Country Selection

Country Selector

User security

How to use the Internet safely?.




Online shopping is quick and convenient. Both our merchants and we at PayU do our best to ensure all the transactions are effective and secure.

However, to avoid complications, make sure you take care of your online security not only when shopping, but also during other activities on the web. 

User security

Phishing (spoofing) – means extortion of confidential information (e.g. passwords, credit card numbers, personal data) or masquerading as another person or institution. One of the most frequent phishing method involves sending false e-mail messages.

What data will you never be asked to provide by PayU employees?

  1. Password – a PayU employee will never ask about your password – it is known to you only.
  2. Full payment card number, CVV2/CVC2 security code (three digits printed on the reverse of your payment card), additional password required to verify some cards – so-called 3D Secure

How to make sure that you are on a genuine PayU Account/bank login web page?

  1. Add the PayU Account login web page to “Favorite” in your web browser  
  2. The correct web page address is https://secure.payu.com/user/login
  3. The web page always uses a secure HTTPS connection
  4. Communication between your computer and PayU has been secured with a certificate assigned to secure.payu.pl, issued for MIH PAYU B.V.
  5. Before login, check the website address which you have been connected to (make sure the domain and certificate are correct). Every difference may suggest that you are using a spoofed/falsified web page.
  6. Criminals often clone websites so that an average visitor could not recognize any changes and used the login option, thus disclosing data. Before login, always remember to check the website address in the browser window, click on tabs available on the website and make sure that the site is a coherent whole.

How to recognize that an e-mail I have received is a fraud?

  1. PayU does not send to its users e-mail requests to provide details of their PayU Accounts or any other confidential information.
  2. If you have received an e-mail that meets at least one of the above listed criteria – you may have become the subject of data phishing:
    1. E-mail requests that you send an SMS to a provided number
    2. E-mail requests that you provide your PayU Account login or password or sensitive data – date of birth, personal number, mother’s maiden name, card data, password
    3. E-mail contains grammatical or orthographic errors
  3. Messages sent by PayU never contains any attachments with software (e.g. .exe).

If you receive an e-mail with instructions related to your PayU Account, the best way to act is to open your web browser, manually type www.payu.pl, go to the login window and only then enter your data – when logged in, verify actions described in the message. Do not click on any link in a message that requires you to provide personal data or does not inspire your trust.

How to report a phishing attack?

If you have received an allegedly falsified e-mail:

  1. Send the whole message (preferably with headers, sender’s address, etc.) to the following address: 
  2. 2. We will verify the body of the message and the sender’s address to let you know if the e-mail is real or not. This will help us protect other users as well.

Theft of identity

A theft of identity takes place if someone illegally gains access to your personal data. The data that is stolen most often includes name and surname, place of permanent residence, personal number and credit card number. Internet fraudsters use them to take out loans, shop online, etc.

How to protect your identity?

  • Protect your data – both online and offline
  • Pay safely – use the e-payments system provided by PayU
  • Never respond to e-mail messages requesting your private data (e.g. your account data
  • Be vigilant – regularly verify transactions on your account for suspicious operations
  • Do not close the web browser account without logging out from transactional pages or your online bank account.


How to create a safe PayU Account password?

  • The password should consist of at least 8 characters
  • Use a combination of small and capital letters, digits and special characters
  • Do not use your name, surname or e-mail address  
  • Do not use easy to guess sequences (e.g. 1234 or qwerty)

What should you pay attention to when paying by card?

  1. SSL certificate – your web browser will display information that you are using  
    a safe connection encrypted with a certificate; you will know it by the address starting with https://
  2. E-shop quality – do not buy in shops which you do not know, are of unclear past or which do not win your trust. Verify if a shop gives the following information on its website:   
    1. seller’s contact data
    2. terms and conditions (including return policy and complaints procedure)
    3. phone number (call and ask about an item you want to buy – the seller should know its products well)
    4. information that the shop and acquirer comply with PCI DSS (card payment security standard) and support 3DS (Verified by Visa and MasterCard SecureCode) - symbols of PCI DSS, MCSC and VbV should be placed on the website
  3. Pay attention to the type of goods on offer (goods that are too cheap, service delivery period that is too long and descriptions that are too short are reasons for concern).
  4. Check shop or seller reviews – search the Internet for opinion.
  5. If a website does not meet the above listed standards or does not inspire your trust – do not make any transaction.


