Electronic Banking. HSBC Trinkaus & Burkhardt. Bank since 1785

Transcription

1 Electronic Banking

2 Online banking The range of electronic banking services offered by allows you to conduct certain banking transactions through our online banking service. Using your PC or laptop, you can conveniently check account balances and securities account holdings, or transfer money - within Germany or abroad. For this purpose, you have a choice of either using the tradition PIN/TAN authentication method, or the new HBCI online banking standard. PIN/TAN You can easily access the classic form of online banking through our homepage, using a PIN (personal identification number) and list of TANs (transaction numbers). No additional software installation is required the service is accessible at the following URL: HBCI HBCI' is short for Home Banking Computer Interface a standardised and comprehensive online banking platform that is independent of specific systems. With the current HBCI definition as an internet-based banking solution, all that is required is access to the internet (via any internet service provider), plus HBCIcompliant software. HBCI services use an electronic signature to authenticate your banking transactions PIN and TAN lists used in traditional internet banking are no longer required. The combination of state-of-the-art cryptography and chip cards ensures secure communications especially via the internet. HBCI offline This service requires HBCI-compliant software. As HBCI is a general banking standard, you can use any commonly-used, HBCI-compliant software to exchange data with HSBC Trinkaus & Burkhardt or any other bank providing HBCI-compliant services. If you don t have any HBCI-compliant software, just let us know we will gladly provide you with our e-assistant product. HBCI online (e-assistant online) This access option is available straight from our website, with no additional software required. Being the online version of our HBCI-compliant e-assistant software, it offers virtually the same functionality, with the exception of certain functions offering extra convenience. 1

3 HBCI offline Our e-assistant software offers safe access to your accounts and securities accounts via the internet, using the established German HBCI standard. Functionality Information Account statements and transaction details Summary financial status Payments Domestic payments International payments Standard E cross-border payments Standing orders Payments for a specific future date Securities account Your securities portfolio, valued using the previous day's closing prices Current securities prices Creating a sample portfolio Profit and loss calculation Special functions Can be used for your accounts with multiple banks Standardised payment instructions Creation of master data for recipients/debtors supported Connectivity to price dissemination system (OnVista) GeldKarte (POS cash card) management functions System requirements Personal computer running Microsoft Windows (Windows 98 SE or higher) CD-ROM drive (required for installation) Internet access Chip card reader (when using a chip card as a security medium); or floppy-disk drive (when using a disk as a security medium). 2

4 HBCI online An HBCI plug-in is available from s website: This enables you to conduct your banking transactions from wherever you are. All you need are your access details (on a chip card, together with a chip card reader; on a disk used as a security medium; or your PIN, with a TAN list). Functionality Information Account statements and transaction details Summary financial status Payments Domestic payments Standing orders Payments for a specific future date Standard EC cross-border payment International payments Securities account Your securities portfolio, valued using the previous day's closing prices Special functions Can be used for your accounts with multiple banks System requirements Personal computer running Microsoft Windows (Windows 98 SE or higher) Internet access Chip card reader (when using a chip card as a security medium); or floppy-disk drive (when using a disk as a security medium). 3

5 PIN/TAN online This service is available directly from our website. When using PIN/TAN authentication, security is ensured via SSL (secure socket layer) encryption, which is widely used for secure internet communications. This access method does not require any security hardware, and can thus be used from virtually any computer with access to the internet. You can access the service on: or Functionality Account statements and transaction details Your securities portfolio, valued using the previous day's closing prices Domestic payments Standard EC cross-border payments Standing orders Payments for a specific future date Special functions Templates for payment instructions Import function for electronic data interchange (DTA) files System requirements Internet access 4

6 Online banking security issues 1 Information for online banking users While the internet offers enormous advantages and opportunities, there are various security risks involved in its use, too. With this in mind, banks take extensive steps to protect the information transmitted and processed when banking online. This includes, for example, ensuring that confidential data sent over the internet cannot be accessed or modified by unauthorised third parties. However, banks generally have no control over the systems used by their clients, who are free to choose whichever system or platform they wish to use for online banking. Moreover, these systems a PC connected to the internet, for example are often for a number of other applications as well. The systems used by online banking clients are therefore exposed to risks beyond the banks control. For this reason, banks cannot assume liability for these systems. Typical threats internet users are currently exposed to include: third parties accessing, deleting or tampering with your data while it is being transmitted; viruses and worms: programs that self-replicate, or are sent over the internet by and can damage your PC; trojans: programs that carry out operations compromising the security of your PC, such as intercepting passwords, without the user being aware of this; masquerading or phishing : using a false name, website or address for fraudulent purposes; hacking: unauthorised access to your PC via the internet. 1 Taken from Online Banking Security - Information for online banking users ; a brochure published by the Association of German Banks (Bundesverband deutscher Banken e.v.), Berlin (June 2005) 5

