Your safety
this is our priority

Mobile payments are very convenient and fast. We make every effort to ensure that all transactions are not only efficient but also completely safe.

However, in order for everything to go smoothly, it is also worth taking care of your own safety in the online world. In the interests of our Users, we suggest a few rules for safe use of the Internet.

Phishing (spoofing)

This is the act of obtaining confidential information (e.g. passwords, credit card numbers, personal data) by impersonating a person or institution. One of the most common methods of phishing involves sending fake emails.

• What data will you never be asked to provide by SkyCash employees?
• password – none of the SkyCash employees will ask you for your password – it is known only to you.
• full payment card number, CVV2/CVC2 security code (three digits printed on the back of your payment card), additional password required for some cards in the so-called 3D Secure verification process.

How to recognize if you are dealing with a genuine SkyCash Account login page?

Add the SkyCash Account login page to your browser's "favorites".

The correct website address is https://mars.skycash.com/web/login/. The website certificate is a confirmation that you have actually connected to the skycash.com website.

The page is always opened in a secure HTTPS connection. Communication between your computer and SkyCash is secured with a certificate assigned to the page https://mars.skycash.com/ issued on SkyCash Poland SA

Before logging in, check the web address you are connected to (domain and certificate validity). Any differences may suggest that you are using a fake/spoofed website.

Criminals often clone websites so that after entering the website they have prepared, the average user will not recognize any changes and will use the login option, sharing their data. Remember to always pay attention to the website address visible in the browser window before logging in, check the bookmarks on the website and make sure that the website forms a coherent whole.

How can I tell if the email I received is a scam?

SkyCash does not send emails to its users asking for detailed SkyCash account information or any other confidential information.

If you have received an email that meets at least one of the criteria listed below, it is probably a phishing attempt:

• The email contains a request to send an SMS to the indicated number.
• The email contains a request to provide a login or password to the SkyCash account, or sensitive data – date of birth, PESEL, mother's maiden name, card details, password.
• The email contains grammatical or spelling errors.

Messages sent by SkyCash never contain software attachments. (e.g. .exe).

If you receive an email with instructions on how to proceed with your SkyCash account, the best way to proceed is to open your web browser, manually enter the address www.skycash.com, go to the login window and only then enter your data - then verify the actions described in the message. Do not click on any link in the message that requires personal data or does not inspire your trust.

How to report a phishing attack?

When you receive a fraudulent email:

Forward the entire message (preferably with headers, sender's address, etc.) to: bok@skycash.com.

After verifying the content of the message and the address from which it was sent, we will respond to you whether the message is real or not. This will help protect other users.

Identity theft

Identity theft occurs when someone illegally gains possession of your personal data. The most frequently stolen data is your name, address, PESEL, or credit card number. Using other people's data, online fraudsters can, for example, obtain loans or make purchases online.

How to protect your identity?

1. Keep your data private – both online and offline.
2. Pay safely – use the SkyCash online payment system.
3. Never respond to emails that ask for your private information (e.g. your account details).
4. Be vigilant – regularly check your account activity for any suspicious activity.
5. Do not close your browser window without properly logging out of trading sites or your online account.

How to make your SkyCash account password safe?

1. The password should consist of at least 8 characters.
2. Use a combination of uppercase and lowercase letters and numbers.
3. Do not use your name or email address.
4. Do not use sequences that are easy to guess (e.g. 1234 or qwerty).

What should you pay attention to when paying by card?

SSL certificate

Your browser will display information that you are using a secure connection encrypted with a certificate. You will also recognize this by the fact that the web address begins with https://.

Quality of the online store

Don't buy from unknown stores, with an unclear past, that don't inspire trust. Pay attention to whether the store provides information on its website such as:

• seller's contact details,
• regulations (including the rules for returns and complaints),
• phone number,
• information about the store’s and payment agent’s compliance with PCI DSS (security standard for card payments) and support for 3DS authentication (Verified by Visa and MasterCard SecureCode) – the PCI DSS, MCSC and VbV symbols should be placed on the website.

If the website does not meet the above standards or does not inspire your confidence, do not complete the transaction.

Nigerian scam

Nigerian fraud or Nigerian scam (also known as African scam, 419 scam – from the article in the Nigerian Penal Code concerning this crime) is a criminal activity – fraud, most often initiated by contact with the victim via e-mail, consisting in drawing (formerly random, now increasingly often typed) the victim into a psychological game, the plot of which is based on a fictitious transfer of a large (often excessively exorbitant – even in the range of several million pounds or US dollars) amount of money from one of the African countries (most often Nigeria, although currently it can also be any other country – increasingly often Great Britain, Spain) – aimed at extorting money.

Secure PC

The basis for safe use of the Internet is, first of all, having legal software with security support.

When making payment transactions, it is worth remembering to use:

• antivirus program,
• a network firewall (also called a firewall),
• current software.

An antivirus program should provide protection against viruses, Trojans and other programs that harm our computer. There are many sources of potential infection, such as sending email with infected attachments or downloading virus-infected software from the Internet. Antivirus programs, by definition, should protect us from such threats. In order to provide the best protection, we recommend using professional antivirus programs, because unlike free versions, commercial ones are characterized by greater protection effectiveness and support. Many manufacturers offer the opportunity to test the software during a trial period, which usually lasts 30 days. If you do not have an antivirus program or suspect that you have been attacked, install a trial version today!

