Online Banking Security Guide Internet-based version



Similar documents
Infocomm Sec rity is incomplete without U Be aware,

General tips for increasing the security of using First Investment Bank's internet banking

Our website Internet Banking

Our website Internet Banking

Wakefield Council Secure and file transfer User guide for customers, partners and agencies

Information Security

STRONGER ONLINE SECURITY

Receiving Secure from Citi For External Customers and Business Partners

Business Online Banking Client Setup Form

This information can be made available in Large Print

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

NASDAQ Web Security Entitlement Installation Guide November 13, 2007

Online Banking Fraud Prevention Recommendations and Best Practices

User Guide Online Backup

Overview Keys. Overview

Online Business Banking FREQUENTLY ASKED QUESTIONS

Online Banking Customer Awareness and Education Program

McAfee.com Personal Firewall

Internet Banking Agreement & Disclosure

Frequently Asked Questions For Investors

Secure A Guide for Users

CitiDirect BE. Getting Started Kit. Solution Corporate and Public Sector Clients in Singapore. Welcome to CitiDirect BE!

Secure Actions for Recipients

Reliance Bank Fraud Prevention Best Practices

Business Online Banking & Bill Pay Guide to Getting Started

GETTING STARTED ON THE WINDOWS SERVICE A GUIDE FOR NEW STAFF MEMBERS

Send technical support questions to In the United States, call the technical support team toll-free at TMSS

Net Protector Admin Console

Barracuda Spam & Virus Firewall User's Guide 5.x

Protect yourself online

Enhanced Security for Online Banking

CSOS Certificate Support Guide. Version: 1.1 Published: October 1, 2006 Publisher: CSOS Certification Authority

A Guide to Information Technology Security in Trinity College Dublin

Hang Seng HSBCnet Security. May 2016

User s Guide. Security Operations Ver. 1.02

Online Security Information. Tips for staying safe online

Business ebanking Fraud Prevention Best Practices

Windows 7 Hula POS Server Installation Guide

Online Banking Frequently Asked Questions

To p t i p s f o r s a f e o n l i n e b a n k i n g a n d s h o p p i n g

2. _General Help and Technical Support

Contents. McAfee Internet Security 3

Airtel PC Secure Trouble Shooting Guide

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

MINAP Web-portal Guide

Advice about online security

Contents. 4 Welcome to ATBOnline Business. 5 How to Use This Guide

Employee Quick Reference Guide

Safe Practices for Online Banking

Guidelines Related To Electronic Communication And Use Of Secure Central Information Management Unit Office of the Prime Minister

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

BAILLIE GIFFORD. The Baillie Gifford Online Management Service (OMS) Further Information

GRS Advantage Website User Reference Guide

Secure Mail Registration and Viewing Procedures

Release 2.0. Cox Business Online Backup Quick Start Guide

Secure Your Information and Communication Technology Devices

How To Manage Your Quarantine On A Blackberry.Com

Barracuda Spam Firewall User s Guide

Receiving Secure Customer Support frequently asked questions

Security Guide. for electronic transactions. UniBank is a division of Teachers Mutual Bank Limited

Newcastle University Information Security Procedures Version 3

Transferring data safely

Frequently Asked Questions

Virtual Cabinet Document Portal User Guide

Bank of Hawaii Protecting Confidential

Deutsche Bank db easynet. Secure method of use of the db easynet e-banking system

Guide to credit card security

Version 3.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

Personal Online Banking & Bill Pay. Guide to Getting Started

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

LogMeIn Backup. Getting Started Guide

Phoenix N. 25 th Avenue, Suite 350, Phoenix, AZ Phone: (602) Website

FACULTY & STAFF RESOURCES

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Tips for Banking Online Safely

User Guide Using Certificate in Microsoft Outlook Express

U.S. Cellular Mobile Data Security. User Guide Version 00.01

Secure Recipient Guide

Baylor Secure Messaging. For Non-Baylor Users

SingTel PowerON Desktop Backup

HMRC Secure Electronic Transfer (SET)

Telstra Wholesale Digital Certificates

Safety& Security Tips

ESET Mobile Security Business Edition for Windows Mobile

Country Club Bank- Mobile Banking FAQs

A Quick and Easy Guide to Online Bill Pay

What is PC Matic?...4. System Requirements...4. Launching PC Matic.5. How to Purchase a PC Matic Subscription..6. Additional Installations.

