Frequently Asked Questions


Business Online Banking

    • Never give out your personal information over the phone unless you have initiated the call and completely trust the caller. This includes bank account numbers, PINs, your Corporate ID etc.
    • Always question the identity of people/companies that initiate contact with you - via email, mail, telephone or even in person—remember, ID cards, letterheads and business cards can easily be counterfeited.
    • Safeguard bank statements, utility bills and other documents that, potentially, contain sensitive information. Do not simply throw these in the recycling bin—shred them when you no longer require them. Never leave your personal information unattended or out in the open.
    • Reconcile bank accounts regularly. Challenge unauthorized transactions immediately.
  • The only way anyone can access your account is by supplying correct login credentials to our online banking website. This is why it is crucial to not let anyone else know these details! If you think someone may know any of your security details, please call our Customer Service at on (+356) 2557 4444 or contact your Relationship Manager.

    • Keep your computer up to date – ensure your operating system, web browser, and applications have the most current updates. Enable automatic security updates.
    • Anti-virus programme - Use a quality anti-virus program, and ensure that you receive regular updates for your virus definition files.
    • Public computers - Avoid accessing online banking from public or shared computers, e.g. Internet cafés, libraries, and hotels. Use of shared computers substantially increases risk of possible account compromise.
    • Internet browser - Make sure you have a current version of your Internet browser installed.
    • Log-off and close the browser window - Do not leave your computer unattended. Always log out of our online banking and close your browser if you step away from the computer.
  • Viruses, malware (short for malicious software), and spyware are computer programs that are designed to gather information, or gain unauthorized access to computer systems. It may be disguised as genuine software.

    Fraudsters use spyware to steal the logon credentials. This may enable the fraudster to log into the customer’s account. Spyware is often designed to monitor users' web browsing, and it may be capable to record the keystrokes entered on the PC. It may then be able to transmit a record of those keystrokes to the criminal controlling the malware over the Internet. Spyware can be surreptitiously installed by visiting an infected website, or by opening an infected email attachment.

    Good security measures that would stop most spyware from infecting your PC are:

    • Enable the option of receiving automatic security updates in your operating system.
    • Keep your browser and browser plug-ins (such as Java and Flash) updated.
    • Have antivirus software that updates its signatures daily via the Internet.
  • The most prevalent “phishing” attacks have the following in common:

    • A criminal sends thousands of emails to customers. These emails appear to come from the Bank.
    • It urges you to update some information on a fraudulent website that mimics our online banking website.
    • On the fraudulent website, you will be asked to provide sensitive account information.

    Phishing attempts trick you into thinking that you are providing information to a bank when, in fact, you are giving it to a criminal. Here are a few signs that an email message you have received is a “phishing” attempt:

    • Have urgent or time-sensitive message requesting you to act immediately, or suggests dire consequences if you do not. Scam artists are hoping to get you to react quickly before the fraud is detected.
    • Requests that you verify your information, and provides a link for you to do so. The link will take you to the scam artists' fake website in the hope that you disclosure your personal information.
  • It is important to note that a phishing attack does not involve a breach of our security systems. Instead of breaching the security of banking systems, criminals rely on unsuspecting customers to reveal their personal account information. Fraud success is related to the lack of customer education. In the past, customers were often being telephoned and tricked into revealing their account numbers. This type of fraud eventually declined—not because people stopped using their telephones, but because they became more informed about the risk of giving personal information over the phone.
  • There may be phishing scams that are circulating using the name and logo of the Bank in an email with a link to a false online banking website. The link then connects to a website that looks very much like our actual online banking website. Please do not submit any information on the fraudulent site. The information submitted via this website is used to commit fraud.

    By using the logos and letterhead of financial institutions, fraudsters are able to convince some of their target victims to respond. The Bank does not solicit members for personal and confidential information by email. If you receive a phishing email that claims to be from us, please report it to phishing@medirect.com.mt. This is the surest way to confirm your suspicions and to enable us to protect other members.

    Hypertext links in emails are not always what they appear to be. Scammers use techniques to make links appear valid, but the actual link may redirect to a fraudulent website. If you have any doubt about an email, type in the Internet address of MeDirect yourself, and do not click on embedded links. Always look for the padlock in your browser, the https:// in front of business.medirect.com.mt to help validate that you are visiting our online banking website.

    Please be sure to take the following measures:

    • Give your login credentials only at the login page on https://business.medirect.com.mt.
    • Do not provide information in response to an unsolicited request, whether it is in an email or over the phone.
    • Never send your password, PIN or answers to security questions via email.
    • Be suspicious of urgent requests for personal financial information.
  • To securely access our corporate internet banking, please open a new browser window, and navigate to https://business.medirect.com.mt. You can verify that you are on our real log-in page in 3 easy steps:

    • The address in the address bar starts with https://
    • The domain in the address bar is correct: business.medirect.com.mt
    • The browser displays a padlock, indicating that the connection is secured.
    • Check the validity of our digital certificate by clicking on the padlock.

