PIN number
Do not share information about your card or bank account
Always store your card and card details in a safe place and only shop on trusted websites
Never make a note of your PIN or password
Carefully check your card statement on a regular basis.
Wherever you are, your credit card is protected.
Whenever you receive an SMS from Best Bank containing transaction data, read the message carefully and always check the information in it.
If the transaction indicated in the SMS message was not carried out by you, do not share the code included in the message with anyone, and do not enter it on any website or in any message.
Remember the main precautions when using email if you receive any suspicious messages: Do not reply to suspicious emails and do not perform any actions you might be prompted to (e.g. opening attachments). Do not follow any links in the message and do not forward the message.
Strong authentication is one of the major changes brought about by Payment Services Directive 2 (PSD2), which was created to standardize the European payment market and increase the security of electronic transactions. Strong authentication rules apply to banks, equivalent service providers (e.g. fintechs) and online merchants.
Strong authentication is compulsory throughout the European Union for online transactions. Similar to when you access the website or the app, strong authentication is also essential when you make an online purchase.
The goal is to make transactions more secure by verifying your identity through 2- or 3-factor authentication:
Something the customer has (e.g. their smartphone);
Something the customer knows (e.g. a password);
Something the customer is (e.g. fingerprint or facial recognition).
Strong authentication factors are required when:
Making an online purchase in the European Union;
Entering your card details on a website for future payments even if you do not make a purchase at that time (e.g. online supermarkets, Netflix or Amazon, or even on ride-hailing apps like FREE NOW, Bolt and Uber).
To continue shopping online smoothly and with even more security:
Ensure that your contact details are up to date at Best, especially your Additional Security SMS cellphone number;
Install the MB WAY app and link your Best cards to your smartphone;
Ensure that your cards are linked to the 3D Secure service: on the website, go to For the Everyday > Cards > Online Purchases, or contact the Bank if you have any questions.
Whenever you enter your Best card details to make purchases on secure merchant websites identified with the 3D Secure or Verified by VISA symbol, you will see a message that will give you the authentication method for that transaction.
The purchase process will involve 3 steps:
Entering your card details to make the transaction;
Securely authorizing the purchase in the MB WAY app;
Returning to the platform where you were making the purchase, checking that the payment was authorized and completing the transaction.
Note that some merchants may still use SMS as an authentication method.
On merchant websites that do not use 3D Secure/Verified by VISA to ensure greater security for your transactions, use the MB NET service to generate temporary virtual cards that are linked to your real card. This way, your actual card details are never made available.
Here at Best we want to simplify the way you use your Bank with the greatest possible security at all times.
We apply a number of security rules to detect behaviors that are considered "non-standard" and, as such, we may ask you to further verify your identity through these strong authentication systems. These measures are intended to prevent scares and problems in your life.
Remember that you can use the Best Bank app to manage your cards in real time: freeze, unfreeze, cancel, order card replacements, report lost cards, and more.
If you suspect an "unknown" operation on your account, you should contact Best via the Best Bank app, the website or the Customer Support Line.
A user code is a unique code that Best Bank assigns to each person as a way of identifying them. Access and trading passwords are assigned by the Bank when you open an account and are personal and non-transferable. Users can change their access password so that it's easier to remember.
Your user code and access password allow you to access Best Bank as a registered user. To do this, you must navigate to the login area and enter these access codes. In order to enhance security at Best Bank, when performing any transaction you will need to enter a second password — your trading password. For security reasons, after exceeding the number of permitted attempts (5), your passwords will be blocked and you will need to call (+351) 218 505 775 (business days from 8 am to 8 pm) to request that the password be unblocked (only possible for access passwords) or that a new password be issued.
Opening an account online: When opening an account through the website, the primary account holder will be able to set the access password immediately. The trading passwords for all account holders are issued and sent by mail once the account has been activated, and access passwords for the remaining account holders are issued and sent by mail two days after the trading passwords are sent.
Opening an account through Best Investment Centers: When opening an account through Best Investment Centers, the trading passwords for all account holders are issued and sent by mail shortly after the account has been activated and access passwords are issued and sent by mail two days later.
To change your access password, go to My Account > Security > Change access password.
To be issued a new trading password, please call (+351) 218 505 775 (business days from 8 am to 8 pm).
If you have forgotten or lost your access codes, please contact us immediately on (+351) 218 505 775 (business days from 8 am to 8 pm) for your situation to be resolved as soon as possible.
