Safe Use of Electronic Services



Similar documents
A GUIDE TO BZWBK24 SERVICES

RULES GOVERNING SECURE APPLICATION OF ELECTRONIC SERVICES

BZWBK24 Internet. How to access the Bank? Logging on to BZWBK24 Internet: Step-by-step instruction

Deutsche Bank db easynet. Secure method of use of the db easynet e-banking system

Dom Maklerski BZ WBK S.A.(BZ WBK Brokerage)

General tips for increasing the security of using First Investment Bank's internet banking

The system is available to the holders of Medicover cards entitled to examinations and consultations in Medicover Centres.

Contents Security Centre

Mini-Guide for Using MyBRD Net

Online Business Banking FREQUENTLY ASKED QUESTIONS

Security Tips You are here: Home» Security Tips

Best Practices Guide to Electronic Banking

Getting Started Guide

PROTECT YOUR FINANCIAL TRANSACTIONS

Internet Bank with certificates First steps

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

Rules for Secure Use of Internet Banka

Online Giving User Guide for Church Members

Online Banking Security Guide Internet-based version

ONLINE PAYMENT PRIVACY POLICY

Nokia E90 Communicator Using WLAN

STRONGER ONLINE SECURITY

Oriental Bank s NetBanking Services

Using GhostPorts Two-Factor Authentication

About Connect by Hong Leong Bank

When visiting online banking's sign-on page, your browser establishes a secure session with our server.

Internet Banking. Getting Started Guide Australia

Internet Banking - FAQ -

Hang Seng HSBCnet Security. May 2016

TRUST Online u s e r g u i d e v e r s i o n 8. 4 O c t o b e r

PekaoBIZNES 24 QUICK Start. User Guide First steps in the system

Cathay Business Online Banking Quick Guide

A guide to Internet Banking

Advice about online security

How To Protect Yourself Online

Apple Bank Online Banking Guide

ONLINE BANKING - FAQ -

Our website Internet Banking

BUSINESS ONLINE BANKING AGREEMENT

FACULTY & STAFF RESOURCES

Payment Fraud and Risk Management

FREQUENTLY ASKED QUESTIONS (FAQs) on BARODA CONNECT

Your guide to ANZ Internet Banking

Many of these tips are just common sense and others are tips to keep in mind when doing a transaction, at ATMs, restaurants and merchants.

Avaya one-x Mobile User Guide for iphone

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

This Annex uses the definitions set out in the Agreement on service of payment cards on the Internet (hereinafter the Agreement).

TERMS AND CONDITIONS APPLYING TO CERTIFICATES

Yale Software Library

Basics of SSL Certification

Online Banking. Customer Information

Remote. Web Client Overview Version 8.0

Using Remote Web Workplace Version 1.01

Issue 1. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

BUSINESS 24 Banking BCR. User manual

ipko biznes Administrator s Guide

Our website Internet Banking

Leonardo Hotels Group Page 1

First Federal Bank Online Banking Terms and Conditions Agreement Online Banking Service Business Online Banking Service Bill Payment Mobile Banking

CONFIGURATION AND SETUP USER GUIDE AND REFERENCE MANUAL

How do I contact someone if my question is not answered in this FAQ?

Contents. 1 VPN Remote Access Service

TrustKey Tool User Manual

User Manual for e-banking Services for Business Clients

Strong Security in Multiple Server Environments

Token User Guide. Version 1.0/ July 2013

Frequently Asked Questions. Categories

Phoenix N. 25 th Avenue, Suite 350, Phoenix, AZ Phone: (602) Website

Configuring the WT-4 for Upload to a Computer (Ad-hoc Mode)

Deltek Touch Time & Expense for Vision 1.3. Release Notes

Setting up On line Account

Security Guide. for electronic transactions. UniBank is a division of Teachers Mutual Bank Limited

Online Security Information. Tips for staying safe online

Business Online Banking Client Setup Form

Connecting to HomeRun over the Web

F-SECURE MESSAGING SECURITY GATEWAY

ONLINE SERVICES AGREEMENT Updated November 1, 2015

Nokia Internet Modem User Guide

Description of Services

U.S. Bank Secure Mail

To create User who have already been registered with OCR and have received Registration Number can follow the following steps.

