Security recommendations for users of digital channels
advertisement
Klasifikacija: Javno/Public Security recommendations for users of digital channels of Banca Intesa Beograd, July 2015 Security recommendations for users of digital channels of Banca Intesa AD Beograd Banca Intesa AD Beograd considers the security of clients’ data to be its absolute priority. We are totally dedicated to applying the most contemporary technology and procedures so as to provide security and confidentiality of your data. Every day unscrupulous individuals develop new frauds aimed at the unsuspecting public. One of the best ways to avoid fraud is to become an educated user. Recommendations for user names and passwords Create a strong password with as many characters as possible, including a combination of at least on caps letter, numbers and special characters. Avoid the use of your name and birth date, i.e. names and birth dates of your children when creating the username and password. Never share your password with third parties, not even your family members or friends, since unfortunately the so called “family fraud” cases are quite common. Change your password periodically. Avoid the use of aiding tool for automatic login which save usernames and passwords. General recommendations Do not use public or unsecured computers to log in e-banking applications. Every time you log in check the date and time of your last login. Check the account balance regularly, as well as transaction data (we recommend daily) to confirm payment data, as well as other data about transactions; report to the bank any suspicious transaction immediately. If you do not use Banca Intesa digital channels to perform transactions, activate the account to have insight into your account’s balance, so that you can identify suspicious transactions in time. Register your mobile phone number at the Bank’s teller and activate SMS services so that you can receive notifications of balance account changes and perform transactions with cards. Do not use your unique citizen’s identification number (JMBG), account number or other personal or data about the account when creating the username and password, and when creating short names for your accounts in digital channel applications. Never leave the computer unattended when using the Bank’s digital channels. 1|3 Contact Center of Banca Intesa Beograd: 011 310 88 88 Klasifikacija: Javno/Public Security recommendations for users of digital channels of Banca Intesa Beograd, July 2015 Never perform banking transactions while several internet browsers are open on your computer. Always log out properly from the Bank’s digital channel applications, by using the foreseen log out command. Simple closing of windows of the internet browsers cannot always provide that the session is interrupted. Recommendations for avoiding phishing, spyware and malware All email messages sent to the user by Banca Intesa AD Beograd are always sent from the email address mail@bancaintesa.rs and protected by digital signature. Banca Intesa AD Beograd will never demand from you by email, SMS or telephone to send, i.e. the Bank will never send a link for entry of confidential data such as: username, password, PIN, card data and other confidential data. If you receive such an email, SMS or telephone call, address the Bank immediately by calling the official Contact Center. Enter links for the websites Banca Intesa, Banca Intesa Online and Banca Intesa Secure as Bookmarks in your internet browsers and access them only through bookmarks, never from links from suspicious email messages. Do not open email messages from unknown senders. Always be suspicious of emails allegedly coming from financial institutions, state institutions or another agency demanding data about your application account, banking accounts or cards, i.e. requiring verification of accounts or credentials for accessing the Bank’s digital channels, such as usernames, passwords, PIN codes and similar information. Opening data files from email attachments or clicking on links from suspicious emails can infect your computer with malicious software and enable the hackers to have complete control of your computer, including the access to all your confidential data on your computer. Never respond to suspicious emails, i.e. do not click on links contained in the body of the message. Contact the alleged sender, if you suspect his legitimacy. Install anti-virus and firewall software, as well as spyware and malware detection software. Update this software regularly. Install patches for the operational system on your computer regularly, update the operational system and key applications. Check the settings of your internet browser and select at least medium security level. Recommendations for avoiding „email interception“ Attackers intercept business correspondence between foreign suppliers and local buyers (legal entity), change data in the foreign invoices, instead of account of the foreign supplier they enter an account of a third party they have access to. Do not use free e-mail services for business correspondence. Install and update anti-virus and firewall software on your computer regularly. 2|3 Contact Center of Banca Intesa Beograd: 011 310 88 88 Klasifikacija: Javno/Public Security recommendations for users of digital channels of Banca Intesa Beograd, July 2015 Send confidential and personal information, as well as business correspondence, only by protected email. Do not use public computers (internet cafe) for business activities. Before paying foreign invoices in significant amounts, always confirm payment instructions with the invoice issuer (foreign supplier). After making the payment of the foreign invoice, always check with the supplier whether they received the payment. Recommendations for setting up the home WiFi network Wireless network (WiFi) can present potential „open door“, i.e. unauthorized access to your computer network. If you use the home WiFi network, we recommend to secure it as follows: Change the administrator’s password of your WiFi device from the factory settings to a strong password. Save the new password in written form on a secure location because you might need it for future settings of the WiFi device. Disable remote administration of your WiFi device. If you find it acceptable, disable SSID issuing of your wireless network. Enable WPA (or WPA2) encryption and define WPA password for accessing your WiFi network. If only the known computers, laptops and smartphones and tablets would access your WiFi network, consider activation of the MAC filter on your device. Every computer or another device with a network card has a factory default unique MAC address. MAC filter will enable access to the network only to devices with registered MAC address. Recommendations for Mobile banking and mToken Report to the Bank as soon as possible any loss, theft, misuse, unauthorized use, change or closing of a mobile number and mobile devices – smartphone or tablet you use for authentication and mobile banking services, in the Bank in person or through the official Contact Center of the Bank. Avoid use of unsecure WiFi networks, such as open and public WiFi networks, to make banking transactions or view balance of the accounts. Instead, if you are not in the range of a secure WiFi network, always use mobile network for data transfer of mobile banking services from your smartphone or tablet). Download and install applications only from legitimate Apple and Google Play stores. Install and update anti-virus and firewall software on your mobile devices regularly. Secure your mobile phone or tablet with an access code. Regularly update the operational system your mobile device. Turn off Bluetooth and NFC when not in use. They can be potentially used for unauthorized access to your confidential data on your mobile device. Activate encryption on your mobile device to protect confidential data. 3|3 Contact Center of Banca Intesa Beograd: 011 310 88 88
