Our Privacy Policy

Our Privacy Policy

For BANCO INTERNACIONAL DE COSTA RICA, S.A. and Subsidiaries (“BICSA” or “us”), the protection of your personal data is extremely important. We are committed to ensuring the protection and security of personal data (as detailed in this document) that our customers and suppliers entrust to us or that we obtain in the course of our business relationship.

In this Privacy Policy, the term “personal data” refers to our customers’ personally identifiable information that we obtain in connection with the banking products and services we provide to them or, in the case of our suppliers, the products and services they provide to us. For the purposes of this Privacy Policy, personal data will not be considered to be data obtained from public sources of information, nor anonymized information, for historical, statistical or scientific purposes.
Among the banking products and services that we provide directly to our clients are the following:

  • Deposit accounts
  • Loans
  • Credit Cards
  • Economic, financial or investment advice
  • Electronic Banking (including Mobile Banking and Internet Banking)

This Privacy Policy also applies to personal data received from candidates who apply for job vacancies with us, as described below.

This Privacy Policy is governed by Law 81 of 2019, Executive Decree 285 of 2021, its eventual amendments and related Banking Agreements.

Banco Internacional de Costa Rica, S.A., with registered office for its main offices at BICSA Financial Center tower, 50th Floor, Aquilino de La Guardia street and Balboa Avenue, Panama City, Republic of Panama, acting on its own behalf and on behalf of its Subsidiaries, listed below, is the Controller of the processing of your personal data:

  • BICSA Factoring, S. A.
  • BICSA Capital, S. A.
  • BICSA Leasing, S. A.
  • BICSA Fiduciaria, S. A.

e-mail address: seguridadyprivacidad@bicsa.com.

We obtain data about you from the following sources:

Source Examples
Information we receive from you on applications and other forms. Contact details, demographic data and details of income and financial situation, among others.
Information about transactions made with us. Details of source and destination accounts, amounts, date and time of the transaction, authorized signatures, among others.
Information about your transactions with nonaffiliated third parties. Details of source and destination accounts, amounts, date and time of the transaction, authorized signatures, among others.
Information from public institutions and credit reporting, due diligence and tax agencies such as APC, Tribunal Electoral and Equifax, among others. Credit and criminal history, immigration and employment status, among others.
Information about your use of Electronic Banking. User-id, e-mail address, IP address, browser identifiers, device and session (date/time/duration), location, biometric data for multifactor authentication.
Information to apply for job openings at BICSA. Contact data, demographic data, resume, educational, professional and criminal history, personal and professional references, among others.

On our website we use the technology called “cookies” to improve the experience of our users. When you access BICSA’s website, you will be presented with a small box that allows you to choose the cookies you wish to accept, from those that are strictly necessary to those that are optional. The following is a description of the cookies used on our website:
Strictly necessary:

Cookie Name Provider Type Purpose Description Expiry
_grecaptcha Bicsa.com HTML This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Persistente
_GRECAPTCHA Google.com HTTP This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. 179 days
ARRAffinity Bicsa.com HTTP Used to distribute traffic to the website on several servers in order to optimize response times. Session
ARRAffinity s11wa004-
HTTP Used to distribute traffic to the website on several servers in order to optimize response times. Session
Bicsa.com HTTP Used to distribute traffic to the website on several servers in order to optimize response times. Session
HTTP Used to distribute traffic to the website on several servers in order to optimize response times. Session
incap_ses_# Bicsa.com HTTP Preserves users states across page requests. Session
nlbi_# Bicsa.com HTTP Used to ensure website security and fraud detection. Session
rc::a Google.com HTML This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Persistent
rc::b Google.com HTML This cookie is used to distinguish between humans and bots. Session
rc::c Google.com HTML This cookie is used to distinguish between humans and bots. Session
rc::d-15# Google.com HTML This cookie is used to distinguish between humans and bots. Persistent
visid_incap_# Bicsa.com HTTP Preserves users states across page requests. 1 year
_ga Bicsa.com HTTP Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 year
_gat Bicsa.com HTTP Used by Google Analytics to throttle request rate. 1 day
_gid Bicsa.com HTTP Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day


