Authentication tools and security

You need to have at least two login tools!

For your security, we recommend having at least two logins. We recommend a combination of biometrics (fingerprint or facial recognition) and Smart-ID. We recommend this option because it:

  • Safe;
  • Comfortable;
  • Free of charge!

How to start using Smart-ID:

  • You will need your smartphone and your current authentication tool to log in to the Internet Bank.
  • Download a free Smart-ID app to your phone.
  • Create a Smart-ID account on your phone.
  • Activate it using your current authentication tool.

Download Smart-ID now:

Smart-ID for iOS    Smart-ID for Android

If you cannot download and activate Smart-ID on your own, come to the bank’s branch that is convenient to you. You must register before your visit.

Register

The created Smart-ID account is valid for 3 years. Upon approaching date of expiry, you will receive a Smart-ID app notification. You may renew your Smart-ID account independently:

  • First, check if you have the latest Smart-ID app version (v.18 or newer).
  • Then check whether your phone has biometric data enabled (in phone settings).
  • Take your passport or personal ID card.

Then click “Renew account” in Smart-ID settings and follow the step-by-step process in the app.

Before starting, you may want to watch a demo video.

Watch

How to obtain a PIN code generator:

  • Log in to the Internet Bank and register for a consultation – choose the time and the preferred Swedbank branch.
  • Bring a valid identity document – passport or personal ID card – when going to the bank.

If you have Mobile-ID or Smart-ID, you don’t need a PIN code generator. You may use your current authentication tool to log in and confirm operations.

What is Smart-ID?

“Smart-ID” is a free application, which will make it easier and faster for you to login to Swedbank Internet Bank and Bank application, to confirm money transfers and other operations, and to sign various contracts.

In order to use “Smart-ID”, you will not necessarily have to be subscribed to a mobile communication operator. “Smart-ID” will operate wherever Wi-Fi or/and mobile internet is.

In order to use “Smart-ID”, you will need:

  • A smart phone with “Android 4.1” (or later version) or „iOS 8.0” (or later version);
  • Mobile internet or wireless internet connection.
Smart-ID instructions

“Smart-ID Basic”
  • If you create a “Smart-ID” account by using a code card or a code generator, “Smart-ID Basic” account will be created for you.
  • You can use electronic services of the banks: login, confirmation of various operations, confirmation of various service contracts.

“Smart-ID”
  • If you create a “Smart-ID” account in a bank branch with the help of a consultant or by using the M-signature, “Smart-ID” account will be created for you.
  • You can use not only electronic services of the banks: login, confirmation of various operations, confirmation of various service contracts, and also signing of various documents. This ID tool has the same legal power, as the signature made with your hand.

The Estonian company “SK ID Solution AS” – a long-term Swedbank cooperation partner in the Baltic States and the developer of “Smart-ID” has been rendering certification services and issuing safe electronic signatures for 15 years.

More about “SK ID Solution AS”:

“Smart-ID” support:

How to use Smart-ID:

How to start use and how to renew Smart-ID?

How to login to the Internet Bank with “Smart-ID”?

How to perform payments in the Internet Bank with “Smart-ID”?

How to login to Swedbank app with “Smart-ID”?

How to perform payments in Swedbank app with “Smart-ID”?

What to do if you have forgotten your PIN code?
FAQ

Smart-ID and smart devices

You can download Smart-ID app and create your electronic signature in any smart device (telephone, tablet, etc.) with Android (version 4.1 or later) or iOS (version 8.0 or later) operating system.

Yes, you can create your Smart-ID account in several different smart devices. Account registration (sign up) in different devices will have to be carried out anew. If you delete Smart-ID account in one device, it will not stop functioning in other devices.

You can create different PIN codes or use the same for the accounts in different devices.

You will see the request to check the control code and enter the required PIN code in all devices in which you have Smart-ID account. When you enter your PIN code in one device, the request to enter PIN code in other devices will automatically close.

This is subject to the characteristics of a smart device. Devices with Android OS usually allow the use of different user accounts. Meanwhile, devices with iOS do not have this function.

Not necessarily. E. g. you can have Smart-ID in your phone and connect to internet bank using any other device. You just need to enter PIN code in the device with Smart-ID account.

Account registration and validity

To start using electronic services provided by Swedbank, a person has to be resident of the Republic of Lithuania. Foreign citizens also have to have any type of residence permit specifying personal identification code allocated in the Republic of Lithuania.