7 Security rules Banks have a number of measures in place that offer effective protection against attacks when information is sent over the internet, or processed by the bank s server. But to ensure that these security measures cannot be undermined, it is important for you, too, to take steps to protect the systems you use. These include in particular being safety-conscious when using the internet, and checking your bank statements regularly. Naturally, dangers are not lurking everywhere in cyberspace. Not everyone you come into contact with will, or intends to harm you. Just by following the ten rules outlined below you can dramatically improve the security of the PC you use to bank online, and to reduce risks to an unavoidable minimum. Should you nevertheless suspect that you have come across internet fraudsters, report any irregularities to your bank without delay. If you suspect a scam, have access to your online account blocked immediately. Make sure the emergency contact details of your bank are to hand at all times. Keep copies of all relevant information so that any attempted (or actual) fraud can be traced. Rule 1: Protect sensitive data when sending it over open networks Any unsecured transmission of data over the internet may be intercepted, or viewed by unauthorised third parties Banks have taken steps to ensure that data sent when banking online is encrypted during transmission by secure technology. Enter your PIN and TANs only when you are sure that you are on your bank s secure internet pages, and have an encrypted connection. One of the ways you can verify this is by checking that the URL of your bank starts with You should also bear in mind that data transmitted during online banking sessions is not automatically encrypted when stored locally on your PC, and should therefore be protected by further security measures. Never send sensitive information over open networks unless it is encrypted. Protect your confidential correspondence by using secure encryption methods. Rule 2: Be sure you know who you are dealing with. Not everyone on the internet is who they claim to be. It is comparatively easy for an expert to forge an address, or even fake a whole website perhaps that of the bank you use to bank online, for instance. Check the URL in the address box of the browser, and make sure your bank s internet address is correctly spelt: even the tiniest discrepancy may be a sign that the site is fake. You should also check the security information provided by the browser such as the results of certificate verification. This allows, among other things, the credentials of the server to which you are connected to be confirmed by an independent authority. You should not trust an address if the (apparent) owner is also the issuer of the certificate. If in doubt, ask your bank for information about trustworthy certification authorities which issue server certificates for the online banking service you use. You should divulge information only if you are certain who is receiving it and what will happen to it. Be suspicious of any departure from the usual routine, such as a request to enter your PIN when you are not expecting one. One of hackers favourite tricks is to obtain the information they need by impersonating someone in a position of trust. In a scam known as phishing ( password fishing ), for example, you will be asked by the fraudsters to update or re-enter your confidential access codes (such as your PIN and TANs) on your bank s website. You may receive such a request by or via manipulated internet pages. But the link will take you to a bogus website created by the phisher, who will then be able to capture your confidential 6

8 access details. So it is very important to verify that you are entering your confidential access codes on your bank s genuine website. One way to make sure of this is to enter your bank s internet address manually in the address bar of your browser. A more convenient method is to bookmark the address, and to ensure that you always use this route to access your online banking service. Be sure to look out for anything unusual when you are banking online, such as differences in the appearance of your bank s website. Rule 3: Be careful with sensitive data and access media. Protect your access codes and access media (e.g. PINs, chip cards) from unauthorised use. Never divulge confidential access data to a third party. Do not store sensitive data, such as passwords, PINs or TANs, credit card numbers especially not on your hard drive: if the PC is not used by you alone (your computer at work, for instance), this could otherwise enable third parties to view the information. In addition, special spy programs which may have managed to gain access your computer might be able to capture your data and send it on by , for example. If you use security-enhancing equipment such as a chip-card reader with a PIN keypad, make sure you enter your confidential codes only when requested to do so by the device. A very important point is not to store your dial-up password for connecting to the internet this will help to protect you from unwanted connections. Before entering personal access data such as your PIN, always make sure that the recipient is, in fact, your bank. Your bank would never contact you by or telephone and ask for your secret access details (PIN or TANs, for example). Do not answer such s or follow any instructions of this kind, even if you are advised that failure to do so may result in your account being blocked. Inform your bank about the attempted fraud. 7

