Consultar Consult

Online Shopping and Homebanking

Online commerce, through digital channels and outside (traditional) physical stores, is booming, not only because it offers convenience (you can shop and receive your products in the comfort of your home), but also because of the wider range of products and prices available. Also homebanking, as an extension of (traditional) bank branches, presents advantages that must be known in order to take full advantage of them (such as lower costs in some bank fees).

Online shopping

Online commerce (or “e-commerce”) is the term used to designate any consumer relationship (purchase and sale of products and services) that occurs via the Internet. 

The advantages for consumers with online trade are numerous, starting with access to a much wider range of products and services (a truly global market, without physical barriers) and tend to be cheaper (since the goods can be purchased directly from the producer, thus avoiding costs with intermediaries and/or resellers).


  • Convenience
  • Best prices
  • Greater variety of goods
  • Greater control
  • Easier price comparison
  • Avoiding crowds
  • No pressure from sellers
  • Access to used or damaged inventory
  • Discounts and notifications


  • Risk of fraud
  • Shipping problems and delays
  • Not being able to try out the products
  • More complicated returns process
  • Greater difficulty in assessing what you’re buying remotely
  • Lack of after-sales assistance (in some cases)
  • Complicated and not user-friendly sites (in some cases)
  • Environmental impact related to shipping (packaging and gases)
  • Privacy and security (in some cases)


The Internet offers a convenience that is not comparable with physical / in-store shopping, since it is possible to search for a greater offer of similar products, compare prices and do everything in the comfort of your own home. However, these advantages are also accompanied by some risks, as hackers are able to access the personal and financial information of innocent consumers.

Ten good practices when shopping online:

  1. Wait until you get home to shop online (especially if you are using public Wi-Fi).
  2. Only buy from trusted sites (it is recommended that the consumer check whether the site address starts with https:// and has a closed padlock icon).
  3. Turn off Bluetooth and Wi-Fi whenever possible.
  4. Update your apps on a regular basis.
  5. Use a VPN when using your mobile data.
  6. When in doubt, search the Internet for fraudulent email schemes.
  7. Check the privacy and warranty policies.
  8. Only make payments via secure methods.
  9. If it’s too good to be true, it probably is.
  10. Check your bank statements regularly.


There are three common ways hackers can take advantage of online shoppers:

  1. Creating fraudulent websites and email messages – because unlike traditional shopping, where the buyer knows that a store is actually what it claims to be, hackers can create malicious websites or email messages that look legitimate. They can also pose as charities, especially after natural disasters or around Christmas time. There is only one aim: to try to convince you to provide personal and financial details.
  2. Interception of unsafe transactions – If a seller does not use encryption, a hacker may intercept their information as it is transmitted.
  3. Taking control of vulnerable equipment (computers and smartphones) – If a consumer is not careful to protect their device from viruses or other malicious threats, a hacker may gain access to the equipment and all the information on it.


Home banking (i.e. accessing the bank through the Internet) is one of the most convenient ways to access information about bank products and services, perform banking operations, make payments, subscribe or retrieve financial products, and all this without having to leave your home. 


If you are already a bank customer, simply sign up through your bank’s app or on the website. You can also do this at a help desk or via the telephone numbers on your credit institution’s website.

Generally, banks require the introduction of a validated mobile phone number. Then you will receive a text message or a welcome email and you will be able to gain access with your access code. As soon as possible, you should change the provisional password assigned to you by your bank. See how to set a secure password.


The list of services on homebanking is extensive, highlighting the following:

  • Consult your account movements;
  • See your available balance and your balancing item;
  • Paying bills (water, electricity or telecommunications, for example);
  • Making bank transfers (national and international);
  • Obtain information about your credit cards (such as credit limit, payment terms and options);
  • Pay for purchases, services and tolls, charge mobile phones or activate/deactivate direct debits and Via Verde;
  • Sign-up for new products and services from your bank;
  • Change credit limits or credit card payment options;
  • Access financial information about your investments.


There are, however, some risks in the use of online banking services, the two most common, and for which it is important to be alert: phishing and pharming.

Phishing is a method used to get sensitive data such as usernames, bank card passwords and other personal details which will then be sold to third parties or used to make transactions using existing accounts or to open new bank accounts.

Most of the time, the user receives an email from someone who poses as the bank. But you could also receive a text on your phone. In this case, we are dealing with a case of smishing, i.e. phishing by SMS. 

See recent examples of banks and an appliance store.