Internet Banking with Certificates

Casey State Bank Online Banking Agreement and Disclosure

Safety& Security Tips

Welcome to Highlands State Bank Internet Banking Center. Important Information for New Users. System Security and Browser Information

Frequently Asked Questions For Investors

Hosted Microsoft Exchange Client Setup & Guide Book

JPMorgan Chase Treasury Workstation. Certification Setup Guide Version 2.0

Security Policy Revision Date: 23 April 2009

Raiffeisen DirektNet Internet Banking. Users Manual

Kitsap Bank Mobile Banking, Mobile Deposit and Text Banking FAQ s

Last updated: October 4, einvoice. Attorney Manual

Online Banking Customer Awareness and Education Program

Deployment Guide: Transparent Mode

Website Privacy Policy Statement

Electronic Funds Transfer, Internet and Mobile Banking Agreement and Disclosure For Personal Accounts

In this topic we will cover the security functionality provided with SAP Business One.

online banking guide Mediterranean Bank plc is licensed by the MFSA under the Banking Act. Co. Registration No: C

Guide to credit card security

Paladin Computers Privacy Policy Last Updated on April 26, 2006

Transcription:

Safe Use of Electronic Services Electronic banking is not only quick, cost-effective and convenient but also safe. However, each system is only as safe as its weakest link. The security foundations of the system are laid down jointly by the Bank and you, the user of our services. Below find the description of the safety aspects guaranteed by the Bank. In the following sections, the elements dependent on you, our customer, are enumerated in the form of a list of recommendations. The safety of BZWBK24 services is ensured by: Customer Identification Number (NIK) A unique number assigned to each user of BZWBK24 services. The number consists of eight digits and, together with the PIN password, is used for authentication in the login process. The NIK number should never be revealed to any third parties except for authorised employees of the Bank. PIN Password The PIN password ensures exclusive access to a given BZWBK24 service and is used for authentication in the login process. You receive the PIN password in a specially protected envelope, so that you are the only person who knows it. Different PIN passwords are used. Depending on the service, the PIN password may consist of at least four digits for BZWBK24 telephone and BZWBK24 sms, at least four different characters for BZWBK24 wap and up to twenty characters for BZWBK24 Internet service. The PIN password for BZWBK24 Internet service must meet the following criteria: the password may not consist of letters or digits only; there cannot be three identical characters in the PIN password next to each other; the password may not contain the NIK number, part of the NIK number or NIK number written backwards; the new PIN may not be the same as the previous PIN. The PIN password for the Teledysponent (Phoneteller) service issued by the branch consists of four digits. When activating the Teledysponent (Phoneteller) service, during first login the password should be changed from a four-digit to a six-digit Telecode. The PIN password and the Telecode should never be disclosed to other people! Masked PIN Password for BZWBK24 Internet The masked password differs from the regular password in that you don t enter the entire password but selected characters. The system may request for entry of e.g. the first, fifth and eighth password characters which is sufficient to authenticate. Such a login procedure makes the life of the Internet spies much more difficult. It is not possible to capture the entire password without monitoring the person s actions for a longer period of time. The hacker will only learn a few characters at a time but will not know their position in the password nor the full length of the password. Picture on the login page You can choose one of the pictures proposed by the Bank. You will see the picture after entering your NIK number on the login page to the Internet service. If you don t see it, it means your are not on the website of Bank Zachodni WBK. Do not enter you PIN password and notify the Bank about an attempt at phishing for your data. Additional Password Additional password is used for telephone authentication. The password is defined at activation of BZWBK24 services and is used for blocking or unblocking access to selected services and, most often, for identification of the users of the Teledysponent (Phoneteller) service. The additional password should never be disclosed to other people! Telecode The telecode ensures additional safety and exclusive access to the Teledysponent (Phoneteller) service and is used for identification purposes during logging on to the service. At first login to Teledysponent (Phoneteller), the system will require a change of the 4-digit PIN password, using the phone keypad, to a 6-digit Telecode defined by the service user. The Telecode should never be disclosed to other people. Authentication The purpose of authentication is to check the identity of the user and his/her authorisation to access the system. The basic authentication procedure consists of entering the NIK number and the PIN password. It is a so called simple authentication procedure sufficient to make use of passive services which do not result in changes in the account balance or to make transfers to predefined accounts. The more advanced authentication (so called strong authentication) involves the use of smscode or an additional cryptographic device called a security token. smscode SmsCode is a safe, cost-effective and easy to use Internet transaction authentication method. The only thing you need to use it is a mobile phone. When making a money transfer via BZWBK24 Internet service, enter all the data in the transfer form and the system will automatically send a text message to your mobile phone with the security code. The code has to be typed in the relevant field on the screen before final authorisation of the transaction. Each smscode message is unique and is active only for three minutes so that no unauthorised person can use it. SmsCodes offer the user unprecedented flexibility in managing the account. Using smscodes you can transfer your money to all bank accounts and increase the daily transaction value limit. In order to get access to the service, you need to sign an agreement at one of our branches

