We guarantee 100% safety for your transactions performed through BCR's Internet, Mobile and Phone Banking.

How we protect your accounts and transactions

via Internet & Mobile Banking

  • If you choose to authenticate with the Token/eToken, every connection is accomplished through a unique code which is only valid for a given amount of time. The eToken mobile app and Token device are, in turn, protected by a PIN code known only by you.
  • Data encryption - our Internet Banking services are hosted on servers with SSL encryption on 128 bytes. This means that all information sent by you is coded for you security.
  • Automatic disconnection - you will be disconnected from Click 24 Banking after 15 minutes of idle time. This security measure is useful in the event that you forget to disconnect on your own.
  • Automatic de-activation of login information - after 3 failed login attempts, your login information is automatically de-activated. The purpose is to prevent fraudulent access to your Internet and Mobile Banking accounts.

via Phone Banking

  • For your safety and depending on the operations that you wish to perform, we will ask you to authenticate on your phone with your username/alias and password or the unique code generated by the eToken app or the Token device.

Useful tips

To prevent potential fraud attempts, we recommend that you will consider the following safety measures at your disposal. Take some time to read them and they will prove to be useful for all your on-line banking interactions.

  • Access the Click 24 Banking service exclusively from the official websites, or, from the "Login" menu. Never use links from other sites that do not belong to Banca Comerciala Romana (BCR).
  • Always check that the login page on Click 24 Banking BCR has an URL address starting with „https”, and NOT „http”. The lower or upper part of the loaded page should display the symbol of a secured lock.
  • Next to the URL address of the Click 24 Banking ( there should always be a reference to the owner of the website (Banca Comerciala Romana SA). The manner in which the information is displayed depends on the browser used.
  • Never insert any codes generated by your Token device or the eToken app on web pages open from links sent to your e-mail address.
  • Don't leave your computer or smartphone unattended if you are in a public place; always end your Internet Banking session by pressing the "Logout" button in the app or close the Mobile Banking app, "Touch 24 Banking BCR".
  • Don't leave your Token device unattended and never disclose your PIN to anyone, for no reason whatsoever.
  • Activate a security code for your phone, so that only you are able to use it. Thus, you are ensuring that no one, apart from you, has access to your messages received from the BCR Alert service or to the Touch 24 Banking app.
  • Regularly check your account. In the event that you notice certain transactions which were not initiated by you, immediately notify the BCR Technical Support staff at 0800.801.BCR (0800.801.227), which you can call free of charge from any national network.
  • Protect your computer with specific security software (firewall, anti-virus, anti-spy) and update them periodically.

Phishing is a method of fraud that consists in sending electronic messages requesting personal banking authentication/identification data (username, codes generated by the Token device/eToken app etc.).

  • The most common method is that of e-mails that are supposedly sent on behalf of the bank and which, usually, claim that you are required to "update" or "confirm" the data relating to your Internet banking account or card and they advise you to access certain links within the body of the e-mail. This link will lead to a fictional site, which collects your banking identification data and, therefore, will try to obtain financial benefits.
  • Therefore, BCR will never ask you to disclose, confirm or change your personal data and/or banking authentication data by accessing a link sent via e-mail or to access the Internet Banking application through an URL address sent by e-mail!
  • The initiators of a phishing attack are not aware of the recipient's bank. This is why messages are sent randomly, to entire lists of addresses, hoping that they will find customers of the targeted bank and who are not aware to the danger they are exposed to.
  • The collection of e-mail addresses occurs through various methods, with or without the approval of the owners, by infesting computers with viruses that steal addresses and send them to collection points.  On the Internet, the theft, sale or purchase of an e-mail database is considered as a criminal activity for a long time now. The key element is that you are always cautious with any unexpected e-mails that you receive, even if they seem to originate from a trustworthy source.
  • Whenever we learn of such attacks, we assure you that we take all the required measures to stop the fictional website from operating.
  • However, do not hesitate to contact us! Whenever you suspect that you are a potential victim of electronic fraud, please forward any suspicious e-mail to the address or call the Technical Support service at 0800.801.BCR (0800.801.227), toll-free from any national network.