Internet Bank with certificates First steps

New World Construction FTP service User Guide

Virtual Terminal User Guide

User s Guide [Security Operations]

Security Tips You are here: Home» Security Tips

Background Information

BUSINESS SERVICES ONLINE. Registration and Access to Services. Handbook

Secure Message Center User Guide

Version 5.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

Using the Barracuda to Filter Your s

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

Secur User Guide

Transcription:

Online Banking Security Guide Internet-based version Contents Introduction to the Security Guide... 2 Security Guide... 2 Using the internet securely... 2 Security solutions in Online Banking... 3 What is security in Online Banking?... 3 Online Banking and certificates... 3 General information about issuing certificates... 3 Location of certificates... 4 Definitions... 4 Validation code... 4 Startup code... 4 Keycard... 4 Certificate... 4 Secret key and its relation to the password... 4 Online Banking and the password... 5 Important information about security... 5 Personal password and keycard... 5 Password... 5 Password composition... 5 Changing the password... 5 Password tips... 5 Storing the password... 6 Forgotten your password?... 6 Keycard... 6 Password compromise and blocking... 7 Suspicion of password compromise... 7 Access blocking... 7 Cancellation... 7 Cancellation of access blocking... 7 First time access to Online Banking... 7 Online Banking and certificates... 8 General information about registering users... 8 How to create your secret validation code... 8 Validation code submitting the Validation Code Registration Form... 9 Creating the certificate... 12 Daily administration of users in Online Banking... 12 New Online Banking users... 12 Renewing a certificate... 12 Certificate validity period... 12 Changing and cancelling certificates... 13 Change of name... 13 Cancelling user certificates... 13 Online Banking deregistration... 13 Backup... 13 Troubleshooting... 14 I cannot print the Validation Code Registration Form what should I do?... 14 I have forgotten my password what should I do?... 14 Certificate placed in several Online Banking installations... 14 1

Introduction to the Security Guide This Guide describes the following: the concept of security registration of users standard procedures. You can also find answers to questions in the Online Banking help system which includes general help. Security Guide Once you have concluded an agreement with Sydbank on using Online Banking, please note that all users registered in Online Banking must be familiar with the Security Guide. Using the internet securely When your computer is connected to the internet, it is in principle accessible to all other users and servers active on the internet at the same time. Today, many technologies are available to protect your computer against viruses and intrusion, but your certainty that no one else can unlawfully access your computer will depend very much on your company s IT security policy and on your own behaviour as a user. By observing a few basic rules when you surf the internet or receive e-mails, you can do a lot to protect your computer against intrusion, viruses and other malicious attacks. Therefore please read the following ten security tips before you start using Online Banking: 1. Always use updated anti-virus software which automatically scans files, e-mail attachments etc, before they are stored on your computer. 2. Make sure that your company s network is protected by a firewall. 3. Never open an e-mail attachment if you are unsure about its contents. Be particularly suspicious of all unsolicited e-mails and be extra careful about unsolicited e-mails with attachments do not click on these attachments. 4. When you communicate securely over the internet a padlock icon will be shown at the top or in the bottom right corner of your browser. Click the padlock icon to verify whom you are communicating with. If the certificate was issued by Sydbank, the dialogue box will indicate: Issued to: portal4.erhverv.sydbank.dk. 5. Set your browser to alert you before anything is downloaded to your PC. Only accept downloads from sites/sources you are familiar with and trust. 6. Choose passwords which are difficult to guess and always keep them secret. 7. Store confidential data only on PCs which you control and make sure you erase all data from a PC before it is sold. 8. Always keep your browser, e-mail client and operating system updated to the most recent versions so that you always have the latest security updates. If you use anti-spyware applications, make sure that these applications are always updated as well. 2

9. If you use a wireless network, remember to enable encryption. You can read more about how to protect wireless networks at the Danish website, www.it-borger.dk, under the headings: sikkerhed, sådan beskytter du dig og dit udstyr and det trådløse netværk. 10. Regularly back up all critical files. Security solutions in Online Banking Online Banking is protected by the most recent security technology. The solution consists of a number of sub-components which constitute a highly secure concept: All communication is protected by strong encryption (128-bit SSL). You identify yourself with a customer ID, a user ID, a password known only to you as well as a key from a keycard. The first time you log in to Online Banking, you must use the validation code that you have created and activate the keycard. A certificate is issued to each user (the certificate is used to attach a digital signature to all financially binding transactions and file transmissions). What is security in Online Banking? The security system in Sydbank s Online Banking serves to protect all data communication between you and Sydbank. To ensure the security of data, Online Banking uses encryption and electronic signatures. Encryption ensures that only the sender and recipient can read the contents of a transmitted file. The files are encrypted with the sender s public key, and since the files can only be unencrypted by means of the recipient s secret key, only the recipient will be able to read the contents of the files. Electronic signatures are attached to the files by means of the user s secret key. The signature can be read only if it is unencrypted with the same user s public key. The electronic signature ensures that the recipient knows who has sent the file and that the recipient cannot read the file if it has been modified during transmission. Online Banking and certificates General information about issuing certificates Before a user can access Online Banking an electronic certificate must be issued. Before the Bank can issue a certificate to the user, the Bank must be certain that the user is indeed who he or she claims to be. This is ensured by two elements: 1. a validation code known only to the user 2. a startup code sent directly to the user by the Bank. 3

Location of certificates When creating certificates you must specify where each user s certificate is to be located. The location will depend on eg the company s data access and backing up policies. The internet-based version of Online Banking will suggest that certificates be placed on the local drive. If the user accepts this default suggestion, the user will be able to use Online Banking only on the local computer. If the company requires that all certificates are centrally located, each user must manually specify the correct drive and folder. Definitions Validation code The user must construct a secret validation code which is entered in Sydbank s Validation Code Program. The user must remember this validation code as he will need to re-enter it later. The Validation Code Program serves two purposes: The validation code must be kept secret from others. The Validation Code Program prints a Validation Code Registration Form on which the user s identity must be certified. By converting the validation code into a validation code checksum the validation code is kept secret. Startup code The user receives a startup code from the Bank in a sealed envelope. This code must be used when the user logs in to Online Banking for the first time. The startup code and the validation code verify that the user is really who he claims to be. Keycard The user receives a keycard from the Bank. The keycard must be activated when the user logs in to Online banking for the first time. The keycard has a number assigned to the user. The keycard must be used each time a user logs in to Online Banking. Certificate The first time the user logs in to Online Banking, he must enter his secret validation code and the startup code provided by Sydbank and activate his keycard. If the validation code and the startup code are correct an electronic certificate will be issued. At the same time, the user must specify a password to be used to access the certificate and this password must be used for future logins to Online Banking. Secret key and its relation to the password The user s secret key is used to generate the electronic signature and the signature is unique for each payment signed. The secret key is protected by a password known only to the user. The user s secret 4

key remains with the company and is unknown to everybody else, including the Bank. Therefore it is extremely important that the user never gives his password to anybody, including persons of authority the password is strictly personal. The user may change his personal password in Online Banking at any time. It is recommended that the user changes his personal password: at regular intervals and in accordance with the company s IT security policy, and whenever there is reason to believe that another user may have seen the password being entered. Read more about the personal password below. Online Banking and the password The password to Online Banking is used: to log in to Online Banking with the keycard to confirm payments. Important information about security Personal password and keycard Password The user chooses his password. The password is strictly personal and may not be given or shown to anybody. If access to the system by others is required, for instance during holidays, Sydbank must issue new user IDs and letters of attorney to these new users even in case of temporary arrangements. Therefore we recommend that the company allows for cover during illness and holiday periods in connection with registering and deregistering users in Online Banking. Password composition The password may consist of both numeric characters and lower/upper case characters and it must be at least eight characters long but not more than sixteen. Read more in the section Password tips. Changing the password The user may change his password in Online Banking at any time. It is the responsibility of the company to lay down rules governing the frequency with which users must change their passwords. Instructions for changing passwords are available in Online Banking s help function. Password tips When you choose your password, please observe the following rules: The password must be relatively long. 5