and specify the mobile number you will be using for authorisation. Remember to cancel the service if you happen to lose your mobile. Remember there are many computer viruses in the Internet which, after activation on your PC, can substitute transaction details (beneficiary account number, amount transferred etc.) during the execution of electronic bank transfers. When transferring money, always check carefully whether the original transaction details and the transaction details set out in the text message with the smscode are the same. If you find differences, do not confirm the transfer, log out of the service and immediately contact our Advisors Team by calling 61 856-52-42. The smscode service is offered against a fee set out in the Schedule of Fees and Charges. Token A security token is a miniature encrypting device with a functionality similar to that of smscode. Tokens generate singleuse, unique codes which are used as a kind of an electronic signature in authorising transactions in BZWBK24 Internet and BZWBK24 wap. To activate the token you need to key in a special five-digit PIN password to prevent unauthorised persons from using it. By means of a token you can authorise transfer orders to any accounts and add new entries to the list of beneficiaries to avoid manual completion of the transfer order form each time you transfer money. Since tokens enhance the security of transactions, the daily transaction value limit can be increased upon execution of the service agreement. When a wrong token PIN password is entered three times the token is automatically blocked. To unblock it, you need to contact the BZWBK24 Advisors Team by calling 61 856 52 42 or visit any of the Bank s branches. Remember there are many computer viruses in the Internet which, after activation on your PC, can substitute transaction details (beneficiary account number, amount transferred etc.) during the execution of electronic bank transfers. When transferring money, always check carefully whether the original transaction details agree with the token display (which is always the first two digits and the last six digits of the beneficiary account number in the IBAN format). If you find differences, do not confirm the transfer, log out of the service and immediately contact our Advisors Team by calling 61 856-52-42. Tokens are also issued to the users of Investor Online, a service offered by the Dom Maklerski Banku Zachodniego WBK (BZ WBK Brokerage). The same tokens can be used for BZWBK24 Internet and BZWBK24 wap services. Tokens are offered against a fee charged in accordance with the Schedule of Fees and Charges. Transaction Limits Upon activation of BZWBK24 services, a daily transaction limit is set i.e. the maximum amount of money which you can transfer to third-party accounts on one day. The limit applies to all services in the package excluding transfers to own accounts and operations on deposits. You can also set a separate limit for transactions secured and unsecured by smscodes and/or token. If you are using smscodes or a token, upon execution of the service agreement you can set a higher limit for transfers to third-party accounts. An additional monthly limit is set for prepaid phone top-ups via BZWBK24 sms service. Predefined Third-Party Accounts If you are not using smscode or token authorisation, you can only make electronic money transfers to predefined thirdparty accounts. This restriction is imposed by reasons of safety, to guarantee that your money can only be transferred to third-party accounts predefined by you. When signing the agreement for BZWBK24 electronic banking services, you can predefine up to nine different third-party accounts, with a payment type assigned to each of them to facilitate submission of transfer orders. The predefined accounts may belong to your housing cooperative, electricity supplier, telephone operators or any other institutions, businesses or individuals selected by you. You can modify the list of predefined beneficiary accounts personally by visiting one of the Bank s branches, over the phone at 61 856 52 42 or via the Internet, using the option Beneficiaries and authorising the modification by means of an smscode or a token. The possibility of making money transfers to undefined third-party accounts is available to the users of tokens via BZWBK24 Internet and BZWBK24 wap services and the users of smscodes via BZWBK24 Internet. Predefined Own Accounts Each of our clients may have more than one account, however, when signing the BZWBK24 agreement for electronic banking services, you may decide that only some of them will be operated under the BZWBK24 package. Other accounts may be managed in a traditional way. The BZWBK24 telephone service and BZWBK24 sms service offer access to information only about the predefined own accounts, while information about all accounts is available in BZWBK24 Internet and BZWBK24 wap. Encryption During the use of BZWBK 24 Internet, the communication between the Client s computer and the Bank s server is secured by the SSL encryption protocol with 128-bit keys and a certificate provided by VeriSign Inc. This solutions ensures safe data exchange, protection against interference of third-parties and authentication of the computers communicating with each other.

When the transmission is secured, the address displayed by the web browser starts with https:// instead of the regular http:// and a locked padlock symbol appears on the screen Prior to logon, you can also check the correctness and validity of the certificate. Information about the certificate can be accessed by double-clicking the padlock symbol. The certificate verification involves the following checks: who the certificate has been issued to the correct information is www.centrum24.pl, whether the certificate validity date has not expired, who has issued the certificate the current certificate has been issued to the Bank by VeriSign. Inc certification centre, whether the certification path is correct i.e. VeriSign Class 3 Public Primary CA ->VeriSign Class 3 Extended Validation SSL SGC CA ->www.centrum24.pl. Following such a verification, you can be sure that the connection is safe and that the site through which the Client logs on to the BZWBK24 Internet service has not been falsified by cyber criminals for the purpose of data phishing and fraudulent transactions. In the case of suspected or actual non-conformance, immediately discontinue the login process, do not enter the NIK number, the PIN password or any other data and contact the Bank. Some web browsers may have a different presentation of the transmission encryption information than described above and require other actions to be performed in order to verify the certificate. You can find more detailed information about such differences in the instruction available at www.bzwbk.pl. Blocked Access to Services When wrong authentication data are entered three times in a row upon logging on to the system, access to the services will be automatically blocked. To unblock it, you must call the BZWBK24 Advisors Team at 61 856 52 42 and go through the telephone authentication procedure including the additional password. All components of the BZWBK24 package can be blocked or selected services only. If you use a masked BZWBK24 Internet password, access to the service will be blocked after incorrect entry of the PIN password five times in a row. Cancelling BZWBK24 Services You can cancel one or more services from the BZWBK24 package. To cancel the services, contact the BZWBK24 Advisors Team by calling 61 856 52 42 or visit any of the Bank s branches. This procedure should be used only in justified circumstances since reactivation of the cancelled services requires generation of new PIN passwords. Cancelled services can be reactivated at any of the Bank s branches. Cancelling the Mobile Phone Number You can also cancel the mobile number provided to the Bank which is used for customer authentication and authorisation of transaction orders. This procedure is required when the phone is lost, damaged or in other similar and justified circumstances. To cancel the mobile number contact the BZWBK24 Advisors Team by calling 61 856 52 42 or visit any of the Bank s branches. Terminating Inactive Internet Sessions When a logged on Client is not actively using the system for 10 minutes, the Internet session will be terminated and the user will be automatically logged out of the transaction service. To continue using the system, you need to log on to the service again. The information about the number of minutes left until the end of your session or a message about the session termination is displayed in the upper right-hand corner of the screen. Registration of Activities The system automatically records all user activities during an Internet session (e.g. login attempts, review of account history, making a money transfer, etc.) and other information such as the certificate, IP address or telephone number of the user. Registration of Phone Calls All phone calls to the BZWBK24 Advisors Team at 61 856 52 42 are recorded. The recordings may be used as evidence of orders and instructions placed. Internal Procedures Bank Zachodni WBK S.A. has implemented rigorous operating procedures to ensure protection of all personal and financial data. The procedures also cover response to emergency situations.

