BNP Paribas Information Security Tips

In order to ensure online safety, it is recommended that this informational help page is periodically reviewed in order to remain abreast of any evolving security threats or changes in security procedures.

Keeping Private Information Safe

Usernames, Logins and Passwords

It is of utmost importance that login credentials are secured as these constitute the entry-points to BNP Paribas platforms. The following guidelines can assist in keeping your private information safe:

Many browsers contain auto-complete functionality. Whilst this saves time for the user, it also allows unauthorised individuals to log into your account if your computer remains unlocked and unattended. BNP Paribas recommend that you disable your web browser’s auto-complete functionality.

Whatever the circumstances, never communicate your PIN/secret code to anyone (including BNPParibas support teams) and make sure nobody knows it.

Last but not least, if you lose or believe you could have lost your token, please contact BNP Paribas Client Service Desk as soon as possible so that we can disable your token.

Authentication Devices

Should you be issued with authentication tokens or one-time passwords sent to mobile device, please ensure that these devices are kept secure at all times.

Do not communicate by phone or to an unknown email address the serial number written behind the token, even if claiming to be from a support team, unless yourself have contacted a relevant support team earlier for a PIN reset or card synchronization issue. In that later case, it is OK to communicate the serial number to BNP Paribas Client Service Desk for action.

In any case, do not paste or write anything on the SecurID token!

Logging Out

If you are away from your computer for an extended period of time, please ensure that you log out of all running applications. It is highly recommended that browser applications are closed fully after using any BNP Paribas platforms.

Viruses and Spyware

Anti-Virus software, anti-spyware software, and personal firewalls should be installed and continually kept active on your computer. Security patches and virus definitions should be periodically installed and updated in order to ensure that any bugs and security loopholes are closed.

Your Personal Information

Please keep your relationship manager updated with accurate details of your personal information.

Avoiding Fraud

Verifying the BNP Paribas Website

Navigating to the BNP Paribas website should always be done through known hyperlinks. Please read the address bar/URL carefully and always ensure that the start of the URL begins with: For instance, the BNP Paribas corporate site begins with: and the BNP Paribas Global Markets site begins with:

Another method of verifying the authenticity of the BNP Paribas website is to check the digital certificate for websites that begin with “https”. Certification Authorities (such as Verisign or Geotrust) are trusted third party issuers of digital certificates which verify that the website URL is a genuine site of the company or business in question. Click on the padlock next to the URL to see details of the Certification Authority:


Trusted Computers

Do not conduct any transactions through public or shared computers.

Fraudulent Emails and Websites

Remain vigilant for suspicious emails and websites that attempt to use deceit in order to reveal sensitive information. BNP Paribas will never ask you for private information by email and will not send e-mails with embedded hyperlinks to transactional websites.

Also, please be aware that in some email applications such as Microsoft Outlook, a text hyperlink may be displayed but actually clicking on the hyperlink may direct you to another website. This is known as phishing. Phishing websites are designed to look identical to genuine websites. Additionally, some emails may contain image files that appear to look like text. Hovering over the image and clicking may lead you to a phishing website. Ensure that the guidelines for verifying BNP Paribas websites (above) are followed.

We are here to help

Should you suspect any unauthorised access or have any outstanding queries regarding Information Security, please promptly contact your relationship manager or support team. You can reach the Electronic Client Solutions Group, which is available 24 hours a day on: