A recent programming flaw in the OpenSSL software library is affecting numerous services throughout the Internet. The flaw is referred to as "Heartbleed" and can be used to read small portions of protected information from vulnerable systems. PostFinance has taken measures to prevent any abuse of the "Heartbleed" attack. All digital services (E-Finance, www.postfinance.ch, PostFinance’s mobile Apps, E-Payment) are functioning normally.
There is no cause for alarm and no need to change passwords.
PostFinance’s services are configured to make use of "Perfect Forward Secrecy" to ensure secure connection data cannot be decrypted at a later time.
At over 1.5 million users, PostFinance remains the Swiss leader in e-banking. Security is a top priority. An extensive catalogue of measures protects any and all interactions: All data is encrypted with 256 bit AES and protected with several layered firewalls to ensure its integrity and confidentiality. All electronic transactions are analyzed for suspicious activity. Finally, PostFinance works in close cooperation with other banks, MELANI and other information security specialists.