Your Smart-ID account is valid for 3 years. When approaching the expiration date, you will have to delete the account and sign up again. Service provider SK ID Solutions will notify you in advance by sending an SMS or by e-mail.

To use the available Smart-ID also in Swedbank, you should first login to Swedbank internet bank with the identification tool you have (PIN code generator or M-signature) and enable the use of Smart-ID.

On the menu select as follows: My bank -> Settings -> Settings. Hit the button Enable Smart-ID.

Delete your account in Smart-ID: open Smart-ID app and hit “Delete account” on the top left corner.

First, download the “Smart-ID” app to your new smartphone. Then activate your “Smart-ID” account on the new smartphone by using “Smart-ID” of the old device. Delete the app from the old device only after having activated it on your new smartphone.

Yes, using Smart-ID has no effect on other forms of identification allowed by Swedbank. You can use the identification tool provided by the bank as an additional one. It may also be useful to have it when creating a new Smart-ID account (e. g. when forgetting your Smart-ID PIN code or losing a device, used for Smart-ID registration).

Using Smart-ID

Swedbank clients can use Smart-ID:

  • to connect to internet bank and bank app;
  • confirm payments and agreements;
  • identify themselves when connecting to the website of the third parties if these websites provide the possibility to connect via Swedbank internet bank.

When using Smart-ID transactions daily and monthly limits in the Agreement of Electronic Services shall be applicable. You can change the limits via internet bank or in any Swedbank branch.

The registration and use of Smart-ID, when connecting to Swedbank e-banking, is free of charge.

You can use Smart-ID anywhere you go where wireless internet is available. One Smart-ID request uses only as many as 5 KB of internet data.

No, SIM card is not needed. To use Smart-ID you only need wireless or mobile internet.

PIN codes

You can try entering PIN codes three times in succession. When you enter the wrong PIN code the third time, Smart-ID account is blocked for 3 hours. After 3 hours you can try again.

If you enter the wrong PIN code three times in succession for the second time, Smart-ID account will be blocked for 24 hours.

If you enter the wrong PIN code three times in succession one day later, Smart-ID account will be finally blocked.

Delete Smart-ID account and create a new one with new PIN codes.

You can delete your Smart-ID account in Smart-ID app by selecting the appropriate item and hitting on the top left corner menu.

If you fail to create an account in Smart-ID, please address the provider of Smart-ID service, , SK ID Solutions. Contact information: https://www.smart-id.com.

Should you have any question or face interference while connecting to Swedbank e-banking through Smart-ID, contact us.

The advantages of Smart-ID in comparison to other forms of identification

Smart-ID is an alternative to a PIN code generator – it is only much more comfortable and free of charge.

Smart-ID is in your smart phone, and you always have your phone with you. Thus to connect to the Internet Bank you no longer have to look for your PIN code generator.

Besides, you sign up to Smart-ID and can use it for Swedbank e-banking at no cost.

Smart-ID is an alternative to mobile-ID, but itt does not require you to have a SIM card, it operates via Wi-Fi or mobile internet.

You do not have to go to any specific place to start using Smart-ID. You simply need to download Smart-ID app to your smart device and sign up with the available identification tool. You sign up to Smart-ID and can use it for Swedbank e-banking at no cost.

Security

In such case, call the service provider SK ID Solutions, you will find the number on the website https://www.smart-id.com and ask them to block your Smart-ID account. You can also notify the bank of the loss. Upon your request from a client the service of internet bank will be blocked. The access will be unblocked on the basis of your request or request of the person’s authorised by you only at Swedbank branch.

We recommend installing Smart-ID in personal devices. In this way you will be sure that the users of the device will not accidentally block your account.

Detailed information on safety which guarantees technological principle of Smart-ID functioning can be found on
https://www.smart-id.com (see Help -> Security and Private keys).

Please also follow general safety principles:

  • do not disclose your PIN codes to anyone;
  • make sure that your smart devices are secured with passwords;
  • do not forget to regularly update the OS in your device.

You can access Swedbank app & confirm transfers extra conveniently by using your biometric data – you won’t have to memorize any codes! Biometric data is the most unique data to identify you and authenticate your actions in digital banking environment.

Remember! In order to use your biometric data in Swedbank app, you need to enable biometric usage in your smart device settings. Your device must have a fingerprint or face recognition sensor.

View tutorial videos on how to start using biometric data in Swedbank app:

How to enable biometric usage in smart device:

By using your fingerprint or face recognition sensors in your smart device you can:

  • Log into your Swedbank app
  • View your account balance instantly and conveniently
  • Confirm payments (up to 100 euros 10 times in a row)
  • Manage your cards (block & unblock them, change their limits)
  • Repay used credit card limit
  • By using app menu section “Services” you can access internet bank without additional login.