    Note on the fourth step: This will help you confirm the authenticity of our online banking website. Digital certificates authenticate websites. They are issued by certification authorities, and include the name, serial number, and expiry dates.

    To check the validity of our digital certificate, click on the padlock in your browser. The location of the padlock varies depending on the browser you are using. You should see the name of the owner, and the validity period of a certificate. This is what you should see if you are on the real online corporate banking website of the Bank.

  • There may be several reasons why you are not able to log in:

    • Account has been blocked. Account may be blocked if we detect several failed attempts to logon to your account. If you receive a message that indicates that your account has been blocked, please call Customer Service at 2557 4444. Please note that we will need to verify your identity before we can unblock the account.
    • Typing errors. Internet users often type in an address to reach a web site. Secure pages have slightly different addresses from other sites on the Internet. To logon to online corporate banking, type-in https://business.medirect.com.mt into your browser’s address bar. Note: secure web sites begin with https://.
    • Cookies. A cookie is a small piece of information that a website can store on your computer. We use cookies to maintain continuity during your online banking session. Cookies must be accepted in order to access your account online. Check your browser settings to ensure you are accepting cookies from our websites.
  • We will accept your queries via email if you have signed an indemnity document with the Bank. Please note that email is not a secure medium of communication. Consequently the Bank advises to make use of the secure messaging functionality within the Corporate Internet Banking service.
  • We are using the security token to authenticate your online banking session. Please immediately inform the Bank that you are no longer in the possession of the token by calling our Customer Service on (+356) 2557 4444 or contact your Relationship Manager.
  • Additional users need to be setup by the Corporate Administrator. Please refer to manual for further assistance. Once the user is setup the Bank will arrange for an additional token to be provided upon notification from the administrator.
  • Notify the Bank immediately if you believe that your account has been compromised in any way. Please call our Customer Service on (+356) 2557 4444 or contact your Relationship Manager.

  • To logon on to online corporate banking, type-in https://business.medirect.com.mt into your browsers address bar. Please refer to “How do I know I am on your safe online banking website?” for more information. Alternatively, you can click on the Login button on the top right corner of our Business Banking website.
  • Software vendors regularly update browsers to fix security vulnerabilities. You should use the latest stable version of your browser. Keeping your browser and other software up to date will keep you safe. Our online banking website has been tested with Google Chrome 16 or above, and Microsoft Internet Explorer version 9 or above. Other browsers may work, but the display and printing of pages may not be ideal.
  • To prevent unauthorized use of your account, and to prevent others from viewing your information, we automatically sign off your online banking session after a period of inactivity. Despite this, do not leave your computer unattended if you are logged on to our online banking. Always log off before leaving your desk, even when you will only be away for a few minutes.

  • We use RSA SecurID security tokens to authenticate your online banking session. It is therefore important to ensure that only you have access to the token at all times. If you have lost the token, please notify the Bank immediately.
  • Security of your personal information is a top priority for the Bank. We employ industry-standard technologies to ensure that your account information remains private and secure. The Bank undergoes regular security audits, employs firewalls, intrusion detection systems and other software that has been designed to provide maximum security. Other security measures implemented by the Bank include:

    • Internet banking service is provided over a secure channel (SSL/TLS).
    • All communication between the Bank and the client’s browser is encrypted.
    • Data integrity is cryptographically ensured at all times.
    • Secure channel prevents third parties from eavesdropping on or tampering with data.
    • Your banking session is automatically logged out after a period of inactivity.
    • The Bank employs various physical, electronic, and procedural safeguards.
    • The Bank monitors access to our financial systems and responds promptly to security alerts.
    • We always take steps to verify identity before giving out your account information over the phone.
    • Access to online banking will be suspended after 3 invalid login attempts.
    • The employees of the Bank are not authorized to ask for your PIN from the security token.
    • All access to the Bank’s systems is monitored and recorded for audit trail.

    Secure communication is a process that makes sensitive information illegible to unauthorized parties before it is sent over the Internet; it keeps information private between the Bank and your Internet browser.

    You also have your own responsibilities to protect the security of your online bank account. Keep your security token secure and make sure that no one is watching as you enter your PIN. Take appropriate precautions, and keep your computer free from viruses that could be used to capture keystrokes.

  • The security of online banking depends upon a partnership between you and the Bank. The Bank maintains a vigilant and thorough approach to the security of all of its systems; however, the customer must also follow good security practices.

    Your security token and logon credentials are like keys to a safe. It is therefore important to follow good security practices:

    • Keep your security token and your Corporate ID secure;
    • Make sure that no one is watching as you enter the credentials on the log-in screen.
    • Keep your computer free from viruses. They are frequently used to impersonate you to the Bank.
    • Do not share your security token and Corporate ID with anyone.
    • Check your transaction history details regularly. This will help you keep track of your account activities.
    • Verify that you are connecting to our banking website by checking the domain name and certificate.
    • Notify the Bank immediately about lost or stolen information, or suspected fraudulent activity.

