Security & Privacy

Security & Privacy

Reliability and security are essential to banking in general, and to online banking in particular. Data security is a top priority at Bank Hapoalim. We do everything in our power to protect the confidentiality of your information, using the most advanced security methods and the strongest encryption technologies approved for civilian use on the Internet.


Data Security
Data security on the Online banking login page is aimed at ensuring unique customer identification, on one hand, and the encryption of identifying information and banking data transmitted during online activities on the other hand.
In order to maintain the confidentiality of the information in your account, access to the account will be blocked following five failed sign-in attempts. Should this occur, please contact your Account Manager to regain access.
As an additional security measure, the connection to the Online banking account will be terminated after several minutes of inactivity in order to prevent access by unauthorized users.


Customers using Online user ID and Password -

  • When you join the service, you will be provided with a computer-generated personal User Code and a temporary password associated with your User Code, which is valid for 30 days only. The User Code is permanent and will be used to identify you each time you sign in to the system.
  • The first time you sign in to the service, you will be asked to replace the temporary password which you were assigned with a password of your choice. Subsequently, you can choose to change your password again at any time.
  • Your sign on credentials are exclusively for accessing your accounts online- don’t share them with anyone. We recommend that you change your password periodically.
  • Each time you sign on to the service, you will be asked to provide your User Code, Identification Date and Password. This data will be verified and re-confirmed each time.

Important Note:
Never give your sign on credentials to anyone.
Make sure you change your password frequently to protect its secrecy. We will never, under any circumstances, ask you for your password over the telephone. Even if someone requests your password, do not give it out. Report the request immediately to your account manager. 

  • Communication between your internet browser and the bank’s server is encrypted and secured using advanced, stringent encryption methods based on technologies that are the highest standard for information encryption on the Internet. The secured connection prevents any information transmitted from being exposed to other Internet users.
  • The Online banking  login page and the online account are secured. When you sign on to the service, and during your browsing, please pay attention if the page address begins with the letters HTTPS:// (secure connection). Beside that a closed lock appears on one of the corners of the screen indicates that you are receiving an encrypted transmission of information. When  the connection is not secured, an open lock appears.  

Server Security
Bank Hapoalim uses advanced security technology. The bank server does not connect directly to the Internet; it is isolated by several levels of protection, including routers, filters, and firewalls.
All transmissions that begin or end with a connection between the bank’s server and the Internet are continuously monitored and observed.
The bank consistently keeps up to date with new technological developments in software and hardware, in order to deliver the highest possible level of protection.
We do everything possible to protect the secrecy of your information.


Secure Surfing guidelines
In order to enjoy the advantages of the service and benefit from secure surfing tools, we recommend that you observe the following rules:
Logging in to the online banking account

  • In order to enter an account, you must type in the “login credentials”’ details on the “login page”.  You must not use links sent to your Email to enter your Online banking account.
  • While completing the login process on the home page and while surfing on your account data pages, it should be ascertained that the address line begins with the letters HTTPS:// and not HTTP:// (S=secure). This indicates that the data transferred from the browser to the Bank’s site are secured.
  • On each entry to your account, the date of the last entry to the service will be noted at the top of the page. You can thereby ascertain that no entry was made to your account without your knowledge.

Logoff from the online banking account

  • When you have finished using the online service, you should press on the exit button on the upper right-hand side of the screen. When there is no activity for more than 15 minutes you will automatically log off from the service.

In addition, you are advised to enter the Online banking at every once in a while, in order to maintain constant monitoring of the activity in the account. 

Keeping Password / PIN code secret

  • Avoid choosing a Password/PIN code that is easy to imitate or copy, or which contains personal details such as your given name and date of birth.
  • Do not use a sequence of letters or numbers, for example: 12345678 or abcdefghi.
  • Do not keep the Password/PIN code next to the user code or token.
  • Avoid keeping the user code and the Password/PIN code next to the computer, in files in a PC, or in place where others can easily find it.
  • Do not enable the browser to save Password/PIN code automatically.

Four means of protection for the PC

  • An updated antivirus software.
  • A firewall software that reduces that chances of unauthorized ingress to the computer.
  • A spyware-detection software for protecting your privacy.
  • Frequently update the operating system.

If a file-sharing software such as eMule is installed on the computer, you must make sure that you do not save files containing personal details (user code, ID no., PIN code etc.) in a file in the computer. 

Recommendations and instruction on antivirus, firewall or anti-spyware software can be obtained from your ISP.

Phishing is an attempt by criminal hackers to obtain personal details, such as passwords, account numbers and credit card numbers via email messages and bogus sites, which appear to be an exact copy of the real site. 

How to spot a “phishing” scam
A scam message is likely to ask you for an immediate reply, or to press on a link that will lead the customer to a bogus Internet site which looks like an Internet site of an organization with which he is familiar. 

What is a suspicious email message?

  • Email messages that explicitly ask for a reply that includes personal details.
  • “Urgent” messages asking for details to be sent or updated rapidly, in order not to incur damage or in order for access to the site not to be blocked.
  • Email messages that contain spelling mistakes.

How do you avoid “phishing” scams?

  • Do not send personal information by email. This includes such details as ID number, bank account number, credit card numberpassword et cetera.
  • Immediately delete any email message that looks suspicious, without opening it.
  • Use an antivirus software to carry out a virus scan on your PC.
  • Do not enter the bank account via links that are sent via email messages.


How to react to a message that is suspected as a “phishing” scam

  • First of all, inform your account manager.
  • If the customer inputs personal information to the bogus site (such as ID number, bank account number, and user code), one should change the user code and password immediately.
  • If the customer type in details of his credit card to the bogus site, one should contact the credit card company immediately in order to obtain guidelines on how to react.


Beware of “tempting” offers that reach your email box: Sometimes, messages containing offers for the purchase of products or services, and other business proposals are received. Such messages usually ask for an immediate reply – sometimes, merely pressing on the link enables criminals to obtain the customer’s data. You are advised not to open email messages and especially files attached to them until you are certain that you know the sender of the message, that the message does not contain virus-infected files, and that the file which was sent is actually for you.

Think twice before typing an email address on the Internet: Certain sites ask surfers to state their email address for registration and other purposes. We recommend typing an email address only on sites where you do not suspect that such information could be misused.



The information and other content presented on this website (including any referrals or links to external websites and/or information) is provided for general information and illustrative purposes only and does not constitute investment advice. Any use of this website is subject to the Terms& Conditions.