What we're doing

In order for you to be safe, we have taken the necessary steps to ensure a secure Internet banking environment.

We take your security seriously.

How we create a secure environment for online banking

Internet firewall

The Commerzbank online applications are segregated from the public Internet by a firewall. This acts as a filter that only lets data into Commerzbank online modules from the Internet if the data is authenticated as belonging to the application in question. Direct access from the Internet – hacking attacks – is rendered impossible.

Online applications are authenticated

When you connect to a Commerzbank online application, the Commerzbank system automatically identifies itself by means of a certificate issued by an independent authority. Your computer verifies the authenticity of this certificate before sending data to the Commerzbank system. The certificate guarantees that you are genuinely connected to the online system of the Commerzbank.

Authorising the access

In order to use online applications you must first log on. To do this you must enter your user ID or user name together with your PIN code or password. This identifies you as the genuine user and ensures no one else can obtain access to your data. If the logon details are keyed in incorrectly three times in succession, access to the online account is automatically disabled.

Confidentiality of data transfer, data integrity

All communication between your computer and the Commerzbank online applications is encrypted. The keys used are known only to your computer and to the Commerzbank system. For eavesdroppers, an encrypted message is no more than a string of apparently random characters.

The encryption prevents anyone other than you from deliberately changing the messages. And the Secure Socket Layer protocol in the online banking system effectively puts a stop to the possibility of strings being manipulated by random (“blind”) alteration of characters.

All transactions must be authorised

Each and every transaction has to be authorised by you. There are various methods of authorisation used by the Commerzbank online applications.

In the payment application Global Payment Plus, you authorise transactions with a digital signature which is read out for this purpose by means of your personal signature card using a USB stick. Please take care that your signature stick with the signature card as well as the related PIN are not accessible to other persons.

Only one session possible

The security concept ensures that only one session under your user ID may be active at any one time. If there is an extended period without activity during a session, the session is automatically closed down. The same applies if the connection between your computer and the application fails for any reason: the session is automatically terminated.

128-bit encrypted communication

Communication between your computer and the Commerzbank server is based on the Secure Socket Layer protocol (SSL). The degree of encryption security depends very much on how long the keys are. For maximum safety, the Commerzbank encrypts all communication using at least 128 bits. Decrypting a message like this on a normal computer would take several thousand years.

Your contact to us

We are happy to provide you with information (Mon – Fri, 8 a.m. to 6 p.m. - CET):

Service Hotline (English)
+49 69 136 805 27

Service Hotline (German)
+49 69 136 263 60

Safeguarding e-mail dispatch: Commerzbank Secure Mail

Nowadays e-mails are the most widely used form of business communication. However, they also represent a high security risk. This is why e-mail correspondence must be encrypted effectively.

Today it is indispensable to safeguard e-mail dispatch by efficient encryption methods. The following three methods have established themselves for this.

TLS: Minimum standard in Germany

TLS is the minimum standard in Germany, stipulated by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik (BSI)). For communication by means of TLS the servers of both the sender and the recipient must be TLS-compatible. Commerzbank has been using this method for several years now.

PGP and S/MIME: Certificates and keys take care of your security

PGP and S/MIME work with certificates and public keys. For these methods to function, the sender of an e-mail (in other words, Commerzbank) must have the recipient’s public key or certificate. The use of these individual encryption methods makes for a significant enhancement of security in comparison with the TLS method.

If the recipient of a Commerzbank e-mail does not currently have any of these methods at his disposal, Secure Mail offers another secure alternative for individual cases: dispatch as an encrypted PDF file which you open with a one-time password. The password is sent to your mobile phone by SMS.

Download public key / certificate

We explain Secure Mail

All information on this topic can be found in the film.

Your contact to our global branches