Security

More safety with Commerzbank online applications
The Commerzbank operates a special security concept to create a safe environment for our clients to enter and transfer their personal data.

The concept includes a variety of aspects:

How we create a secure environment for online banking:

Internet firewall
The Commerzbank online applications are segregated from the public Internet by a firewall. This acts as a filter that only lets data into Commerzbank online modules from the internet if the data is authenticated as belonging to the application in question. Direct access from the internet - hacking attacks - is rendered impossible.

Online applications are authenticated
If you connect to a Commerzbank online application, the Commerzbank system automatically identifies itself by means of a certificate issued by an independent authority. Your computer verifies the authenticity of this certificate before sending data to the Commerzbank system. The certificate guarantees that you are genuinely connected to the online system of the Commerzbank.

Authorising the access
In order to use online applications you must first log on. To do this you must enter your user ID or user name together with your PIN code or password. This identifies you as the genuine user and ensures no one else can obtain access to your data. If the log on details are keyed in incorrectly three times in successions, access to the online account is automatically disabled.

Confidentiality of data transfer, data integrity
All communications between your computer and the Commerzbank online applications is encrypted. The keys used are known only to your computer and to the Commerzbank system. For eavesdroppers, an encrypted message is no more than a string of apparently random characters. The encryption prevents anyone other than you from deliberately changing the messages. And the Secure Socket Layer protocol in the online banking system effectively puts a stop to the possibility of strings being manipulated by random ("blind") alteration of characters.

Only one session possible
The security concept ensures that only one session under your user ID may be active at any one time. If there is an extended period without activity during a session, the session is automatically closed down. The same applies if the connection between your computer and the application fails for any reason: the session is automatically terminated.

128-bit encrypted communication
Communication between your computer and the Commerzbank server is based on the Secure Socket Layer protocol (SSL). The degree of encryption security depends very much on how long the keys are. For maximum safety, the Commerzbank encrypts all communication using at least 128 bits. Decrypting a message like this on a normal computer would take several thousand years.

Additional information
Further information about security practises in online banking is provided in the brochure "Online Banking Security" [pdf, 1 MB], published by the Federal Association of German Banks.