To ensure that a website is secure, data is typically said to be encrypted. Encryption is the science of concealing information through coding processes, and restoring that information to its original state through decoding processes. Encryption technology allows data to be sent securely over a public network such as the Internet, as the transmission of data is encoded using a mathematical algorithm. Each character will therefore be transformed into another character, for example, the letter A transformed into D, the letter B into F, the letter C into 3, etc. To anyone not in possession of this algorithm, all transmissions will resemble an indecipherable set of characters. The level of security for the encryption technology is measured in terms of the length or size of the encryption key used. In other words, the larger the encryption key, the greater the number of attempts, and therefore time required, to decode a message without using the correct key. The size of the encryption key is measured in bits, whereby one bit corresponds to one character. At Best Bank the encryption key length is 1024 bits, so an infinite number of attempts are required to detect the correct encryption key.
The encryption of data using cryptographic techniques presupposes the transmission of data between two entities. The issuing entity encodes the data using a specific key (mathematical algorithm), making it unreadable, and then sends it. The receiving entity will then decode the message using the correct key. If the receiving entity does not have the correct key, it cannot read or use the data included in the message. There are generally two types of cryptographic algorithms:
Symmetric-key, or conventional, algorithms, where there is only one key to encrypt and decrypt.
Asymmetric-key, or public-key, algorithms, where there are two different, mathematically related keys (public key and private key).
In asymmetric-key algorithms, there is an exact match between a particular public key and a particular private key, which means that:
Any information encrypted by the private key can only be decrypted by the corresponding public key (of the pair).
Any information encrypted by the public key can only be decrypted by the corresponding private key (of the pair).
At Best Bank, we use the public key encryption process, where two keys (a public key and a private key) are required for a sender and a receiver to exchange information in a secure environment. This encryption process is regulated throughout the European Community by Directive 1999/93/EC of 13 December 1999, and in Portugal by Decree-Law 375/99 of September 18, 1999 and Decree-Law 290-D/99 of August 2, 1999, and provides the following advantages for its users:
In a public-key encryption system, if one key is used to encrypt a message, then the other key will be used for the reverse process, i.e. decryption. Because the public key/private key pair is linked mathematically, it is computationally impossible to derive the content of one key using knowledge of the other. This allows the private key to be protected from duplication or distortion, for example, even if the content of the public key is known. It is therefore safe to openly distribute the public key for all purposes, but it is essential that the private key remains secret and safeguarded. For example, if someone sends you an encrypted message, that sender can encrypt the content with the public key, and because you are the only person who has access to the corresponding private key, you are also the only person who can decrypt the original message. Anyone could send you an encrypted message if the public key is known, but in any case only you could decrypt and read that message, so even if someone knows the public key, they can only use it to send a message that only you can read.
In addition to privacy and security, using a public key encryption system also ensures authentication of information. Authentication is the process of validating a particular message. Authentication allows you to confirm the sender's identity, the date and time the message was sent, and the content of the message, thus ensuring the authenticity of a given message. The sender must use their private key to encrypt a message, thus generating a digital signature. Once the digital signature is generated, it is linked to the message and both are sent to the recipient. Note that the digital signature is unique to the message and the private key that created it, and therefore cannot be forged. Upon receipt of the message, the recipient then uses the public key corresponding to the sender's private key, which will then decrypt the original digital signature, and the recipient can access the original message. The recipient can therefore certify that the message received was not altered during transmission, that it was actually the sender that sent the message and not someone else who has maliciously or allegedly assumed their identity, and that the date and time indicated in the message are true.
A secure session means a set of transmissions where content will be encoded prior to sending. You are in a secure session when you are making a transaction in funds and stock at Best Bank or when you are entering your access codes. Any browser, including Internet Explorer and Netscape, can be configured to prompt you when to start or end a secure session. Even without configuring your browser, you can identify a secure session by checking the website address at the top of the page, where you should see "https" instead of "http" or an image of a closed padlock or an entire key.
If you leave your devices (computer, tablet, smartphone) connected with your access password entered, nobody will be able to make transactions, as you will need to enter your trading password to finalize a transaction. You should never leave your devices connected after entering your trading password, and without completing your transaction. Even if your session is interrupted for a short time, there is always the risk that someone will complete the transaction on your behalf.
No, each account holder will have their own access codes and their trading password will be sent to the postal address indicated. Although the account is combined, each account holder has full autonomy to use whichever security mechanism suits them most.
Certipor - Sociedade Portuguesa de Certificados Digitais
Digital certification company, which provides digital certificates to individuals and companies.
SIBS - Sociedade Interbancária de Serviços
Provides cooperative services in the general interest of the banking system, offering technological payment solutions and other associated services.
World leader in Internet security, namely encryption and authentication.
ITIJ - Instituto das Tecnologias de Informação na Justiça
Public body responsible for the study, design, conduct, implementation and assessment of information plans on the activities of bodies, services and organizations within the field of justice.