This page is automatically translated from Romanian into English.

Banca Transilvania
Loans
Loans
Accounts and operations
Accounts and operations
Cards
Cards
Savings and investments
Savings and investments
Accounts and operations
Accounts and operations
Financing
Financing
IMM to Go, you do everything online
IMM to Go, you do everything online
Saving and investing
Saving and investing
Newsroom
Newsroom
Investors Relations
Investors Relations
Blog BT
Blog BT
CSR
CSR
UNIT NETWORK INVESTOR RELATIONS ONLINE PROGRAMMING COMMISSIONS BROCHURE MARKETING AGREEMENT
BT Pay – Apple BT Pay – Google BT Pay – Gallery
Download BT Pay

Scan the code with your mobile phone, depending on your phone system.
Download BT Pay

Scan the code with your mobile phone, depending on your phone system.
Download BT Pay

Scan the code with your mobile phone, depending on your phone system.
Download NeoBT

Scan the code with your mobile phone, depending on your phone system.
Download NeoBT

Scan the code with your mobile phone, depending on your phone system.
Download NeoBT

Scan the code with your mobile phone, depending on your phone system.
Download BT24

Scan the code with your mobile phone, depending on your phone system.
Download BT24

Scan the code with your mobile phone, depending on your phone system.
Internet Banking Internet Banking
Discover
Credit for
personal needs The
home credit Credit simulator
See all credits
Shopping cards Cards in lei The Youth Card
See all cards
Private banking Premium banking
Discover
See all
See all
Discover
See all articles
See all articles
Education Social Medium
See all projects
Discover
We have made a firm commitment to Romanians and local entrepreneurs in supporting their dreams, BT being the partner with whom they can start their journey.
ӦMER Tetik CEO Banca Transilvania

Call Center

PESTE
20
MIN
WAITING TIME
10
CUSTOMERS
IN CONVORBORATION
9
CUSTOMERS
WAITING
CALL THE CALL CENTRE
0264 308 028 or *8028 The number is available from any national network.
0264 303 003 Hotline for all Romanians who are out of the country, including assistance in English.
More
Popular searches
Notifications

BT integrates Microsoft 365 Copilot and GitHub Copilot AI assistants

14 March 2024 11:00

BT is the third most powerful banking brand in the world

6 March 2024 15:00

Financial results BT 2023

26 February 2024 18:19

BT turns 30

16 February 2024 09:40

Banca Transilvania buys OTP Bank Romania

9 February 2024 15:00

Question BT had a record number of visitors in 2023, over 5 million

12 January 2024 09:30

BT Responsible Disclosure Policy

Introduction

This document contains a set of guidelines regarding the process of responsible disclosure which is defined in the ISO / IEC 29147 as a process through which vendors and vulnerability finders may work cooperatively in finding solutions that reduce the risks associated with a vulnerability. Additionally, this represents the commitment of Banca Transilvania to ensure the continuous improvement of security practices in order to safeguard our clients' information. This policy is intended to provide security researchers guidelines regarding the assets and types of research that are considered in-scope and the vulnerability reporting process.

Given that the security researcher will comply with the following set of terms, Banca Transilvania will acknowledge that the vulnerability identification has been conducted in good faith and will not pursue any legal action.

Guidelines

  • Any testing or research must be performed against permitted systems without affecting the functionality of our services.
  • In accordance with the principle of responsible disclosure, the security researcher should establish communication with the designated point of contact and report any vulnerability that has been discovered.
  • If a vulnerability has been discovered, please refer to the Reporting a vulnerability section in order to find details on how to contact us.
  • Please allow our team a reasonable amount of time to respond to your report.
  • Once a vulnerability has been identified, the researcher should cease any activity that could lead to a compromise or could affect the integrity of Banca Transilvania's services and systems.
  • After a vulnerability has been confirmed, we make a commitment towards fixing the issue within 60 days.

Scope

The following assets are covered by this policy:

  • All services within AS34184 and AS34358.

In-Scope Vulnerabilities

The following vulnerabilities fall under the scope of this policy:

  • Server Security Misconfiguration - Using Default Credentials, CAPTCHA Implementation Vulnerability, Unsafe File Upload, No Rate Limiting on Form, Misconfigured DNS that leads to High Impact Subdomain Takeover, etc.
  • Broken Authentication and Session Management - Authentication Bypass, Account Takeover, Second Factor Authentication (2FA) Bypass, etc.
  • Sensitive Data Exposure - Disclosure of Secrets For Publicly Accessible Assets like hardcoded passwords, sensitive data over unecrypted connection, etc.
  • Server-Side Injection - LFI, RFI, RCE, SQLi, XXE, etc.
  • Cross-Site Scripting – Stored, Reflected, DOM.
  • Denial of Service.

Out-of-Scope Testing Methods and Vulnerabilities

The following testing methods (i.e. types of research) and vulnerabilities do not fall under the scope of this policy:

  • Physical testing against Banca Transilvania's Facilities / Property.
  • Phishing (either of an employee or a client/user of Banca Transilvania's services).
  • Email spoofing.
  • Email authentication best practices policies/configurations (DKIM, SPF records, etc.).
  • DDoS.
  • Lack of security headers (Strict-Transport-Security, X-Frame-Options, X-Webkit-CSP etc.).
  • Flaws affecting the users of out-of-date browsers and plugins.
  • A Man-in-the-Middle (MITM) attack proof of concept.
  • Self XSS.
  • Banner grabbing.
  • HTTP trace/options methods enabled.
  • CSRF with minimal impact (login, logout, etc.).
  • Open redirects (POST or header based).
  • Clickjacking or other similar attack methods.
  • Disposable email addresses allowed during registration.
  • Lack of obfuscation.
  • Header injection without a demonstrable impact.
  • Lack of Secure and HTTPOnly cookie flags (critical systems may still be in scope).
  • Static content served over HTTP.
  • Weak password policies.
  • Username and account enumeration.

Reporting a Vulnerability

If you have discovered a vulnerability or you have any questions, please contact us at the following email address: cybersec@btrl.ro.

In order to ensure confidentiality and integrity, please use PGP key 0x6F077A29C359A429 for encrypting the communication. You can find our security.txt file at the following address:

Security file
z TXT

Confidentiality Obligations

Could include but not limited to: customer-related information, financial or personally identifiable information, information related to the vulnerable assets.

The security researcher agrees that they will not disclose any of the above to a third party without Banca Transilvania's agreement. Therefore, any potential vulnerability reports should be treated as confidential information.