What is PIN code generator?

PIN code generator is an electronic device, which generates single-use codes to be used for login and confirmation of various operations in the Internet Bank and Swedbank app.

PIN code generator is issued at the price of EUR 8.69.

Users of Swedbank Youth Programme and Senior Programme as well as users of the Basic Payment Account Service can get PIN code generators free of charge.

What is the personal identification card?

Electronic personal identification card (or e-ID card) is a secure and reliable method of identification.

This login tool can be used only in computers – mobile devices are not equipped for this purpose. Your computer must be additionally prepared for the use of the personal identification card/USB.

In order to use this identification measures, you will have to obtain a card terminal. Fees are available here.

How to obtain:

How to prepare your computer:

What is mobile signature?

You can also login to Swedbank Internet Bank and app and confirm operations with a mobile signature. In order to use it, you‘ll need a mobile phone with a special SIM card. Your mobile signature will be secured by two sPIN codes known solely to you. You‘ll have to enter these codes into your mobile phone – it is more secure than entering them into an internet page.

You can get mobile signature and receive more information on its price and conditions from your mobile network operator:

How to log-in with mobile signature?

Select “MobileSignature” when loggin in the internet bank or app.

  1. Enter your permanent user ID code in the box “User ID”.
  2. Enter your mobile phone number in the box “Phone number”, for example, 6XXXXXXX.

Enter your sPIN code

  1. Make sure that the code displayed in your Internet Bank or App log in screen coincides with the code displayed on the mobile phone, and confirm it.
  2. Enter the sPIN code of your mobile signature in the mobile phone.

What to do in emergencies?

If you've lost your card or any data used in your Authentication tools or if you suspect that they‘re disclosed to other people, immediately call us at any time of the day or night. We will block your card or access to Internet Bank account immediately and no one else will be able to access money in your bank accounts.

  • For private clients: call 1884 (or +370 5 268 4444)
  • For business clients: call 1633 (or +370 5 268 4422)

We will also automatically block access to Internet Bank if incorrect login data (User ID or code from the PIN code generator) is entered 5 times in a row. You can unblock it by calling us at 1884 / 1633 (from 8:00 to 20:00 on working days, and from 9:00 to 16:00 on Saturdays). In case of a repeated block, you will have to visit the bank’s branch. You should book a visit in advance. Have you discovered any unauthorised transactions on your account performed prior to the blocking of Internet Bank access? Review your account statement and submit the information to us.

Secure your login data

  • You shouldn’t confirm transactions or logins to internet bank or app, which are not initiated by you under no circumstances.
  • You shouldn’t ever disclose your personal data or data used for login to internet bank & app to other persons, including family members, friends or bank employees, unless you are calling to the bank.
  • Do not write down, send by e-mail, SMS, etc. or otherwise save any confidential codes and passwords to unlock the screen of your computer or mobile phone. Create complex passwords, that are difficult to guess, memorise them and change them regularly. When creating PIN codes, be sure to make PIN codes in random number combination. Do not use combinations, such as 1111, 1234, dates of birth other personal details etc.
  • Remember that your User ID number is as important as your personal code, thus pay a great deal of attention to its security.
  • Keep in mind that after login you will have access to many services including external ones which do not require additional authentication.

Closing browsing session

The login session is terminated when no activity happens for 5 minutes. You will be asked to re-enter your login details. Time limits are used for security reasons, to prevent Internet Bank access if a user forgets to log off from his/her account after finishing using the Internet Bank.

Once you finish Internet Bank session, log off (by clicking 'Logoff') and close the browser.

Address of the Internet Bank website

On the computer:

By clicking on the lock sign you should see the correct Swedbank certificate:

On the smart device:

Before entering your login data, make sure that the website domain is “swedbank.lt”.

Take a moment to familiarise with our security recommendations:

  • Do not share your personal authentication means. If you want to give your family members or your employees rights to manage funds on your accounts, please, request the Bank to grant them respective rights. They will be able to use company’s accounts on behalf of their own and by using their own personal authentication means. You can revoke these rights at any time. It is also possible to order a supplementary card linked to your account for a family member to use.. Sharing the same authentication mean between the employees or family members is strictly forbidden.
  • Remember, that security of all your data (User ID, PIN codes, mobile phone number provided to the bank, personal number, etc.) is the key for protecting an access to your money.
  • If you’re using a public computer, avoid entering personal information as there might be malware that records your details.
  • Do not keep User ID number together with authentication means and their confidential codes.
  • Never send authentication data by email.
  • Never disclose your login information, unless you are initiating the call with the bank. No one has the right to request you to provide your personal number and authentication mean by phone. If you receive a call from a person stating he is an employee of the bank, end the conversation immediately.
  • Your Smart-ID or PIN code generator PINs should not coincide with any part of your phone number or the sequence of numbers.
  • Always compare control number and read “see what you sign” if available.
  • By entering PIN2 of Smart-ID you are usually confirming a payment or an agreement. Be extra careful when doing it.
  • You will get an SMS when new Smart ID account is created. Contact bank immediately if it wasn’t you who created Smart ID.

When accessing internet bank via a laptop or stationary computer, follow these safety measures:

  • Install antivirus software and configure it to automatic update of the virus definitions database (at least one auto-update per day).
  • Install the local firewall. It should be configured so that it prevents connections from the Internet to your computer.
  • Use the latest browser and operating system available.
  • Turn on automatic updates for all software. If it cannot be updated automatically, regularly check on its latest software.
  • Set your browser to block pop-ups.

Check computer safety

  • More information on the ways to secure your device and to safely use other Internet services is available on the following websites:

https://www.esaugumas.lt/lt

Do not forget to follow safety measures when accessing internet bank via mobile devices:

  • Download applications only from trusted sources such as the App Store, Google Play or Windows Phone Apps – Microsoft store.
  • Do not jailbreak your mobile device to get around limitations set by your mobile network operator or device manufacturer. It will remove protections built into the device to defend against mobile threats.
  • Always screen lock your smart phone or any of your computers. If several levels of screen lock security are offered, always use the highest security level.
  • Do not allow other persons to use your phone or tablet were Swedbank App is installed.
  • Do not reveal the screen lock codes to other persons and do not allow to unlock your phone with other persons’ biometric data.
  • Use antivirus software.
  • Always adhere to the requirements or security alerts of the manufacturer of your phone device.

When shopping online, be prudent with your personal and financial data. Properly assess the threats, which you may encounter on the internet. We recommend to ensure protection of personal devices and always follow these safety tips:

  • Shop in reliable shops only. It is always safe to buy goods and services in well-known Lithuanian and foreign e-shops with a good reputation. Take a critical approach to unknown sellers and try to find out more information about their activity. Study public internet feedback about a specific online shop. Find out whether the website presents detailed contact data of its administrator (address, phone, email, etc.), and make sure it does not contain various errors in their links (additional words or letters, strange symbols), popup windows, advertisings, a great number of links instead of informative content.
  • Be cautious about discounts. You have found a high-quality product offered at a particularly low price? Before making a payment order, be sure that the company that offers the product really exists and is trustworthy. Be careful about advertisements in social networks. They may lead you to a fake online shop.
  • Safe shopping by card. When shopping in foreign e-shops, the most common way of payment is by card. In this case you will have to indicate the details of your payment card. If an online shop participates in international security programmes, special logos such as “MasterCard SecureCode”, and “Verified by Visa” for Visa cards are used in this shop. You may be redirected to internet bank to confirm payment transaction by logging in. Learn more about “Safe online shopping” programme here. Before making payment in online shop, please evaluate safety of such online shop and study public internet feedback about its activity.
  • Safe payment via electronic banking system. When shopping in Lithuanian online shops, usually you will be redirected to Swedbank internet bank account. You will recognise it from the Swedbank logo and internet bank address: https://www.swedbank.lt/banklink. It confirms that payment is made directly through the bank system. After you enter your login details, the website will automatically display the generated payment form.
  • Third party providers. As of 14/09/2019, when you shop online, you might be offered to use payment initiation service, offered by payment institution (PISP), other than the bank, to pay for goods or services. If you choose to initiate payment from your account, kept with the bank, you might be asked to fill in the payment order form in the PISP’s environment, and give your consent to transfer data, necessary for performance of payment transaction, and later to confirm payment order with the Swedbank internet bank authentication mean. If you have noticed any transaction in the account statement, not authorised by you, inform us immediately by calling 1884 (for private clients) or 1633 (for business clients).

Suspicious SMS messages. Stay alert!