9 Rule 4: Choose a secure password. If you want to use your PC to start an application such as online banking, you normally have to begin by entering a password. This enables you to prove who you are, and to show that you are authorised to work on a particular computer or with a particular application. So it is vitally important not to share this information with anyone. It also means that you should not write it down anywhere, and that your password should be unique and difficult to guess. A good password is usually six to eight characters long, and consists of a combination of upper- and lower-case letters, numbers and special symbols. When banking on the internet, the desired level of security may also be achieved by means of a combination of PIN and TAN codes. In any case, you should avoid proper names, well-known colloquial terms, repetitions of single characters (e.g. AAA-AAA ) or keyboard patterns (e.g. qwerty ). There are various strategies for selecting a combination that is difficult to guess: a simple method is to create a password from the first letters of a saying or a poem. Adding special symbols or numbers can add further complexity. 2hRbt1 might stand for two heads are better than one, for example. Change your password if you have reason to suspect someone may have discovered it. Rule 5: Only use software from trustworthy sources. Do not download programs from the internet, and/or install them onto your hard drive, unless you can be sure the source is reliable. Verify the identity of the provider. Viruses or Trojans may be introduced by downloading programs or opening an attachment. Do not open an attachment if you do not know who it is from, or what is in it. First save the content, then check it with a security software before opening any files or attachments. Think carefully about whether to install browser plug-ins, such as audio or 3-D applications, since these can also pose uncontrollable security risks. Rule 6: Use up-to-date software versions. Use only an up-to-date version of your preferred internet browser and PC operating system. Only the most recent versions of popular internet software can ensure that all known security gaps have been filled. Software manufacturers also develop small programs known as bug fixes or patches to solve security problems they have discovered. You should install these bug fixes/patches as soon as possible, to protect your PC from known vulnerabilities. Keep abreast of the latest developments: most manufacturers operate information services for this purpose. 8

10 Rule 7: Run security checks on your PC. Before you use your PC to bank online, take a few minutes to run a personal security check. Activate the security features that protect your computer from unauthorised access. These include, for example, the password that the operating system or screen saver asks you to enter when you start (or re-start) your PC. To make unauthorised access more difficult, you should not use an administrator account for online activities instead, use an account with minimum user rights. Bear in mind that if a PC is not used by you alone as is the case in an internet café, for example you can never be certain whether access is protected by up-todate security software, and what programs are actually being run on this computer. It is even possible that the keyboard might have been tampered with. You cannot expect one hundred per cent security in such an environment, which is why we generally recommend to refrain from online banking in such places. If, however, you must use an internet café for online banking, always clear the cache of the browser afterwards so that subsequent users cannot call up the pages you visited, and view any passwords you may have entered. Rule 8: Activate the browser s security settings. Activate the security settings of your internet browser. You can enhance your security on the internet considerably just by making intelligent use of your browser s security options. It is especially important that you block ActiveX Controls and allow Java Applets to be run only after confirmation. These so-called active controls are small, independent, active content programs that are run on your PC; in certain circumstances, they can trigger undesired actions (such as ing your password to a third party). Do not use your browser s auto-complete function, which saves any user names and passwords you enter, and suggests matches. Cookies store information in a special file on your hard drive, but do not read any other data. If in doubt, decide against permitting a website to write information onto your hard drive because this can later be used to create a user profile. Yet rejecting cookies as a matter of course is not always the best strategy. If you reject a cookie, you may be unable to use some websites. By accepting it, the web server will recognise you every time you return to the site. This enables the server to build up a file, and create a user profile, recording details such as which search terms you use and which pages you visit. Once your preferences and interests are known, targeted advertising banners can be placed. Special security software can prevent user profiles from being compiled, however. This allows you to have the benefits of cookies while preventing unauthorised third parties from tracking your behaviour for unwanted purposes. 9

