BANK DATA SAFETY SYSTEM
Safety of transactions in the electronic environment depends on all involved parties and their cooperation. The Bank provides comprehensive safety of the Internet Bank and communication channels by encrypting data transmission as well as offers to the Client safe authentication by applying a two-factor mechanism - password and additional SMS authorization or digital code calculator (DigiPass). However, the Client must take care of the security of his/her passwords and personal access devices, consider his/her actions, as well as make sure of the authenticity of the Internet Banking page.
RECOMMENDATIONS FOR SAFE USING OF THE INTERNET BANK
Username and password are means of the Client's identification in the respective information system. If they are entered correctly in the information system, the system knows what information to give the user access to, what actions to allow to perform and what conditions to apply to the user. Disclosure of identification means to other persons may result in loss of user identity and property; therefore, they must be stored securely.
In order to provide safety of the password, the following recommendations shall be considered when choosing and using the password:
- password length between 8 and 20 characters, it should contain at least 2 digits, 2 letters, 1 capital letter and one lowercase letter of the Latin alphabet, at least 1 special symbol (for example, @;!).
- Do not use as the first symbol an upper-case letter in your password and do not use digits at the end; do not use in your password any word available in dictionaries and other significant combination, e.g., birth data of a client, license plate number, pet name, etc.
- To make the password easier to remember, use a familiar keyboard combination. It is recommended that you do not select a combination of several adjacent keys on one line of the keyboard.
- If you need to write down your password, keep what you write down as secure as your credit card, or better use one of the password management tools, such as KeePass and others. Download them from authentic websites only.
- Do not store the User code of the Internet bank, password or code calculator in the same place.
- Do not use the same password on several Internet resources. If the password is compromised in any of them, criminals will be able to use it in other Internet resources where the client's User account is located.
- Immediately change your password if:
- You had to use your password in unknown and/or unsafe computer/smartphone;
- You are in suspicion that some other person is using the User password.
- Do not save the password in a web browser on a computer, smartphone, tablet, or computer sharing user profile. Carefully evaluate the security of your computer if you want to save the password in your user's profile web browser;
- Change your password on regular basis because you can never be absolutely sure that nobody has compromised it already. The maximum validity period of internet bank password is 180 days. Thereafter, the system will request the password to be obligatory changed. We encourage you to change your password more often if you use it in an unsafe environment or on someone else's computer.
Safety of work with DIGIPASS the device
Safety of the private device
In a virtual environment, the customer can only be sure of the level of security and reliability of their personal device, and the following recommendations must be followed for the device to be secure:
- In the device, use the user private profile accessible with password that is known to the Client only.
- In the device, use only software supported by its manufacturer; and, it must be installed from an authentic source.
- Install all safety patches on all programs installed in the device as soon as such patches are available for downloading in the supporter's website.
- Use antivirus software on the device. The best software is one that not only blocks viruses known to it, but also detects new viruses according to its operation (heurestics), can check e-mails and block the flow of data while surfing the Internet, as well as inform the User about cases of phishing. However, keep in mind that no antivirus program will recognize all viruses, so you need to work on the Internet without losing vigilance and thinking about what hides behinds each click.
- On the computer network to which the device is connected, or on the device itself, the Internet firewall must be turned on and configured to allow only the flow of data required for customer-performed and authorized activities.
- Do not use user properties with device administrator rights on a daily basis. This will reduce or eliminate the effects of the virus if you will be exposed to it.
- Do not let any other person to use your device without supervision.
Solution Proposals to Protect Your Computer
Bank’s communication with the Client
- The Bank contacts the Client by using official communication channels - safe communication method in the Internet Bank, e-mail address info(abols)industra.finance, or by sending SMS (sender's number is shown as "INDUSTRA"), e.g., reminder about expiration of validity period of the bank card.
- In certain occasions, a bank employee may contact the Client directly using the employee's bank e-mail; however, since such a way of communication is not safe, it's used only when agreed with the Client and for sending of general information disclosure of which cannot harm the Client.
- Please keep in mind that the Bank employees are prohibited from contacting the Client by using their private e-mail, the address of which does not contain @industra.finance!
- The Bank will inform the Client about (potential) fraudulent transactions or warn the Client about an existing attack (for example, phishing e-mail notifications) by using the official communication channels of the Bank.
- The Bank will never call you, send an e-mail or ask for providing of your Client details in the Internet Bank or credit card data either verbally or by sending over, or by entering in any website except http://www.industra.finance/. Such cases can be classified as social engineering cases, of which please inform the bank!
- In addition, you are kindly asked to notify the Bank in case of suspicion about any fraudulent payment, incidents or deviations during internet payment service session. The Bank will reply to you in one working day.
Verifying of authenticity of the Internet Bank
In order to verify authenticity of the Internet Bank, pay attention to the following:
- Address https://ib.industra.finance
- We always use the https protocol, which you can see in the beginning of the address, and it means that the connection is encrypted.
- The website of the Internet Bank has safety certificate verified by the VeriSign.
- Protect not only the Internet banking password, but also the User code so that criminals cannot block it and make Internet banking inaccessible to the customer.
- When you have finished your work in the Internet Bank, press the Exit button and close the internet browser.
- In case the Client uses an unknown device, he or she shall take into consideration risks of spy software installed in this device or devices that disclose the Client passwords, copies the Client files, registers all activities and hands it all over to an offender who is able now to act in the name and on behalf of the Client by using all obtained information or rights.
- It should be noted that information processed by the customer may be stored on an unknown or publicly available computer!
- If the Client receives an e-mail from a known institution or a person that surprises the Client or rises questions, please, do not rush to open e-mail attachments or documents located in the Internet links given in the e-mail; instead, contact the sender by phone or using other means of communication in order to clarify the authenticity and purpose of the e-mail.
- Do not install on your computer programs intrusively offered online as very useful or necessary for further work, as they are likely to be malicious.