A firewall protects against unauthorized attempts to access your computer. Imagine that you are in a popular fast food restaurant and surfing the web using the free Internet it provides. Without the proper firewall settings, a third party may attempt to connect to your computer. A firewall should protect your device against unauthorized access. We recommend purchasing a firewall along with an antivirus program. This combination provides very effective protection, and products of this type are often sold under the “Internet Security” label.

Up-to-date software is the foundation of security. Many people think that to provide protection, only an up-to-date operating system is enough. Unfortunately, this is not enough - to provide full protection, we should also perform periodic updates of installed programs.

For the safety of our users, we have prepared a short guide on what to do to ensure the safe use of mobile devices.

For Android

• Remember to keep your operating system updated.
• Do not escalate user privileges to root on your device. (i.e. Android Rooting).
• Do not install applications of unknown origin (third party app stores) on your device.
• Enable device encryption.
• Turn off “Developer Options.”
• Use apps/services (built-in or additional) to provide remote data destruction functionality on a device.
• Enable Device Manager in Android (https://www.google.com/android/devicemanager).
• Before sending your device for repair or recycling, delete all data from it.
• Authentication security:
  • Set a PIN code and automatic device locking after prolonged inactivity.
  • Set an alphanumeric password.
  • Set auto-lock timeout.
  • Turn off “Make password visible”.
  • Set data destruction after entering an incorrect access code (alphanumeric password or PIN) several times.
• Network security:
  • Turn off Bluetooth if you are not using it.
  • Turn off network notifications (Network Notification).
  • Forget Wi-Fi networks to prevent automatic connection to the network.

For Apple iOS

The described setup covers iPhone 4S and later, all iPads and iPod Touch 3rd generation and later – running iOS 8 and above. Some settings and security options may not be available on older devices. Some settings require iOS 10.

Configuration profiles


Configuration profiles can be edited and viewed (https://www.apple.com/support/business-education/apple-configurator/). Apple also provides a configurator (available via the App Store https://itunes.apple.com/us/app/apple-configurator/id434433123), which can be used to mass configure and manage a large number of iOS devices

Basic steps:

• Update your operating system to the latest version.
• Do not escalate higher privileges on your device system via unknown apps (Jailbreak).
• Enable automatic downloads of app updates.
• Enable remote data destruction.
• Turn on “Find My iPhone.”
• Encrypt your device backups using iTunes.
• Before sending your device for repair or recycling, delete all data from it.
• Authentication security:
• Require PIN or password.
• Enable TouchID with a complex password.
• Set auto-lock timeout.
• Disable lock screen grace period.
• Enable deletion of data after entering the wrong access code multiple times.
• Enable Data Protection.
• Browser security:
  • Turn on Fraud Warnings in Safari.
  • Disable autocomplete for sensitive information.
  • Enable third-party cookie blocking.
  • Turn on “Do Not Track”.
• Network security:
  • Turn off “Ask to Join Networks”.
  • Turn off AirDrop when not in use.
  • Turn off Bluetooth when not in use.
  • Turn off Personal Hotspot when not in use.
  • Forget Wi-Fi networks to prevent automatic connection to the network.

Software

For both computers and mobile devices, avoid downloading software from an untrusted source. This creates a risk of infecting your device.

Illegal software is the perfect environment for malware. Usually, to run a pirated version of software, you need to download a software overlay, a so-called Crack. This is the perfect time to infect your device, because what benefit does the crack author have?

We recommend using only software from a legal source. In the case of mobile devices, you should only install applications from official sources such as Google Play or iStore.

SkyCash is a universal payment system independent of telecommunications operators via a mobile phone with Internet access, enabling transfers between users and purchases of goods and services from the application installed on the phone. Thanks to dedicated applications prepared for the most popular operating systems, such as iPhone (iOS), Android, Windows Phone, Symbian, Java, Windows Mobile and BlackBerry, almost anyone with a mobile phone with Internet access can use SkyCash. The system allows for immediate transfers to any of the 40 million active mobile phone numbers in Poland. The recipients of payments do not even have to be SkyCash users. All you need to do is transfer funds to their phone number.

Mobile Devices

It is intended for users of all mobile phones with Internet access. It works in every GSM network and on over 90 percent of the devices currently used by Poles. The constant development of SkyCash makes it dedicated in particular to smartphone users, who can fully use all the constantly expanded functionalities of the system.

Web version 

Each user can also use the basic functionalities of SkyCash via the website with the transaction system, accessible from the browser level on the computer.

SkyCash ensures simplicity and speed of transfers while maintaining security standards at the level of credit cards and online banking. This is confirmed by the Settlement Agent license granted by the National Bank of Poland.

SkyCash Poland SA has the status of a Settlement Agent. As a result, the company is obliged to meet a number of requirements, which are specified in detail in the Act on Electronic Payment Instruments, including:

recorded attempts to conduct and transactions carried out with the aim of violating or circumventing the law or the rules of fair trading. Using an incorrect PIN code will result in the account being blocked.

the current status of monetary settlements,

number of acceptors,

value of completed transactions,

PCI DSS Certificate

Payment Card Industry Data Security Standard (PCI DSS) is a global standard established by financial organizations to protect the personal data of cardholders and information related to the protection of personal data. The PCI DSS standard was created to meet the needs of organizations dealing with the settlement of transactions, and also takes into account the need to strengthen the trust of customers in making payments via the Internet. In accordance with the requirements of payment organizations, all organizations and companies storing, processing or transmitting payment cardholder data should meet the rigorous PCI DSS security standards.