User Guidelines 1. Protection of NIK and PIN Keep your PIN passwords, NIK numbers etc. confidential. Do not reveal your PIN passwords even to the Bank staff. If you suspect that your PIN password may have been disclosed, change the password immediately or cancel the service by visiting the nearest Bank branch or calling the BZWBK24 Advisors Team. Do not use the same PINs for various services (e.g. BZWBK24 Telephone, BZWBK24 Internet or the payment cards). If you feel you have to write down your NIK or PIN number, do it in such a way as to prevent an unauthorised person from identifying the data. Change your passwords regularly e.g. once a month. 2. Logging to the BZWBK24 Internet Service Log on to the BZWBK24 Internet service from the BZWBK website (www.bzwbk.pl) or directly from the transactional service https://www.centrum24.pl/centrum24-web/login by entering the correct address in the address line of the web browser. Never use an address or a link emailed to you by another person to log on to the system. Before login, make sure the address in the address line of the web browser starts with https and not http. Make sure the padlock symbol denoting an encrypted session appears at the bottom of the screen. If you find the padlock symbol, double-click on it to check whether the displayed certificate is valid and whether it has been issued to Bank Zachodni WBK for the Internet address www.centrum24.pl. If the padlock system is invisible or if the certificate has been issued for another address, do not use the service and do not enter your NIK and PIN numbers. Immediately contact the BZWBK24 Advisors Team 61 856 52 42. When logging in, the NIK number and the PIN password are entered in two consecutive steps (on two different screens). Each PIN character is entered in a separate field. You can also enter PIN using the keyboard on the screen. 3. Additional Login Key If you have a security token or use the smscode service, you change the login procedure and secure access to your money by means of an additional instrument. You can do it while being logged on to the service (My profile > Login procedure). The next login to the BZWBK24 Internet service will consist of three steps. First, you will enter the NIK number, then the PIN password and, in the third step, you will be requested to enter an smscode or the token answer (a single-use code displayed on the token). 4. Using BZWBK24 Internet Service In the transaction service, use only one web browser window at a time. Make use of smscodes or tokens to achieve the highest security level offered by the Bank. If you are disconnected from the transaction service (e.g. by the telephone operator), log on to the service again and check whether the system saved your last orders. When you have finished working with the transaction service or when you need to leave your computer unattended you must first log out of the transaction service using the Logout option available in the main menu.. 5. Using BZWBK24 wap Service After executing any operations on your account, check whether you find them on the list of released orders. If you are disconnected or errors occur during processing of the operation, check whether the operation has been saved under Released Orders. It is possible that right after making the operation, your mobile phone will not be showing updated data. If so, log on to the service once again from the home page. Standard WAP connections use port 9201. However, connections to banking services should, for reasons of safety, be made using port 9203 which enables encryption of the data. In mobile telephones which do not have a port number option, like Nokia phones, for example, Encrypted Connection option must be set. Other settings should be made in accordance with the recommendations of the telephone operators. The configuration settings should be checked or, if necessary, modified in the Internet settings section of your mobile phone. Note: Data transmission starts from defining the encryption key. The process is initiated automatically for connections using port 9203. Different mobile telephones have different ways of informing the user about encrypted connections. Some require a two-step acceptance of encryption, however, in the majority of mobile phones the encryption key is defined only during the first connection to the service. Subsequently, the same key is used. If you have any problems with WAP connections, contact the customer service of your mobile operator. 6. Online Shopping If possible, choose only the shops and auction services with established reputation or the ones recommended by your friends. Prior to making the purchase, read the transaction regulations, delivery terms, payment methods and goods return rules. Make sure that the regulations contain a provision on protection of the data collected by the shop. The most convenient and safest method of payment is Przelew24 (Transfer24), a payment system available to BZWBK24 Internet service users.

7. Other guidelines Use the recommended web browser settings described on the Bank s website. Follow the recommendations of the operating system and web browser manufacturers and install the recommended updates of your software. Use regularly updated anti-virus software at all times. Install a personal firewall. Firewall is a security system which defends your computer against unauthorised internal or external access and protects information about the user and the resources stored on the computer. Do not access electronic banking services in public places, such as Internet cafes. The software used in such places can be configured or modified in such a way that data of the users are captured without their consent. Do not open or execute programs or files from unknown sources. Use only legal software. Use a token or smscode for login to ensure additional security. If you use those instruments to authorise money transfers, you can also employ them as additional keys upon login. Activate the Alerts24 service to receive current information from the Bank about the operations on your account in the form of emails or text messages. If you need help, you can always (24 hours 7 days a week) contact the BZWBK24 Advisors Team at 61 856 52 42 or report your problem by email sent to pomoc24@bzwbk.pl. Inform the Bank immediately about any suspicious situations. You can do it at any time by calling us at 61 856 52 42 or by visiting any of the Bank s outlets.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information