Start : IT security
Rules of Safe Usage of Remote Account Management
1. The Identification and Authorisation Tools are confidential information, which the User and the Bank shall not divulge or make available to third parties, as well as both the User and the Bank shall take all actions to prevent the possibility of their divulging or availability to third parties.
2. The User is obliged to keep the confidential information, as well as to change any cods, passwords and other identification and security parameters and tools in due term in accordance with the Bank’s effective requirements and procedures for usage of the Remote Account Management and Identification and Authorization tools.
3. The User must at all times keep the Identification and Authorization Tools under his control and not allow their use by or keeping with anyone else.
4. In order to prevent unauthorised (unlawful) use of the Identification and Authorization Tools, including loss or theft of such tools, or they have become known or could have become known to a third party, the User is obliged to immediately report it to the Bank. In this case, the Bank identifies the User via any information related to the User at the Bank’s disposal. After such notice has been received, the Bank blocks access to Remote Account Management within the possibly shortest term. The Bank bears no responsibility for any loss which arises before the Bank was properly informed about the aforementioned events.
5. The User bears responsibility for taking all the reasonable security actions to prevent access of unauthorised persons to the Remote Account Management and the Identification and Authorization Tools and use thereof in the way to prevent the possibilities of its use by unauthorised persons.
6. The Bank bears no responsibility for execution of transactions, including the write off of funds from the Customer’s Accounts in compliance with forged Documents or otherwise unlawfully compiled/submitted Documents, if such Documents were confirmed (signed) with the Identification and Authorization Tool in accordance with the General Terms and Bank’s effective procedures for usage of the Remote Account Management and Identification and Authorisation Tools.
7. For security reasons, the Bank is entitled to restrict usage or deny access to the Remote Account Management if respective codes, passwords or other parameters are entered incorrectly.
8. The Bank shall have the right to introduce and/or adopt, from time to time, any additional codes, passwords and/or security actions or safety procedures.
9. Taking into account that technologies advance constantly and it is impossible to foresee all ways of obtaining illegal access to Remote Account Management and the Identification and Authorisation Tools, it is impossible to count all actions that the User should take or avoid to ensure safe use of Remote Account Management and the Identification and Authorisation Tools.
10. In addition to the aforementioned safety actions, the Bank demands that the Customer/User comply with the following security actions that are not exhaustive and should supplemented with other reasonable actions responsibility for application of which is upon the Customer/User in each specific situation:
10.1. It is prohibited to write down the Password, Username, Test Key software activation password, PIN-code to the Digipass device and to store passwords/codes together with the devices.
10.2. It is prohibited to choose the Password, Test Key software activation password that could be associated with the User’s name, surname, or other personal data or with personal data of other close persons or pets.
10.3. The Password, PIN-code to the Digipass device, Test Key software activation password should be changed or to block access to Remote Account Management if the Customer has concerns that somebody could or might know them.
10.4. If the Digipass device or Test Key Tables are lost or stolen, it is necessary to turn immediately to the Bank for blocking the devices and access to the Internet-Banking System.
10.5. It is not advisable to access the Internet-Banking System on computers available in public areas (e.g. internet cafes).
10.6. It is not advisable use publicly available internet connection in public areas (e.g. internet cafes, cafes, airports, etc.).
10.7. It is prohibited to login to the Internet-Banking System if other web pages are open simultaneously.
10.8. Make sure that the address of the Internet-Banking System in the browser is https://ib.expobank.eu. If the browser pops up a message on wrong certificate, the page should be closed immediately.
10.9. Never open the Internet-Banking System following links, especially banners or those received in e-mail. The address of the Internet-Banking System should be typed in address bar of the browser in fully and personally.
10.10. To login to the Internet-Banking System, only the Username, Password, and the Digipass-generated password should be entered. In no cases any other data should be entered in the Internet-Banking System; otherwise close the page immediately.
10.11. After terminating a session in the Internet-Banking System, one must close the system window by pressing the Exit “X” button in top right corner.
10.12. The User must never leave his computer unattended while logged in.
10.13. The User must install an update an antivirus system and check his computer for viruses on a regular basis.
10.14. Never reply to messages with a request to send passwords, codes, username, or other data by e-mail or otherwise. The Bank shall never and in no circumstances request passwords, username, codes to the Digipass device, Test Key Tables software. Such information must not be disclosed even to the Bank employees.
10.15. The Customer must not open e-mails from unknown senders and must delete them without opening and reading their contents in order to avoid the risk of receiving a virus.
10.16. The Customer must control the Account status and Account balance, as well as review the log of executed transactions to make sure that no actions the Customer/User would be unaware of had taken place.