Dear Colleagues,
Today's issue of the CBA NEWS is focused almost entirely on cybersecurity, a topic that is very current; it is important to ensure that the public (both general and professional) is informed as much as possible. Indeed, hacker attacks on bank customers, but not only on them, are rapidly increasing. Over the last five years, the number of cyber-attacks has been increasing by roughly 20% each year. The pandemic has bolstered this increase even further. For example, America has seen an 80% increase in the number of companies attacked, while Europe has even seen a 100% increase. This is the price to pay for moving our lives into a more comfortable digital world.
At the Czech Banking Association, we take this issue very seriously. That's why, in cooperation with the Police of the Czech Republic and with ESET Company, we have launched an educational campaign under the motto: "You too can be the target of an attacker!" Its key element is the web application. Here you will find not only useful information, but also an online interactive quiz in which you can test the extent to which you recognize hacker attacks.
The campaign includes educational videos or banners on social networks, flash stickers on ATMs and screens at bank branches, as well as posters and leaflets in selected locations, such as in some restaurants and canteens. In addition to the CBA, the Police of the Czech Republic and ESET, the campaign also involved the CBA's Member Banks, the company Zásilkovna, the Chamber of Commerce of the Czech Republic and others.
So, if you have some more spare time during your holidays, I definitely recommend that you try the quiz. You might be surprised to find out how sophisticated hacker attacks are and that it is not easy to detect all the fraudulent conduct even for someone who is working in banking.
I wish you the best of luck. Have a great rest of July.
Monika Zahálková Monika Zahálková,
CBA Managing Director
Monika Zahálková, výkonná ředitelka ČBA

The security of banks is ensured at a high level, which is why cyber attackers target the weakest link - their customers.

The phone is ringing in the middle of the night, your bank's call centre number is displayed on the screen. On the other end of the phone, there's a person who is hard to tell from a real banker. He/she speaks in a sophisticated manner, knows banking terminology and, most importantly, knows you. The caller knows your name and your phone number. The person knows which bank you have an account with, and under the pretext that your money is at risk (e.g., that a large sum is transferred from your account right now, or that it is being withdrawn abroad) the caller tries to gain your trust to obtain confidential information from you (such, as for instance your username and password, credit card number and its CVV code). The caller allegedly needs this information to get access to your account to prevent misuse, or instructs you on what you yourself should do immediately to protect your funds (e.g., allow him to access your account remotely, to go out and immediately withdraw cash from your account from the nearest ATM and deposit it the same way on another "safe bank" account).  In doing so, he/she refers to the bank's already established cooperation with the Police of the Czech Republic and with the Czech National Bank, which are now dealing with the case and with whom it is therefore necessary to cooperate.
This all looks like a scene from a movie, but in fact it is a reality that has been occurring more and more often lately. This is a so-called vishing attack, when hackers exploit the moment of surprise and the fear of clients that they would lose their money. As the security of the systems on the banks' side is at a very high level, attackers focus on the most vulnerable and weakest link, i.e., the client. In the first five months of this year alone, banks experienced six times more such fraudulent calls than in the whole of last year. Petr Barák, chairman of the CBA's Banking and Financial Security Commission, Colonel Ondřej Kapr from the Criminal Police and Investigation Service and Robert Šuman, head of the Prague research department of ESET Company, talked about the methods used by hackers and about what to do if you become a target of an attacker in the next episode of the CBA FOCUS. Once again, the discussion was facilitated by Daniela Písařovicová.
You can watch the new CBA FOCUS on our YouTube channel or listen to it on Spotify.


In a single month, a bigger volume of mortgage loans is provided in the Czech Republic than was the total balance of these loans at the turn of the millennium.

Interest rates for mortgage lines of credit rose slightly again in June and yet the volume of mortgages also rose. This is how we can summarize the findings of the Fincentrum Hypoindex, which has long been "taking the temperature" of the market that represents a significant majority of the total volume of loans provided to the population. Compared to the previous month, mortgages rose 7 basis points to 2.13%. According to Hypoindex, banks increased the volume of mortgages to nearly CZK 44.5 billion, which is actually just below the historical record set in March of this year. June was also an almost record month in terms of contracts negotiated. "To put this in a historical context - in a single month, more mortgage loans are provided in the Czech Republic than the total balance of mortgage loans at the turn of the millennium. According to the Central Bank statistics, the volume of mortgage loans to residents for housing purposes reached CZK 42.5 billion at the end of 2000. At the end of May this year, the figure stood at CZK 1.473 trillion, which means an almost thirty-five-fold increase," commented Miroslav Zámečník, the Chief Advisor of the Czech Banking Association, on the development of the mortgage market.

Does cash belong in a museum?

How money came into being, how it is printed and how much of it is now in circulation, and how the pandemic changed the Czechs' attitude to cash - these and other questions asked not only by the host, but also by the listeners, were answered  in the Czech Radio Two program “Coffee at Four“ by Tomáš Hládek, an expert of the Czech Banking Association on payments.