There are several types of phishing. Here are the most common examples:

  1. Spear phishing is a fraud in which an attacker has a more precise target and where their own personal information is used.
  2. Catphishing is a scam where a fake identity or account is created on a social network to trick people into sharing their personal information or making them believe they are talking to a real person behind an account, profile or real page.
  3. Clickbait is the technique of fraudulently using content, publications or manipulative online advertisements in order to capture people’s attention and get them to click on an address or a link, most often to increase the number of views or page traffic in order to make money. 

Pharming is another type of fraud, but it uses a more complex technique. The aim is to make the address of a site refer to a server other than the intended one. By looking like a reliable page, when requested, the user provides their personal data (login, account numbers and passwords, for example) which are then used for fraudulent transfers.  


If you use homebanking regularly, you should take extra care to avoid scams:

  • Change your password frequently;
  • Update your computer’s antivirus (and firewall) regularly;
  • Do not access your bank’s website through links sent in emails (such as newsletters) – ideally you should always type the address in the search bar of your browser;
  • Do not open attachments in unsolicited messages, even if they seem to be sent by acquaintances (since the computer of a friend which has been compromised may trigger malignant emails);
  • Do not send your username, access code or matrix card by email;
  • Be wary of messages with strange or incorrect addresses;
  • Never enter personal details on pages that do not guarantee a secure connection (i.e., do not start with https://);
  • Always log out when you access your bank’s website;
  • Check your bank account and movements periodically;
  • See the list of institutions authorised to provide banking services on the Banco de Portugal website.


In case of loss, theft, misappropriation of a card, suspicion of cloning or forgery, the cardholder must notify the bank immediately and the procedures to be adopted for this purpose must be included in the contract (and sometimes also indicated on the card or associated bank account statements)

Except in cases of wilful misconduct and gross negligence, the cardholder may not be held liable for the use of the card after having notified the bank of its loss, theft or misappropriation.

If the bank customer has fulfilled the confidentiality and security duties regarding their data, when reporting the unauthorised transaction to the bank they must be reimbursed. The customer has a period of 13 months from the debit date to notify the bank of unauthorised payment transactions.

However, it should be made clear that the consumer has to bear the losses relating to such transactions within the limit of the available balance or the credit line associated with the account or card, up to a maximum of 50 euros.

The bank is responsible for the risk of system failure and malfunction. The bank will have to prove that the unauthorised payment transaction had nothing to do with a technical fault or another system failure. Only the bank can ensure that the complex computer system used works well and guarantees the confidentiality of user data.


If the bank cannot demonstrate that the customer was negligent – and even if it is not known how third parties accessed the data – the consumer has the right to be refunded immediately. If this does not happen immediately, the client is entitled to receive default interest. The amount of interest is counted from the date on which the client communicates the unauthorised transaction until the date on which the refund is made.

It is not part of the banks’ procedure to ask customers to send personal details, not least because they have been focusing on increasingly sophisticated forms of validation on their sites, for greater customer security. Be suspicious if you receive emails with these requests. If you are unsure of the origin of the emails, do not click on the link. Open a window and write it down or call your agency.

If in doubt, contact us and report suspicious cases to Banco de Portugal.


A direct debit allows a company to receive a payment directly from the consumer’s bank account. Its activation is very simple: the company sends the authorisation given by the consumer to their bank and the payment of the invoiced services will become automatic.

The advantages of using direct debit are many, starting with the lack of concern about deadlines and certain utility bills (mainly), such as those for energy, water and telecommunications services. With electronic invoices you can also optimise your time and gain in convenience.

And as for not counting the debit, it is important to remember that service providers have to send the invoices to consumers in advance, informing them of the amount to be paid and the expected debit date.

Prevention is fundamental and therefore you should only provide your NIB and other bank details to reliable entities with which you have a contractual relationship or some other solid relationship (such as energy or telecommunications suppliers).

Check your list of active direct debit authorisations regularly. You can do this via: (i) the Internet (if you have online access to your bank account), (ii) an ATM (select the option “Inquiries” and “Debit Authorisations”) or (iii) by going to the bank branch that manages your account. 

And do not forget that if you are a consumer you can set direct debit charge limits: (a) either according to the validity (deciding until when you authorise automatic charges), (b) or according to the periodicity (deciding charges can only be made, for example, once a week/month/year) or (c) according to the value (setting the maximum amount that can be charged automatically).

These are the immediate ways to ensure that only authorised and known entities can make charges to your bank account.


If you want to cancel a direct debit authorisation, it is very fast and simple. At the ATM, simply select the current authorisation and change its status to “inactive”. In homebanking, simply log in to your bank account and access “direct debits” management, consult those that are active and, if you want, cancel the authorisation.

In addition, you should monitor your account movements regularly. Pay attention to the description that identifies the movements to easily identify whether they correspond to active direct debit authorisations.