11 Rule 9: Install virus scanners and additional security software. Install additional security software. Some security problems cannot be solved with your operating system s standard tools alone. An important additional tool is an efficient virus scanner provided that it is continuously updated and thus able to detect new viruses. New viruses are being discovered almost every day, and it is quite possible for you to become infected while surfing the web. Remember that as long as you are online, third parties can construct a profile of what information is on your PC, because your computer has its own address on the web and can thus be accessed from outside. If you do not have adequate security in place, you run the risk of unauthorised persons gaining access to the data on your PC by means of surreptitiously installed spyware applications. These can gather sensitive data, such as account information and passwords, without your knowledge or they may even record your keystrokes. The data is then sent to an unknown external address or server. Spyware programs may be hidden by fraudsters inside internet pages, s or attachments, and are therefore sometimes also called Trojan horses, or just Trojans. As soon as an infected program is opened, the spyware will install itself on your computer without your knowledge. Therefore, delete suspicious s without opening them. Do not open any suspicious attachments, even if they appear to come from a familiar sender address. Deactivate your client s autopreview function to avoid s being opened automatically. A personal firewall can protect you from such attacks. A firewall is a program that monitors all incoming and outgoing traffic between your PC and the internet, and permits only known or authorised connections. Computer stores also offer a wide range of other software that can help to improve the security of your PC, such as access protection and encryption devices. Keep abreast of any new security threats on the internet, and of the steps you can take to protect yourself against them. You will find information about how to bank online safely on your bank s website. Moreover, the German Federal IT Security Authority (BSI) website ( in German only) offers a wealth of information on internet security. Rule 10: Back up your data on a regular basis. Maintaining backups of your files is one of the golden rules for using a computer regardless of whether or not you bank online. It is usually extremely difficult, if not impossible, to salvage data once it has been deleted or corrupted. A convenient way of making backups is to use a removable hard drive, a CD or DVD writer, or a tape drive. Whichever method you choose, do not forget to make backups of new or modified files on a regular basis. And keep your backups in a safe place that is to say, separate from your PC and secure from unauthorised access. 10

12 Glossary ActiveX Control An ActiveX control is a small Windows program which can be run using a web browser, for example. ActiveX controls may already be present on your computer, or may be automatically downloaded when calling up a website. Cache A cache is a temporary storage space, on the hard drive of your own computer, or on an external computer. Cookie A cookie is a small text file stored on your PC by a web browser, upon the instructions of a web server, containing details such as your online requests or preferences. Cookies mainly act as a kind of electronic note-taker for servers, recording user-specific browsing habits, including which websites were visited, how often and for how long, or whether a website should be sent to the user in a personalised form. Firewall A firewall is a computer that monitors and controls data traffic between a local network (or a stand-alone computer) and other networks, such as the internet. The function of a firewall is to protect the local network or computer from unauthorised access. A personal firewall is a program performing the functions of a firewall on your PC: protecting you from unauthorised access without having to use separate hardware. Java applet Java is a programming language which was developed in the early 1990s. A Java applet is a small program that is interpreted and executed in a browser after having been downloaded from the internet. Java commands are integrated into HTML pages, and executed when these pages are loaded. Masquerading Using a false name, website or address for fraudulent purposes. Patch Small program developed to solve security problems detected in existing software as quickly as possible. Phishing Phishing attacks use addresses or web pages pretending to be from familiar sources, such as internet providers, retailers, or banks, with the aim of inducing customers to divulge their account details, PINs, TANs or passwords on a fake website. PIN Personal Identification Number used to authenticate a person s identity. Spyware Spyware is a term for hidden software programs which send user information to third parties without the user s knowledge, let alone approval. This information may include data stored on the user s PC, surfing habits, or personal information such as confidential access codes for online banking. 11

13 TAN Transaction Number; used to authorise a transaction. Trojan A Trojan is a program that carries out operations compromising the security of a PC, without the user being aware of this. The objective of most Trojans is to capture sensitive information, such as passwords, and to disclose it to the Trojan s owner either by or via the internet. So-called back-door Trojans give hackers remote access to computers, which they can then control. Viruses Computer viruses are harmful programs that replicate themselves, and spread over the internet by , for example. Some viruses can inflict considerable damage on infected PCs. Worms Worms are self-replicating harmful programs that spread from computer to computer across a network. The purpose of a worm is to infect as many computers as possible within a network, and to inflict damage. Your contacts Electronic Banking KGaA Königsallee 21/23, D Düsseldorf Tel: Fax: electronic.banking@trinkaus.de 12