CaixaBank Payments & Consumer will never ask you for any information by email 
involving your usernames, passwords or credit card information.

Phishing is a scam that involves impersonating a company, usually a financial institution, to obtain confidential information from customers, as well as their passwords.


How it works - examples

The attacks involve misleading emails, SMS or phone calls that impersonate the company in question.

The emails or SMS redirect to a fake website that mirrors the look of the original website. On this page, users are asked to enter their personal information and passwords, such as their card number, PIN or login credentials.


What CaixaBank Payments & Consumer is doing

CaixaBank Payments & Consumer will never ask you by phone, SMS or e-mail for information about your passwords, details or PINs. Not even to renew or activate a card.

CaixaBank Payments & Consumer will never ask you to contact us by calling 
telephone numbers other than the current ones.
Emails sent by CaixaBank Payments & Consumer are easily identifiable, 
they are sent from legitimate addresses @caixabankpc.com; @subdominio.caixabankpc.com


Precautions to take

You need to be wary and keep in mind that both the fake email and website can be very complex and sophisticated.



Fraudulent emails try to get your personal information. CaixaBank Payments & Consumer will never ask you for any information by email involving your usernames, passwords or credit card information.

Urgent messages that threaten to suspend your account or card if you don't provide your details immediately are a red flag. CaixaBank Payments & Consumer will never use email to contact you for this reason. Requests to confirm your personal details by email is another method used by scammers. CaixaBank Payments & Consumer does not use email to verify your personal information.

Spelling mistakes and other errors in the look of the email or website are an indication of their dubious origin.

Make sure the sender is legitimate. The URLs are usually very similar, but with a subtle change in the address.

If you have any questions, call Customer Service immediately on 900 101 601, Monday to Saturday from 9 am to 9 pm.



Precautionary measures

  • Use updated versions of browsers and operating systems.
  • Browse on known websites.
  • Don't leave computers or mobile phones unattended while they are connected.
  • Don't let programs run that download without your permission.
  • Determining the existence of hoaxes (misleading viruses). (For expert users).
  • Protect your personal, contact and financial data.

Recommendations for protecting data

  • Disable the save password and autocomplete options on your web browser.
  • Remain anonymous in terms of the personal and professional information you provide in 
    website forms that ask you for information. Provide real data only 
    when it is essential to obtain a service (for example: when shopping 
    or to receive a parcel by post).
  • Enter financial data only on secure websites (official and legitimate websites).
  • Don't use the same passwords on high-security systems (private customer area) and those with low security (subscriptions). que en los de baja seguridad (suscripciones).
  • Do not provide personal data on websites that do not guarantee compliance with the applicable laws (GDPR and LOPD) or that do not have a secure website (SSL).
  • Use an e-mail alias account (instead of the original) to access certain services that require you to enter an email address that exists. (For expert users).
  • When using public or shared computers, keep in mind certain basic protective measures: log out of sites, clear the cache...
  • Be very careful when providing sensitive information to unknown parties or when their identity cannot be reliably certified.

Software versions (Browsers and Operating Systems)

Manufacturers usually update their programs when bugs are identified by users. They also tend to enhance the security measures and it is important, both for the correct stability of the system and for your security in case of potential attacks, to install the recommended updates.



Browse securely

  1. You should not open emails from unknown senders Phishing
  2. You should not provide personal details or passwords/PINs Phishing
  3. You should not open files from unknown senders
  4. You should not write down passwords/PINs in any document.
  5. You should not use trivial or easily guessed PINs (e.g. 1234, 1111)
  6. Never trust giveaways or easily-won promotions, or reply to messages requesting urgent information Phishing
  7. You should have an antivirus, use it and periodically update it. You should also install anti-spyware to avoid spyware and unwanted advertising.
  8. You should keep your browser updated, and also install operating system patches Recommendations and precautions
  9. It is important to keep in mind certain measures to protect your PC Recommendations and  precautionary measures
  10. You have to stay informed about security in general when using the internet



CaixaBank Payments & Consumer will never ask you for any information by email involving your usernames, passwords or credit card information.






Digital document issued by an independent entity that guarantees the identity of systems and people on the internet. The security of the certificate is protected by cryptographic techniques. 



Any programme with an annoying, malicious or illegal intent. They are generally 
designed to be executed without the user's intervention.



Set of letters, figures and symbols, or even phrases, used to authenticate users in a computer system. For passwords to be effective, they have to be selected such that they are difficult for an attacker to guess.


Correos encadenados

Son mensajes de correo electrónico en los que se pide que el mensaje sea enviado a más gente para que estas personas también los reenvíen. Es una de las posibles fuentes de problemas con el correo electrónico, ya que a menudo llevan noticias falsas, pueden ser portadores de virus, etc.



