Security

Security 

Ziraat Bank International AG

Digital banking makes your life easier: You can make transfers anytime, from home or on the go. At the same time, however, using the internet and mobile devices also brings certain security risks.

Ziraat Bank International AG uses state-of-the-art security technologies (TLS 1.3, 256-Bit-AES encryption, multi-factor authentication) to ensure that your data cannot be viewed or modified by unauthorized persons.

Nevertheless, your attention is your most important protection. With the following rules and information, you can effectively protect yourself from fraud.

1. Basic Safety Rules

  • We never ask you for your PIN, password, TAN or other confidential information via email, SMS, telephone or social media.
  • To access your account, please use only www.ziraatbank.de or our official mobile banking app.
  • Do not conduct banking transactions over public Wi-Fi networks (e.g., in cafes, train stations, or airports).
  • Use your banking password only for online banking; not for email or other internet services.
  • Use strong passwords: At least 12 characters, a combination of upper and lower case letters, numbers, and special characters. Change your password regularly.

Strong Customer Authentication (SCA) According to PSD2

The European Payment Services Directive (PSD2) requires every customer to identify themselves with at least two independent security factors. This is called "Strong Customer Authentication" (SCA).

These factors are:

  • Knowledge → something that only you know (e.g. password, PIN).
  • Possession → something that only you have (e.g. your smartphone with the banking app or a TAN generator).
  • Biometrics → something that you are (e.g. fingerprint or facial recognition).

For access and each transfer, at least two of these factors must be combined (e.g. password + SMS-TAN).

2. Modern Threats & Protective Measures

Phishing (fake emails & websites)

  • Here's how it works: Criminals send e-mails that look like they're from your bank. They contain warnings like "Your account has been locked." A link leads to a fake login page.
  • Risks: Your login credentials could be stolen and used for unauthorized transfers. Data could be sold on the dark web. There's also the risk of identity theft (e.g., fraudulent loan applications in your name).How to protect yourself: Don't click on links in e-mails, always type in the internet address yourself, and look for https:// and the lock symbol in your browser.

Smishing (SMS Fraud)

  • Here’s how it works: Fraudsters send SMS messages with alleged security warnings (“Suspicious transfer detected”) and link to fake websites.
  • Risks: Intercepted access data and TANs enable real-time transfers that can hardly be stopped.
  • How to protect yourself: Don't open links in text messages. Check the sender carefully.

QRishing (Fake QR Codes)

  • Here’s how it works: Criminals alter QR codes on posters, menus, or websites. Scanning them leads to a fake page or a fraudulent payment screen.
  • Risks: Installation of malware, theft of bank data, unnoticed payments.
  • How to protect yourself: Only scan QR codes from trusted sources (e.g., your bank app).

Malware & Fake Apps

  • Here's how it works: Fake apps or malware are installed via unofficial stores or manipulated e-mail attachments. Some record keystrokes or modify the banking app.
  • Risks: Permanent remote access to your device, undetected transactions, misuse of your contacts for further fraud attempts.
  • How to protect yourself: Only download apps from official stores. Don't open unknown email attachments. Keep your security software up to date.

Deepfake & Phone Fraud

  • Here's how it works: Fraudsters use artificially generated voices or videos to impersonate bank employees. Under time pressure, they demand that you authorize a transfer immediately.
  • Risks: Repeated unauthorized payments, persistent breach of trust, identity theft.
  • How to protect yourself: End suspicious calls immediately. Always call the bank back yourself using the official number.


Other Types of Fraud

  • CEO Fraud: Perpetrators pose as bosses or business partners and demand payments.
  • Romance-/Investment Fraud: Establishing a personal relationship or false investment transaction to make monetary demands.
  • Risks: High financial losses, identity theft.
  • How to protect yourself: Check plausibility, and if in doubt, contact your bank or the police.


3. Technical Safety Recommendations

  • Always keep your operating system, browser and apps up to date.
  • Use reliable antivirus software and a personal firewall.
  • Protect your smartphone/tablet with PIN, fingerprint or Face ID.
  • Avoid rooting or jailbreaking as this disables security mechanisms.
  • Never save your PIN or TAN on your device.
  • If necessary, use a password manager to securely manage complex passwords.

4. Transaction Security

  • Please check the recipient name, IBAN and the amount carefully for each transfer.
  • Set daily or weekly limits to limit the risk of misuse.
  • If possible, use different devices for the banking app and TAN release.
  • According to PSD2, every transaction is confirmed by two factors – your protection against misuse.

5. Behavior In an Emergency

If you receive a suspicious email, text message or call, or suspect misuse:

  • Change your online banking password immediately.
  • Block cards via the central emergency number 116 116 (Germany) or via our hotline.
  • Call our customer service: 069-29805777 .

6. Legal Notice

  • The bank assumes no liability for damage caused by improper use or tampered devices.
  • These guidelines are regularly reviewed and updated.
  • As of September 2025