Clarify your doubts






How should I pay in a restaurant, if I want to use my credit card?

You must watch your credit card at all times. If your card has a magnetic band you must type your PIN on the POS (Point of Sales Terminal) to validate the operation in that moment. When finishing the operation you must keep the receipt or tear it up before placing it in the bin.

How can I make sure that the website I am checking is secure?

There are different ways of checking if we are on a secure website or not. We must pay attention to this aspect when purchasing online or using electronic banking. The browser address must start with “https”, instead of “http”; this way it guarantees that the data we are introducing online won´t go to third parties. Other methods to ensure a safe transaction are to check there is actually a lock on the lower bar of the browser or that we can see the Verisign system logo. In order to verify that these systems are active we must double click on the corresponding logo.

What are my rights in case of fraud in my credit card?

Once the user notifies the theft of his/her card to the entity, the entity is exempt from the possible amounts stolen. If we are victims of theft, before letting the entity know, the user is responsible for the first 150 Euros. Giving a concrete example, if someone illegally takes 500 Euros from us and we let the entity know immediately, we will undergo a penalty of 150 Euros.

What must I do if I have some trouble at a cash point?

Should any technical anomaly happen, please contact the entity immediately (press the button that is normally placed at the cash point or phone using your mobile phone); especially if the cash point does not give us back our card we must contact the entity immediately. We mustn´t leave the cash point to look for help or try to find a policeman, as if we are being victims of fraud, the fraudsters could take our card when we leave.

Can my bank or other entities ask me for my account number and personal codes over the phone or by email?

No entity has the right to ask for your personal details using those means, no legal entity operates that way.

What can I do to protect myself from fraud on the Internet?

  • Update software regularly
  • Periodically check the security level of your connection (Port scams, antivirus, firewalls, sensitive account information etc.)
  • Make regular backups of your data
  • Switch off the computer when not in use
  • Take care when downloading software; only download from safe sources
  • Configure your navigator and programmes with the highest security level
  • Do not trust direct links to pages, as these do not always take you to the desired page
  • Only input sensitive data, for example account numbers, when the page is secure: as a rule, pages beginning with https are considered safe
  • Configure a personal email address to send and receive in text mode: html does not offer many benefits over text and is more problematic from a security point of view
  • Encrypt* your most important messages and files so that if they are read by third parties, they will be difficult to understand.

*Encrypt means transforming data into a secret code that can only be deciphered by the intended recipient. Given time and IT resources, all encrypted messages can be decoded, but they require enormous amounts of both. Put simply, encryption is a way of hiding your files and email from spies. Your files are translated into code (an apparently meaningless group of letters and numbers chosen at random). To encrypt a file, block it with a keystroke that represents a password phrase. To encrypt a message, block it with a couple of keystrokes using a password phrase. It can only be opened by the intended recipient, using his own password phrase.

What are today´s most common types of fraud?

Currently, there are numerous cases of fraud which are more technically elaborated. Heading the list is internet fraud; specially cases of phishing (usurpation of access codes from the holder´s bank account with the intention to steal their money). This type of fraud is being carried out through different techniques, the most common consisting of sending fraudulent emails asking us for our bank account number and our personal codes.

What to do in case I am a victim of fraud in a payment method that is not cash?

These are the first steps you should take if you discover that you have been the victim of fraud:

  • In the event of card loss or theft, notify the bank or issuer immediately so that the card can be cancelled by visiting or calling the nearest branch. If you do not know the telephone number of your normal branch, you can call the following numbers: 4B (913 626 200 and 902 114 400) SERMEPA (902 192 100) Euro 6000 (902 206 000) Foreigners in Spain VISA (900 971 231) Visa Europe: 900 991 124.
  • Report the theft to the police: if you have any documentation relating to the fraud, present it. If you do not have any documentation, a report will be sufficient.
  • Contact your bank, supplying your ID card and the police report.
  • If any other bank is involved (with which you have no relationship, but to whom you are supposedly in debt, or maybe a shop where you have supposedly made a purchase) contact them to inform them of the situation. Present a copy of the police report.
  • If you wish to find out if there are any other debts incurred in your name, contact the solvency agencies and ask for information about yourself. If there are any outstanding debts accrued, they will be registered. These registries must inform you in writing of your inclusion in the register, however, if, within the fraud in which you have been implicated, your contact details have been falsified (which is a common practice to prevent the victim from discovering the fraud), notification will have arrived at this false address and not to you. According to current legislation, rights of access and cancellation of the information contained in these files can only be granted to the injured party by the owner of the file, so the victim will have to prove their identity to the owner. The guardian of the victim, however, may act on their behalf if the victim is incapacitated or under age, in which case the guardian will have to show proof of the incapacity.

ADICAE Asociación de Usuarios de Bancos, Cajas y Seguros


Spanish version





This project has been subsidized by the European Commission

ADICAE - Asociación de Usuarios de Bancos, Cajas y Seguros de España
ADICAE Servicios Centrales: c/Gavín, 12 local, 50001 ZARAGOZA (España).
N.I.F. G50464932. Inscrita con el N° 5 en el registro de Asociaciones de Consumidores del Instituto Nacional de Consumo de España. Email