Nigerian scam

Nigerian scam (or 419 scam – referring to the article of the Nigerian Criminal Code dealing with the fraud) – a type of fraud most often initiated by contacting a victim (previously random, now often well targeted) via e-mail whereby the victim is involved in a psychological game, the plot of which is based on a fictitious transfer of a large amount of money (often exorbitant – even a several million pounds or US dollars) from one of the African countries (most often Nigeria, although other countries like Great Britain or Spain are also possible) in order to extort money.

Safe PC

The basic requirement for a safe use of the Internet is legal software with technical support. 

When making payment transactions, it is worth using:

  • anti-virus software
  • firewall
  • updated software

Anti-virus software should provide protection against viruses, Trojan horses and other malware. There are many sources of potential infections, e.g. receiving an e-mail with an infected attachment or downloading a virus software from the Internet. By definition, anti-virus software should protect us against such hazards. In order to provide the best protection, we recommend using a professional anti-virus program, because unlike free demos, commercial versions guarantee higher protection level and support. Many software makers give the option to test their solutions over a test period of usually 30 days. If you do not use any antivirus or you suspect to have been a victim of an attack, install a trial version immediately! Over next days, consider buying a full license, e.g. on Allegro. 

A firewall protects you against unauthorized computer access. Imagine that you are in a popular fast food restaurant
and surf the net via free Wi-Fi.
Without proper firewall settings, a third person may attempt to connect to your computer. Firewall will protect your device against outside intrusion attempts. We recommend buying a package: a firewall and anti-virus software in one. Often sold as “Internet Security”,the combination of products will allow you to enjoy high levels of protection.

Updated software lies at the very base of safety. Many people think that the latest version of an operating system is enough to be well protected. Unfortunately, this is not that easy – complete protection requires also periodic updates of software you have installed. 

Mobile devices

Android

Taking care of our users’ security, we have prepared a short guide on actions to be performed to use mobile devices safely.

For Android:

Basic steps:

  1. Remember to update your operating system
  2. Do not escalate user privileges to root (so-called Android rooting)
  3. Do not install on your device any apps of unknown origin (third party app stores)
  4. Enable device encryption
  5. Enable “Developer options”
  6. Use apps/services (embedded or additional) allowing you to remotely wipe data from your device
  7. Enable Android Device Manager (https://www.google.com/android/devicemanager)
  8. Before having your device repaired or recycled, remove all the data  

Authentication security:

  1. Set a PIN code and automatic device lock after longer idleness
  2. Set an alphanumeric password
  3. Set a time limit for automatic lock
  4. Disable “Make password visible”
  5. Enable data to be erased after a few failed password attempts (alphanumeric password or PIN)

Network security

  1. Disable Bluetooth if not used
  2. Disable Network Notification
  3. Forget Wi-Fi network to avoid automatic connections

For Apple iOS

The configuration below applies to iPhone 3GS and later, all iPad models and iPod Touch 3rd generation and later – with iOS 4 and later. Some settings and security options may not be available on older devices. Some settings require iOS 8.

Configuration profiles
Configuration profiles can be edited and reviewed (https://www.apple.com/support/business-education/apple-configurator/). Apple offers a configurator (dostępny za pośrednictwem App Store https://itunes.apple.com/us/app/apple-configurator/id434433123), that can be used to mass configure and manage multiple iOS devices.

Basic steps:

  1. Update your operating system to the latest version
  2. Avoid privilege escalation via unknown apps (Jailbreak)
  3. Enable automatic updates
  4. Enable remote data wipe
  5. Enable "Find my iPhone"
  6. Encrypt device backups with iTunes
  7. Before having your device repaired or recycled, remove all the data

Authentication security:

  1. Require a PIN or password
  2. Enable TouchID with a complex password
  3. Set a time limit for automatic lock
  4. Disable screen lock grace period
  5. Enable data to be erased after a few failed password attempts
  6. Enable Data Protection (Data Protection)

Web browser security:

  1. Enable Safari Fraud Warning
  2. Disable Autocomplete
  3. Disable third party cookies
  4. Enable “Do Not Track”

Network security:

  1. Disable “Ask to Join Networks”
  2. Disable AirDrop if not used
  3. Disable Bluetooth if not used
  4. Disable Personal Hotspot if not used
  5. Forget Wi-Fi network to avoid automatic connections


Software
Avoid downloading computer or mobile software from unauthorized sources, not to infect your devices. 

Illegal software is an ideal environment for malware. Usually, in order to launch pirate software, you will be asked to download an overlay program, also known as crack. This is when your device may get infected, because... what other benefit is there for the crack developer? 

We seriously recommend using legal software only. 

For mobile devices, always install apps from official sources, like Google Play or iStore.

Want to know “How to shop online safely?”. Visit our blog.