The CNB withdraws older banknotes from circulation

From 1 July 2022, the Czech National Bank intends to terminate the validity of  older versions of banknotes of CZK 100, CZK 200, CZK 500, CZK 1,000 and CZK 2,000 nomination values from 1995 to 1999. It will not be possible to pay for goods and services with these banknotes, which are already being gradually withdrawn from circulation, in a year's time. The exchange of older banknote versions will be unlimited in time. The older banknote versions that are being withdrawn are most easily distinguished from those that are to remain in circulation from the second half of 2022 by the width of the silver stripe - the security feature that intersects the banknote vertically. This strip is narrow on the withdrawn banknotes and does not change color when tilted, while the latest banknote versions have a wider strip that changes color from brownish-purple to green when tilted. The individual versions are further distinguished from each other by the year shown on the face of the banknote and by certain other security features.

Entrepreneurs received over CZK 60 billion from COVID guarantee programs

According to the CNB, entrepreneurs had received CZK 60.7 billion from COVID guarantee programs as of 30 June. Banks had approved applications for loans worth CZK 68.5 billion as of the same date. Under the COVID Plus guarantee program for exporters (i.e. enterprises with over 250 employees and at least 20% share of exports in their production), EGAP had already received 161 applications for loan guarantees from banks by the end of June, with a total value of CZK 28.4 billion, 111 applications were approved with a total value of CZK 16.6 billion. Under the COVID III program for small and medium-sized enterprises with up to 500 employees guaranteed by the CMZRB, almost 9,000 entrepreneurs had submitted applications with a total value of over CZK 53 billion as of the same date, of which more than half of the funds had already been drawn by entrepreneurs.

Banks are easing certain credit standards

In the second quarter of this year, a part of the banking market relaxed lending standards for loans to non-financial corporations. This was mainly due to a favourable turnaround in the perception of the risks linked to the expectations of the overall economic situation. A part of the banking market also relaxed standards for loans to households for consumption, while banks did not change standards for housing loans. Demand for housing loans continued to grow across the board in the second quarter. Demand for loans to non-financial corporations also increased, especially for long-term loans and loans to large enterprises, with the main factor being the increased need for funding fixed investment as well as inventories and working capital. The majority of the banking market expects a reduction in the expected credit loss rate for loans to non-financial enterprises and households for consumption and almost a half of the banking market for housing loans to households in the third quarter of 2021. This was revealed in the Czech National Bank's report.

The European Commission proposes limits on cash payments. It wants to strengthen fight against money laundering
The European Commission has proposed that only cash payments of up to €10,000 should be allowed across the EU. This EU-wide limit is high enough not to call into question the euro as a legal tender and recognises the key role of cash. Approximately two thirds of Member States have already introduced such limits, but their levels vary. Existing national limits of no more than €10,000 may remain in place. Limiting large cash payments will make it harder for criminals to launder dirty money. In addition, the provision of anonymous crypto-asset wallets will be banned, as is the case with anonymous bank accounts, which are already prohibited by EU rules in the area of combatting money laundering and terrorist financing.
Z legislativy

Amendment to the Consumer Credit Act has not been discussed

Contrary to expectations, the  government bill related to the development of the capital market failed to be discussed in the 2nd reading on Wednesday, 14 July 2021, and thus failed to proceed to a possible 3rd reading, in which the Chamber of Deputies could vote on the amendment initiated by the CBA. The amendment introduces rules for determining the compensation for the costs of early repayment of consumer housing loans. In the time window limited for the 2nd reading, the deputies spent over three hours debating the proposed amendments to the Pension Insurance Act, leaving them literally no time to discuss the proposal to amend the Consumer Credit Act.

Z legislativy Amendments to the Civil Procedure Code and the Enforcement Code finally adopted
The amendment to the Enforcement Code, referred to in the public domain as the largest set of amendments to the enforcement procedure in the last few years and known as Parliamentary Print No. 545,  was finally adopted by the Chamber of Deputies on 7 July 2021 and signed by the President of the Czech Republic on 20 July. It has not yet been published in the Collection of Laws.
Z legislativy Act on ID cards now in the Collection of Laws
The new Act on ID cards, which, among other things, postpones the issuance of ID cards without a birth number by two years (i.e., as at 1 January 2024), was published in the Collection of Laws as Act No.269/2021, Coll.
Please find information on the approved CBA codes and standards here.

CBA launches "Bankers to Schools 2021" project 

The "Bankers to Schools” educational project will continue with its 8th year this autumn. The aim of the project is to introduce primary and secondary school students to the Basics of Financial Literacy or to introduce them to the issues of Cyber Security. Workshops in schools are conducted by the most competent people - bankers themselves. The Czech Banking Association has prepared detailed teaching materials for the presenters, including a presentation for students. Last week, banks received detailed information about the project and how bankers can apply for the project. If you have hidden talents of a teacher and would like to try out the role for two lessons, please do not hesitate to join this year's “Bankers to Schools” project. Of course, schools interested in hosting a lecture on their campus can also apply via the project website (


Attacks on bank customers are rapidly increasing and becoming more sophisticated.