  • Fraudsters could impersonalize bank by sending fraudulent SMS under our name to obtain personal and Authentication mean data. These messages usually offer to click on an indicated link, to open an attachment or to call the indicated phone number in order to allegedly update, revise, check or activate your account in internet bank.
  • Never answer to a SMS message requesting you to submit confidential data. Never click on the links and do not open attachments from the unknown sender because this way you can activate a virus, or you will be redirected to a fraudulent website.
  • In case you are clicked on the link and were redirected to a website resembling our site, do not enter any requested data and contact us. Here you can find the information on how you can recognise the authentic website.
  • If you suspect that other persons have gained access to your login data, contact us immediately.

Suspicious emails or calls. Be cautious!

  • If you receive a suspicious call or email from an alleged “bank employee” or “police officer” requesting you to disclose confidential login details – under no circumstances disclose such information. Do not trust this person only because he or she knows something about you. Fraudsters can have different scenarios to steal money (they request to update data; inform about suspicious bank transactions, etc.), yet they have one common feature – they request to disclose confidential internet bank login data or to enter the generated code of Authentication mean and transaction confirmation.
  • Neither bank employees nor representatives of law enforcement or other institutions contact residents requesting them to disclose their Internet Bank details (User ID, PIN codes, etc.) or initiate as well as confirm transactions not initiated by you. Therefore, stay alert and do not open suspicious emails. Make sure that you log in to the Internet Bank via the right website (https://www.swedbank.lt).

Here are some of the most common indicators that a phone call or email or SMS that you have received is most likely a scam or an attack:

  • Any message that communicates a tremendous sense of urgency. The criminals are trying to rush you into making a mistake.
  • Any message that pressures you into bypassing or ignoring our policies and procedures.
  • Any message that promotes possibilities to gain high profit. If it sounds too good to be true, it probably is.
  • Be very suspicious of any phone call or message that pretends to be an official or government organization urging you to take immediate action.

You have found the security flaw? Notify us!

It is important for us at Swedbank that our customers can feel safe and secure when managing their monetary affairs with our electronic channels. Therefore, we seek to ensure the highest security level in IT systems. Despite this, an error may slip by. If you have found a security flaw, we would like to hear more about it to be able to correct the problem as soon as possible.

How do you report?

Send an email to us at responsible-disclosure@swedbank.com. We prefer that you use our public PGP key to protect the information you send over. Make sure to have included the following information:

  • Detailed description of the vulnerability containing such info as URL and type of vulnerability;
  • The necessary information that we need in order to reproduce the problem;
  • If applicable, a screenshot of the vulnerability you have found;
  • Contact information, name and surname, email, phone number, and your public PGP key (if you have one).

This personal data submitted by you will be processed by Swedbank in order to inform you about the analysis of IT security flaws noticed by you and their correction, and, if necessary, to contact you regarding the revision of the information submitted by you. More information about Swedbank’s data processing procedure is available in the Swedbank Principles of Processing Personal Data at www.swedbank.lt.

What can you report?

You can report security flaws that you have found in any of our services. Examples of security flaws are cross-site scripting, flaws in encryption or flaws with security implications in logic controls. The reporting service is not designated for other logical errors, errors in texts, questions about our services, questions about the security of our services or similar.

What can you expect from Swedbank?

We will confirm that we have received your description, continuously keep you updated while we process the issue, and inform you when the issue is fixed. Claims for compensation as a condition for sending in a vulnerability are not accepted.

What is required from you?

It is important for both us and our clients that you follow good practice, i.e. that:

  • You do not use the vulnerability to access or attempt to access information that does not belong to you;
  • You do not use the vulnerability to remove or modify information;
  • You do not affect the availability of our services;
  • You give us an opportunity to fix the reported vulnerability before going public with it.

Can you file a report anonymously?

Yes, but then we cannot respond back and keep you updated on the status.

PGP key

PGP key

Key ID: 0x0AD6CCAF

Control code: 2D14 4030 6D4B 68C3 F286 3AC6 333B E8E4 0AD6 CCAF

You have doubts regarding the security? Notify us!

Contact us 24/7 via 1884 (+370 5 268 4444 - for calls from abroad), if:

  • you have noticed suspicious operations on your account;
  • you suspect that third persons have received access to your Internet Bank;
  • you have faced fraudulent actions aimed at obtaining login data from you or misappropriate your funds;

Warning about emerging cases of fraud we announce at security section blog.swedbank.lt and the Internet Bank login window. If you have noticed suspicious operations on your account, we can contact you personally. But you have to remember that bank employees contacting you by phone never ask to provide login data, passwords, PIN codes or other secret information. Bank employees may ask for certain login data only in cases, when you personally contact them via the phone numbers shown above and only for personal identification purposes.