The longer the password, the more combinations an unauthorised individual will have to try before finding the right combination. The password must be easy to remember. If a password is difficult to remember you may want to write it down, which inevitably implies a security risk. The password must be difficult for others to guess. Do not use personal numbers and names as your password. NB: Do not use passwords based on personal data such as your own or your children s birthdates or civil registration numbers. It is not advisable to use the names of your nearest relatives or friends. Also do not use text located in the immediate vicinity of your computer such as book titles or the names of shops which can be seen from the window. Avoid using passwords that also are used to log in to other systems. If the password is compromised on one system, a person with malicious intent is likely to try out the password on several of the systems you are using. Finally, do not use passwords that are easy to spot while you are typing them in, eg 1111111111111111. Storing the password You must be able to remember your password, or in other words: Do not write it down thereby potentially giving others access to the password. Obviously, if you write down the password on a piece of paper and stick it to your screen where it is always at hand others will be able to easily access Online Banking and make transactions in your name. It is your responsibility as a user not to make it possible for others to acquire your password. When entering your password also remember to cover your hands so that others cannot see what you are entering. If you choose eg 1111111111111111 as your password it will be easy for others to recognise during entry. Never disclose your password to others, including your colleagues, persons claiming to be from the police or the Bank. The Bank will never ask for your password. Forgotten your password? If you have forgotten your password you cannot use Online Banking. Your password cannot be recovered. Therefore you must create a new certificate. This means that you will need your validation code again and a new startup code from the Bank. If you have forgotten your validation code as well you must send a new Validation Code Registration Form to the Bank. Contact Hotline to receive a new startup code by post. Keycard When the user logs in to Online Banking, he must use a key from the keycard and his password. A new keycard will automatically be sent to the user before the keys on the keycard are used up. The 6

old keycard may not be thrown away before the new one has been activated. The user may order new keycards in Online Banking. For security reasons, each key is used only once and in any order. The keycard is personal and must be kept safe. Password compromise and blocking Suspicion of password compromise On the suspicion of password compromise, either of the following steps must be taken immediately: the user must change his password the certificate must be blocked or cancelled. Access blocking There are several ways of blocking a customer s or user s access to Online Banking: The user may block the customer/user via the Online Banking system during Online Banking office hours. The customer/user may block the customer and user by contacting Hotline during Hotline office hours on tel +45 74 36 25 10. Via the 24-hour Spærreservice (block service), tel +45 75 94 50 93. Spærreservice cannot answer any technical questions for these you must contact Hotline. If the access is blocked, the customer/user will receive a written confirmation of the blocking. Cancellation To disable a certificate, ie render the compromised certificate invalid, the user must contact Hotline on tel +45 74 36 25 10 during Hotline office hours. Cancellation of access blocking The confirmation of the blocking will be accompanied by a form which must be completed to cancel the blocking. The form must be sent to Sydbank when the customer/user wishes to cancel the blocking. If the user has forgotten his validation code the user must also submit a new Validation Code Registration Form. This form can be printed out from Sydbank s Validation Code Program. Please note that the blocking cannot be cancelled via Hotline or Spærreservice (block service). First time access to Online Banking Below you can read about how to access Online Banking for the first time as a user. Before you can use Online Banking, the Bank must have received and registered the Online Banking 7

Agreement, Letters of Attorney to Conduct Online Banking Transactions and the Validation Code Registration Form. The first thing you need to do as a user is to create your certificate. Online Banking and certificates You create and update your certificate in Online Banking. In addition, you must use Sydbank s Validation Code Program to create a validation code. General information about registering users Each user will receive a sealed envelope containing customer ID, user ID and a startup code. The user needs this information to create a personal certificate in Online Banking. The creation of the certificate is described in detail below. To create a certificate for Online Banking you must: receive a startup code from the Bank in a sealed envelope, and create a secret validation code in Sydbank s Validation Code Program and send the Validation Code Registration Form to the Bank. Moreover you must activate your keycard. The keycard has a number to assign the keycard to your user. The above information proves to the Bank that you are indeed who you claim to be when you use Online Banking. This information proves to the Bank that you are indeed who you claim to be when you use Online Banking. How to create your secret validation code You create your secret validation code in Sydbank s Validation Code Program. You must have the sealed envelope containing the codes/instructions ready. It contains some of the information you must enter to create your validation code. 8

Validation code submitting the Validation Code Registration Form Start Online Banking at sydbank.dk. Mouse over the Log på tab to see the sub menu and click Online Banking. First you will see the login screen. 9