Discipline that deals with the security of the transmission and storage of 



Type of malicious code whose main characteristic is that it copies itself from one system to another via the internet.


Denial of service

Computer attack that, while not affecting the information contained in a system, leaves it unable to provide any services. The denial can be achieved by saturating or overloading the servers.


Social Engineering 

Techniques that attempt to breach the security of computer systems by deceiving their users and/or administrators. Most social engineering techniques are similar to scams.



Spyware programs are malicious or misleading applications that are installed together with other programs that the user downloads. This type of program can execute multiple actions. 
Some are used to gather information on the system in which they are installed, which they 
send via internet; others constantly display undesired ads or modify the pages viewed to include links that were not in the original. All these actions are masked with confusing authorisations, meaning the user is not usually aware of this.


Content filtering

Set of technologies that allow the information transmitted via the internet to be filtered. Content filtering is used to block viruses sent by email, to control minors' access to the internet, etc.



Information sent by an internet server to the web browser that is used later on subsequent connections. They can be used for legitimate purposes, such as to identify users, and for malicious ones, such as the unauthorised storage of browsing habits.



Computer attack in which the attacker manages to get complete control of the  computer. During the intrusion, the attacker can access and alter all the data on the  computer, modify its operation and even attack other computers.



Unwanted commercial email sent via the internet. The volume and content of spam can make it considerably more difficult to use email services.



Phishing attacks rely on misleading emails and fraudulent servers to trick users of internet services. In the case of financial institutions, the goal is to try to make users disclose their data, such as their credit card number or PIN. More information on Phishing.


Proxy or intermediate server

Computer system whose mission is to act as an intermediary between one system and another through the internet. The roles of a proxy include speeding up internet access, filtering the content accessed and protecting systems by preventing direct communications. 


Electronic signature

Digital information associated with a specific transaction carried out online that, together with  certificates, is used to identify the participants in the transaction.



Computer system that controls which machines and services in a network 
can be accessed. It can be a specialised system or an installed program 
(personal firewall). When this check involves the information transmitted and not 
just on the connection, the system used is a proxy.



Malicious code camouflaged inside another program that seems useful and harmless. Trojans can be hidden inside known programs, meaning the software has to come from a reliable source.



This is the best-known type. It is a program that is copied inside other programs and tries to reproduce itself as many times as possible. Although this is not always the case, most often the virus, in addition to copying itself, alters or destroys the information of the systems where it is run.



The encoding of data using various mathematical techniques to ensure 
it can be transmitted securely.

EC brochure: on the rights of payment service users pursuant to PSD2



Ahora ya puedes actualizar tu información de cliente mediante SMS / RCS a través del canal verificado de CPC. 

Desde CaixaBank Payments & Consumer se ha habilitado un canal de comunicación de RCS (Rich Communication Services) para actualizar la información de actividad económica y conocimiento del cliente, con el objetivo de cumplir con la Ley 10/2010 en materia de prevención de blanqueo. 



¿Cómo comprobar que se trata del canal verificado de CaixaBank Payments & Consumer?. 

  • Utilizamos un canal verificado de CaixaBank Payments & Consumer en el que estará visible el check de verificación.


Además, para garantizar la seguridad de tus datos hemos adoptado las siguientes medidas: 

  • No te pediremos que te descargues ningún contenido ni aplicación.  
  • No te pediremos que te loguees en ningún entorno o uses tus claves de acceso a CaixaBank Payments & Consumer o CaixaBank Now en ningún momento.  
  • Se harán dos comprobaciones previas a mostrar ningún dato para asegurarnos de que estamos contactando con la persona correcta. Si se detecta que no es el cliente con el que queremos contactar se parará automáticamente el proceso, no mostrando ningún dato.  
  • Una vez hayamos comprobado tu identidad mediante los 4 últimos dígitos de tu DNI, no te pediremos que nos proporciones datos directamente sino que te mostraremos los que tenemos tuyos y te pediremos que lo confirmes, completes o actualices. 
  • Incluiremos información de contacto de CaixaBank Payments & Consumer para que puedas verificar que el mensaje recibido es legítimo. 

La normativa vigente en materia de prevención de blanqueo de capitales y financiación del terrorismo obliga a los establecimientos financieros de crédito a mantener actualizados los documentos e información de sus clientes. Este servicio tiene el objetivo de ayudar a la entidad a mantener la información de actividad económica y conocimiento de los clientes actualizada.  

Te recordamos que este canal está configurado para actualizar la información de actividad económica y conocimiento del cliente (KYC), pero si necesitas contactar con nosotros puedes hacerlo a través de los siguientes canales:   

En tu área privada de la web o app de CaixaBank Payments & Consumer   

Atención al cliente 900 101 601  

A través de nuestra cuenta de Twitter: @CABKPC_RESPONDE