The pandemic situation and the associated migration of people to the online world have created ideal conditions for hackers and internet fraudsters. Data from the Czech Banking Association (the CBA) show that attacks on bank customers, who represent a "vulnerable" link from a cybersecurity perspective, are increasing rapidly. As early as in June, the number of phishing attacks matched last year, while the number of vishing attacks, when attackers pretend to be bankers or police officers during a phone call, for example, has increased sixfold. The attackers' methods are evolving too. Unfortunately, due to low public awareness, not all attacks can be prevented systemically.

The pandemic has brought an increase in attacks

The CBA's survey among its Member Banks found that thousands of phishing attacks were targeted at their customers in 2020, several times more than in 2019. The number of attacks this year, although we are still in the middle of it, has already practically matched last year's total.
Thanks to the activity of banks and to caution displayed by customers, the vast majority of attacks (86%) have been successfully stopped. The remaining - completed – attacks when funds are withdrawn from the client's account and damage is thus incurred by the client, are often dealt with in cooperation with the CR Police. According to Petr Barák, Chairman of the CBA's Banking and Financial Security Commission, attackers are "successful" in completing attacks targeting card details which victims "provide" to them when shopping online on sites where the payment gateway is not adequately secured. "At the same time, it is important to remember that there are actually far more attempted attacks than the available figures show, and banks may not even be aware of some of them. For example, in the case of phishing e-mails, attackers use the method of carpet bombardment and can send a single phishing e-mail to hundreds of thousands of e-mail addresses of their potential victims. However, if the clients have their devices well secured, these attacks end up in the client's mailbox as spam," adds Petr Barák. Banks deal with successful attacks individually with their clients and try to help them as much as possible. However, in cases where a client is proven to be in gross violation of security rules - e.g., if they have a PIN written on their card, or if they download programs and applications from untrusted sources - banks cannot be expected to reimburse clients for the damage. In such cases, the client is referred to the law enforcement authorities with his claim for compensation, with the understanding that the damage must be recovered from the perpetrator of the crime.

Attackers' methods are evolving, vishing is the most insidious one

In addition to the increase in attacks using traditional phishing methods, such as fraudulent e-mails exploiting the visual identity of a legitimate banking institution, fraudsters have also started using  vishing last year. Vishing is based on inducing fear and panic in the victim. The attacker often calls the client at an unusual time and pretends to be a banker or a police officer. He/she uses the client's personal data, which the attacker has obtained to gain the client's trust in an online environment, for example, often from social networks. The client then easily believes that his/her account has been compromised and that the only thing that would save his/her funds is to send them to the account that the fake banker tells him to send it to. The attacker then instructs the client on how to authorize the transaction. There have also been cases where the attacker convinces the victim to withdraw cash from his/her account and deposit it through a bitcoin deposit machine. The biggest danger of vishing is that the attacker, using the above-mentioned social engineering techniques, essentially forces the victim to break all the security barriers himself/herself. Under the influence of fear, stress and time pressure, we unfortunately have a natural tendency to comply with the voice on the other side. The most effective form of defense against it is at least a basic awareness of the existence of this type of attack. 'Phone number spoofing' is particularly insidious when attackers can spoof any phone number, including bank hotlines, so that if the victim has the phone number to their bank's call center saved in their phones, their bank's incoming call will appear on their screen. "The service offered by operators and enabling the changing of phone numbers is very unfortunate and it is often abused by criminals. In the UK, for example, blackmailers called victims in this way using the 'spoofed' numbers of their offspring whom they have fictitiously abducted, demanding immediate ransom from the victim, under the threat, of course, that if the victim contacts the police, the child would be harmed. The parent then quickly paid the ransom, even though his or her child was sitting safely at school with a mobile phone in his schoolbag at the time," says Petr Barák, explaining why the Czech Banking Association has begun negotiations with operators and the Czech Telecommunication Office to cancel the service, limit it, or secure it against abuse by fraudsters. In this case, the banks have no way of protecting their clients.
In 2020, the number of vishing attacks on clients of Czech banks was in the low hundreds of cases, with attackers being successful in roughly 25% of them. This year, the success rate of these attacks has dropped to roughly 14%, but the number of attacks has risen sharply - by the end of May alone, attackers had carried out roughly 6 times more attacks than in the whole of last year. While vishing attacks are not as massive in number as phishing attacks, the financial losses of clients are often very high.

Public awareness is essential, Cyber Campaign is being launched

It is clear that crime is moving from the streets to the internet, and this danger is still greatly underestimated by the public. For these reasons, the Banking Association has currently established close cooperation with the Police of the Czech Republic and with ESET Company in the area of cyber security. Together, they are launching a preventive "Cyber Campaign" with the main motto "You can be the target of an attacker too!" Its key part is the web application. It is a specially prepared online interactive quiz in which the user can test whether he/she can identify suspicious elements indicating that he/she has been targeted by online fraudsters in realistic-looking simulations. At the end of the quiz, the user will be offered a comparison with other participants or more information on the issue. On, you can also find information about other common methods used by the attackers!

Odhlásit se z odběru novinek.