Cookie Name Provider Type Purpose Description Expiry
___utmvc Bicsa.com HTTP Collects information on user behaviour on multiple websites. This information is used in order to optimize the relevance of advertisement on the website. 1 day

Through the means that we have enabled for these purposes, you give your consent to be contacted by e-mail, SMS, or any other equivalent means of electronic communication, to send you commercial, marketing and/or advertising communications.

However, if at any time you do not wish to receive further communications of this nature, you may revoke your consent by sending a notification to the following e-mail address seguridadyprivacidad@bicsa.com, providing a copy of your identity document, or by using the link provided for this purpose in the commercial communications you receive.

Once you unsubscribe from marketing communications, we may continue to send you operational and transactional communications, such as those related to customer service, fraud detection and prevention, and activities related to the products and services you maintain with us.

Pursuant to the authorizations and consents granted by you, the personal data collected is used to provide you with our products and services. This includes pre- and ongoing due diligence, fraud detection and prevention, identity verification, transaction and transaction processing, customer service, product and service related surveys, collection, analysis and research, enhancements to our products and services, and transactional and marketing communications.
In addition, if you apply for job vacancies with us, we will use your personal data to contact you, verify your eligibility for the vacancy applied for and, if you are hired, prepare your employee file. The personal data of applicants on their resumes submitted but not hired will remain for future job vacancies with us.

We limit Access to your personal data and findientcial information to those employees, subsidiaries, affiliated companies and suppliers who require the information to provide our products and services. We maintain the administrative, organizational and technical controls established by law for the protection of personal data, and we also contractually require our suppliers to do the same. For more information, please contact our Data Protection Officer at seguridadyprivacidad@bicsa.com.

We will not disclose any personal data or confidential information about you without your consent or as permitted by law.

Depending on the producto or service you maintain with us, the retention period of your data may vary. Unless otherwise provided by law, we will retain your personal data for a period of seven (7) years after the end of the business relationship.

Rigth Content
Access Consultation of personal data included in our files.
Rectification Modification of your personal data when it is inaccurate.
Cancellation Request that we delete your personal data.
Opposition Request that your personal data not be processed.
Portability Obtain a copy of your personal data.

You may exercise your rights by visiting any BICSA branch, or by writing to our Data Protection Officer at seguridadyprivacidad@bicsa.com. Remember to accompany your request with a copy of your identity document.

Likewise, you may file a complaint with the Superintendency of Banks of Panama, in case you are not satisfied with the attention given to your request to exercise your rights.

Please note that, in cases where you have provided us with your personal data for the contracting of banking products and services, the exercise of your rights may affect our ability to provide you with such products and services.

We update our Privacy Policy annually, or more frequently if there is a legal requirement or organizational change that warrants it.

Last update: May 26, 2022.



If you should have a question about or suspect being the victim of fraud, do not hesitate in contacting your relationship officer or the Customer Service Department at 800-800-24272, (+507) 208-9500.

email: servicioalcliente@bicsa.com / customerservice@bicsa.com

For credit card reporting, contact the lines with 24-hour service: US and Canada +1-800-396-9665 Other countries: (+507) 303-2189.

Common Frauds

Common Frauds

Social engineering is a psychological manipulation of people to perform actions or disclose confidential information. The attackers focus on creating a good pretext, or an invented scenario, that they can use to try to steal the personal information of their victims. Social engineering can occur in person-to-person conversations, telephone conversations, email exchanges or social media promotions.

We recommend that you never disclose and / or share your confidential information. Remember that BICSA will never ask you by phone or email or social networks; the information regarding your password, user, token or your confidential information.

