Home Page Navigation Contents Contact Sitemap Search

Can my e-banking account be hacked just using an IBAN number, address and copy of my identity card? No, but ...

With many types of fraud, attackers demand personal data such as your name, address and telephone number. In many cases, they also ask for an IBAN or request that their victims submit a copy of their passport or identity card.

Since bank security processes are improving all the time, attackers nowadays usually resort to social engineering. They obtain information by spying on their victims, deceiving and manipulating them, for instance using faked e-mails and websites.

When looking at existing e-banking accounts, such data are not really relevant to an actual fraud, but only serve to establish the victim’s trust and to underline an offer’s purported integrity. These cases might for instance involve some kind of reimbursement or profit distribution. It is not possible to withdraw money from your account just using an IBAN number and a copy of your identity card. It is however possible to exploit your IBAN, for instance when someone arranges for a direct debit payment using your IBAN when online shopping. However, this is not very lucrative for fraudsters, since you can object to payment orders with your bank for up to a year to have them posted back to your account.

As far as the collection of address data and copies of passport or identity cards in the context of applications for new accounts with foreign banks and credit institutions are concerned though, things are handled a bit differently. Once they have submitted an application using such address data together with a copy of a passport or identity card, fraudsters are successfully taken on by financial institutions. These scammers’ smartphones or computers are registered with the bank, so that two-factor authentification doesn’t pose any obstacles either. Fraudsters obtain full control over the account set up in the victim’s name and use such accounts for criminal activities. It is not the scammer’s name appearing in such cases then, but the one of the victim, so that charges are brought against the latter – something which can result in complicated and long-winded proceedings if proof is required that it wasn’t the victim who committed a crime, but that they fell victim to fraud instead.

Generally, you should be sceptical and cautious about passing on any personal details. If you notice any inconsistencies, you should immediately contact your bank and the police.


What else would you like to learn about security when e-banking?

Register for a course now
and learn more:

Online basic course

Find out about current Internet threats and some easy protective measures, and how to securely use e-banking.

further information

Online course mobile banking/payments

Find out about mobile banking, mobile payments and how to securely use these apps.

further information

Online course for the under-30s

Learn how to use your smartphone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

further information

Online course for SMEs

Is your organisation sufficiently secure? Learn which measures you can take to significantly strengthen your organisation’s IT security.

further information