On the login screen, choose Subscription and New user The Validation code program window will open: Click Create validation code Instructions will follow. Click Next in the bottom right corner to proceed to Customer information Enter your customer information. Your customer ID appears from the information contained in the sealed envelope/instructions 10

Click Next Enter your user information. Your user ID appears from the information contained in the sealed envelope/instructions As part of your user information you must enter your validation code. For verification purposes you must enter the validation code twice. Click Next Print the Validation Code Registration Form Sign the Validation Code Registration Form as the user. A person authorised to sign for the company or a person authorised to sign Validation Code Registration Forms must verify your identity. 11

Send the signed Validation Code Registration Form to the Bank which will then register the information. Please note: It is very important that you remember the validation code entered. You do not need the code verification checksum. However the Bank needs this checksum, as the Bank must not know your validation code. The checksum is calculated automatically on the basis of the secret validation code. Creating the certificate When the Bank has received and registered the information from the Validation Code Registration Form, you may start Online Banking to create your certificate. Enter customer ID, user ID and startup code Click Log in Follow the on-screen instructions. Daily administration of users in Online Banking New Online Banking users When the company wishes to register a new user in Online Banking, it must first contact the Bank. The Bank will forward new letters of attorney and a list of the users registered with the Bank. The new user can create a validation code by clicking New user on Online Banking s login screen. When the Bank has received and registered the Letter of Attorney and the validation code, it will send a startup code in a sealed envelope and a keycard to the new user. The new user can now create his certificate in Online Banking, activate his keycard and subsequently use the system. Renewing a certificate Certificate validity period Certificates are valid for two years and must be renewed before expiry. You will be notified automatically two months before the expiry date. When the time comes to renew the certificate, you must simply follow the on-screen instructions. 12

Please note that if the certificate is used on other computers, you must remember to copy the certificate to the other computers. It is important to renew the certificate before the expiry date shown by the system. If you do not renew the certificate before it expires you will have to create a new certificate. Changing and cancelling certificates Change of name If a user changes his name the user s certificate information must be changed as well. This can be done by contacting Hotline on tel +45 74 36 25 10. When the Bank has registered the user s new name, the user must subsequently renew his certificate. Cancelling user certificates A user s certificate may be cancelled by the customer or by the user, either in writing to Sydbank or by contacting Hotline on tel +45 74 36 25 10. You may also contact the 24-hour Spærreservice (block service) on tel +45 75 94 50 93. Spærreservice cannot answer any technical questions for these you must contact Hotline. A user s certificate will be disabled after cancellation. The user can no longer use the certificate and as such Online Banking. A cancellation must always be effected if: the company no longer wants a particular user to use Online Banking a user leaves the company the company ceases to exist. Online Banking deregistration Termination of the Online Banking Agreement must be made in writing to the Bank and deregistration will be made in accordance with the Online Banking Terms and Conditions. When the agreement is terminated the associated users will be deregistered. Backup In connection with Online Banking only the certificates are stored locally on the company s computers. Therefore it is only necessary to make backup copies of the certificates. 13

It is always possible to create a new certificate if it is lost or damaged; however it is necessary that the user remembers his validation code or creates a new code and that he receives a new startup code. Read more in the sections How to create your secret validation code and Creating the certificate. Troubleshooting I cannot print the Validation Code Registration Form what should I do? If a printer is not connected to your system or if you experience other difficulties printing the Validation Code Registration Form, please do the following: contact the Bank to receive a blank Validation Code Registration Form (by post/fax) write down the checksums shown on the screen on the form sign the form send the form to the Bank. I have forgotten my password what should I do? Your password cannot be retrieved and the Bank does not know it either. Therefore you must create a new certificate. For this purpose you need a validation code and a startup code. You must contact the Bank to order a new startup code. If you have forgotten your validation code you must choose the New user tab on the login screen. Create a new validation code and send the duly signed Validation Code Registration Form to the Bank. When the Bank has received and registered the Validation Code Registration Form and you have received your new startup code, you can create your certificate. Read more in the section Creating the certificate. Certificate placed in several Online Banking installations If you use Online Banking on a computer which is not connected to a network, you can, as a rule, use only the computer where your certificate is placed. If you have several copies of your certificate and the certificate is renewed or replaced, you must copy the new certificate to the other computers. The keycard enables you to access Online Banking from other computers without being dependent on your certificate. 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information