The objective of Phishing or identity fraud is to acquire confidential information in a fraudulent manner. It commonly begins with the receipt of a phony email that takes the person to a clone of a legitimate website, in this way allowing for the disclosure of personal and confidential information that is then used to commit fraud.

You can identify this type of email as follows:

  • The email urgently asks for confidential information about your bank accounts or online baking access information.

  • The email could be about a special deal or to inform you that you have won a prize and asks you to input personal information.

  • The body or subject line of the email may contain obvious and numerous spelling errors.

We recommend that you never provide confidential information through email. To gain access to BICSA’s Online Banking, type in www.bicsa.com into your browser’s address bar.

Pharming is a type of cyber-fraud that commonly occurs when the computer is infected with a harmful “trojan horse” program or virus that takes it to a false website, with the objective of stealing the victim’s confidential information. This type of fraud occurs when downloading images or programs linked to a fraudulent email, or when downloading files or images from internet pages belonging to unknown sources.

It is an online crime that usually occurs when a user’s computer is infected by a malicious program termed a “trojan horse or virus” that takes the user from a bank’s website to a fraudulent website to steal confidential information and allow for the commission of fraud.

We recommend that you do not download files or images from unknown sources on the internet and to keep your computer’s anti-virus software updated.

Malware is a software designed to interfere with the normal operation of a computer and usually its user does not realize what is happening because it runs in hidden mode. Malware is short for (Malicious Software).
Among the symptoms that can show the presence of malware on your computer are:

  • Slow speeds of the computer or web browser.

  • Strange files or programs, or desktop icons appear.

  • Programs that run, shut down or reconfigure themselves.

  • Strange computer behavior, freezing, blocking, etc.

  • Emails / messages that are sent automatically and without the knowledge of the email owner/sender.

BICSA recommends the following measures to prevent malware:

  • Keep your computer with updated antivirus program and personal firewall enabled.

  • Regular updates of the operating system and other application software installed on your computer.

  • Back up your information constantly. Periodically test that backups work.

Protect Yourself

Protect Yourself

Your personal information is private and confidential. Do not publish or disseminate the following information in any form (print, telephone, mail, person-to-person conversations and / or social networks):

  • Personal Identity Card, Passport, Social Security and / or driver’s license.
  • Number of your credit and / or debit cards, or their security pin number. Try not to write them but learn them.
  • All your personal information and bank information is important. Before throwing them away, try to disintegrate it, crushing the information and throwing them in various trash cans.
  • Always check your credit history and report any unusual or unrecognized activity by you.
  • Memorize your password and do not write it anywhere it can be easily discovered by other persons.

  • Never include your password in an email.

  • Avoid the use of birthdays, phone numbers, pet or family names in passwords.

  • Do not utilize the same password for more than one account. If your password is discovered, it could give the attacker access to several of your accounts.

  • Create passwords in accordance with the website’s requirements. We recommend creating complex passwords that utilize upper case letters, lower case letters, numbers and special characters.

  • Change your password from time to time for greater security.

  • Always enter our Online Banking through our website, writing our website’s address www.bicsa.com in your browser’s address bar.

  • Once you are at our website, make sure that a green lock appears in the address bar, and that the address is shown as “https://www.bicsa.com” , the “s” indicating that it is a secure website.

  • Memorize your Online Banking access credentials (user name and passwords) and don’t share them with anyone.

  • When you are finished using Online Banking, make sure to close the session, clicking on the corresponding button.

  • You should use Online Banking through known devices, be it your personal computer, work computer or personal tablet.

  • Use the latest versions of Internet browsers for which our Online Banking is certified.

○   Google Chrome
○   Mozilla Firefox
○   Safari
○   Microsoft Edge

  • Keep your security token or device in a safe place.
  • Avoid making transfers from public places.
  • Verify that the beneficiary account’s information is correct.
  • If you receive an email with information about the transfer you are carrying out, contact the beneficiary to confirm the information.