    Most attacks on online banking exploit the fact that customers frequently fail to verify whether they’re interacting with a real banking website on their web browser. Attackers are known to create fake websites that mimic real online banking applications to lure customers into supplying their login credentials. The credentials are then used by the attacker to logon to the real banking website. For more details, please refer to “How do I know I am on your safe online banking website?” If you have security concerns, please call Customer Service on (+356) 2557 4444, or email phishing@medirect.com.mt.

Foreign Exchange

  • We offer spot, forward, flexible-forward (window) contracts for major currency pairs. In addition, we offer foreign currency accounts as both demand and time deposits, to help make the most of your foreign currency assets.
  • Yes. MeDirect maintains international banking relationships that covers most traded currencies. Any incoming payment you receive can be converted into the currency of your choice. Alternatively, if you have an account in any currency other than Euro, it can be credited with the incoming funds with no further conversion. 
  • You can instruct international payments in a variety of currencies by traditional methods or via our comprehensive online banking platform. Payments that include an element of foreign exchange will be executed in line with your instructions.
  • We constantly monitor foreign exchange rates in live markets throughout the day in order to provide you with the most up to date prices. For an indication of our opening rates (updated daily), please click here.
  • Our approach is to gain an understanding of your goals and risk tolerance in relation to foreign exchange in order to implement effective strategies for your business:
    • We avail ourselves of foreign exchange specialists who will assess your needs.
    • We can help you minimise foreign currency exposure in a solution which is tailored to your business.
    • We continuously monitor markets to assist you in taking advantage of any opportunity in line with your pre-determined goals. 

GDPR

  • GDPR stands for General Data Protection Regulation and is the new European Union Regulation set to replace the Data Protection Directive (DPD). GDPR was approved by the EU Parliament on April 14th 2016 and involves the protection of personal data and the rights of individuals. Its aim is to ease the flow of personal data across the 28 EU member states. GDPR will come into effect on the 25th May 2018.

  • GDPR introduces 8 fundamental rights under GDPR. These are:

    1. The right to be informed – Organisations must be completely transparent with regards to how they use personal data.
    2. The right of access – Data subjects (identifiable people) have the right to access their personal data and supplementary information. This means that you are aware of and able to verify the lawfulness of the processing of your data.
    3. The right to erasure (or right to be forgotten) – You are entitled to have your personal data erased or removed without the need for a specific reason as to why you wish to discontinue.
    4. The right to object – You have the right to object to the processing of your data based on legitimate interests and/or direct marketing and/or processing for scientific, historical research or statistical purposes.
    5. The right to rectification – You have the right to rectify or complete any personal information that an organisation holds about you.
    6. The right to data portability – You have the right to obtain and reuse your personal data for your own purposes, across different services. You are also entitled to move, copy or transfer your data from one organisation to another.
    7. The right to restriction of processing – You have the right to restrict or suppress access to your personal data.

    The right of automated decision-making and profiling – GDPR has introduced controls to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example you can choose not to be the subject of a decision where the consequence has a legal bearing on you or is based on automated processing.

  • During the last several months MeDirect has been working on a GDPR compliance programme. Different initiatives have been carried out with both customers and employees in mind, including:

    • Updating our Data Protection Policy
    • Providing Data Privacy awareness training to all our employees
    • Delivering training to employees on how to deal with GDPR requests
    • Revising our Privacy Notices, Terms and Conditions and Cookie policy
    • Revising our Marketing Consent statements
    • Updating our internal policies to ensure that they are in line with GDPR legislation
  • MeDirect ensures that your data is stored securely. Therefore, we have implemented and constantly updated our technologies to ensure that your personal data is protected from unauthorised access, unauthorised modification or loss.

    In instances where a third-party provides a service to MeDirect we ensure that they are contractually bound to implement adequate information security controls to safeguard access to your data including encryption. Data provided to those third-parties shall only be utilised for the sole purposes stipulated in the contractual agreement. 

  • We have updated our Privacy Notice to reflect GDPR requirements. The Notice provides an explanation of what information we gather about you, what we use the information for and who we give the information to. The Privacy statement also sets out your rights as a Data subject and provides the MeDirect point of contacts to clarify any questions you might have on Data Privacy.

  • GDPR requires that at least one of the following six ‘lawful basis’ apply, in order for us to process your data:

    • Consent – As a Data subject you must provide clear consent to process personal data for a specific purpose. For the purposes of documentation, your declaration of consent must be obtained in writing, electronically or through a recorded oral statement.  
    • Contract – Processing your data is necessary to fulfil the obligations of a contract.
    • Legal obligation – Processing your data is necessary to comply with a legal obligation.
    • Vital interests – Processing your data is necessary to protect someone’s life.
    • Public task – Processing your data is necessary to perform a task in the public interest or for official functions. In this scenario the task or function must have a clear basis in law.
    • Legitimate interests – Processing your data is necessary for the legitimate interests of an individual or the legitimate interests of a third-party, unless there is good reason to protect the individual’s personal data which overrides those legitimate interests.