  • BICSA will never ask for this information through emails, telephone, person to person or social networks.

  • Delete any email where you are asked for confidential information, such as your telephone, client number, user name, password and account information, especially if it is marked URGENT.

  • Be wary of emails that show obvious and numerous grammatical errors. Often, these emails are fraudulent.

  • Never gain access to our website from links included in emails you have received.

  • Keep your computer updated with the latest version of an anti-virus software.
  • Avoid downloading programs and applications from untrustworthy sites, as these may have a virus that will affect your computer.
  • Make sure that your internet browser has the latest updates released by its maker.
  • Avoid sharing your computer with unknown persons that could have access to your confidential documents.
  • Keep a personal firewall active on your computer.
  • Update your computer’s operating system with the latest releases from its maker.
  • Constantly review your accounts’ transactions to aid you in detecting fraud and detecting a suspicious transaction.
  • Use ATMs that are in well illuminated areas and are not isolated.

  • Never use ATMs that seem deteriorated or have obvious damage.

  • Check the appearance of the ATM to detect possible alterations or overlapping parts that you have not normally seen in others.

  • Protect your PIN, do not share it with other people and cover it when typing it on the keypad.

  • Check that there is no suspicious individual around you and do not accept help from anyone when using the ATM.

  • If someone approaches you at the moment of making a transaction, ask for their distance.

  • Be sure to withdraw your card after each transaction.

  • Frequently check your account statement for transactions made with your card to make sure they have been made by you.

BICSA Protects You

BICSA Protects You

Banco Internacional de Costa Rica, S.A. (BICSA) is committed to the security of its clients and periodically maintains and updates extended validation security certificates on its website and for Online Banking.

A security certificate provides a secure connection between Internet users and the website that uses it. It is issued by a certifying authority and uses the SSL encryption system.

The extended validation security certificate guarantees users of a site that they are really entering the entity’s website, in this case, Banco Internacional de Costa Rica and that said entity has the exclusive right to utilize the domain specified on its site.

You can identify a site that has a security certificate in the following manner:

Upon gaining access to a site that utilizes a security certificate, you will observe in your web browser’s address bar the following:

  • The website’s address begins with https://
  • An icon depicting a lock

To identify a site with an extended validation security certificate, you will see that your web browser’s address bar has all the characteristics of a site with a security certificate and additionally shows, shaded in green and to the right, a rectangle with the name of the company that owns the website.

Upon entering our website or Online Banking, you will see that the address bar will read Banco Internacional de Costa Rica, S.A.

  • The token is an electronic device that the Bank will provide to the client as a second authentication factor to gain access to the Online Banking site and as validation to perform transactions.
  • This device generates single-use dynamic passwords that will be requested by the Online Banking system.
  • We use access credentials such as user name and password.
  • For input of the password, we use a virtual keyboard for greater security.
  • The token is used as an additional authentication factor, for clients’ greater security.
  • We impose a maximum transaction amount.
  • The Online Banking system has an “End Session” button so that the user can terminate the session once transfers have been made.

BICSA offers its clients a tool that allows notifications to be sent and received in a reliable and secure manner.

To achieve this, the Microsoft Office 365 services is used, which through emails, allows the sending and receiving of notifications, account statements and transaction notices, in an encrypted manner, ensuring the security of the information contained in the message.

For access to the tutorial from our website:

See Instructions

At BICSA, security is a primary attribute in the relationship with our customers, users, employees, suppliers, shareholders and the community in general.
Our security culture is promoted by a solid Corporate Security Policy based on strict compliance with security standards that contribute to the protection of confidential and banking information of all our clients.

We have a security awareness program that includes training for all employees of the organization and online banking clients, so that they increase their ability to proactively identify electronic fraud situations and take corrective actions so that fraud is not realized.

All our systems are cutting edge and have the highest technology to safeguard the interests of all interested parties. We also have qualified personnel who work permanently so that the handling of your information is confidential and trustworthiness.