Information security of Internet banking #8 | Raiffeisen Bank Aval Information security of Internet banking #9 | Raiffeisen Bank Aval
New MyRaif convenient application
Download Download
Sign in Transfers and Payments
Information security of Internet banking #18 | Raiffeisen Bank Aval Information security of Internet banking #19 | Raiffeisen Bank Aval Information security of Internet banking #20 | Raiffeisen Bank Aval Information security of Internet banking #21 | Raiffeisen Bank Aval Information security of Internet banking #22 | Raiffeisen Bank Aval Information security of Internet banking #23 | Raiffeisen Bank Aval
Eng

Information security of Internet banking

the use of the system “Internet banking" is becoming safer. Information security usovershenstvuetsya given the infrastructure, which is constantly changing, and in connection with the development of information technology.

We care about your safety

Secure use of Internet banking is based on modern and naive technologies

Information security of Internet banking | Raiffeisen Bank Aval
1. Server authentication Internet banking

To protect against attacks aimed at the substitution of a Bank of Web servers and modifying the content during transmission, the Protocol applies Secure Sockets Layer (SSL) and public key certificate issued by one of the reputable online centers of certification of keys (Certificate Аuthority) – Company.

Information security of Internet banking #2 | Raiffeisen Bank Aval
2. User authentication Internet banking

to securely access the system we use the technology of two-factor user authentication. This technology is based on two factors: the user has a valid personal (secret) cryptographic key stored in the file container or on a token, and knowledge of the password (PIN-code) access this key.

Information security of Internet banking #3 | Raiffeisen Bank Aval
3. Data privacy

To ensure the confidentiality of the data exchanged by the user with the Bank via the Internet banking, the data is encrypted. Thus, excluded the possibility of interception and unauthorized reading of the payment and other information.

Information security of Internet banking #4 | Raiffeisen Bank Aval
4. Payment document authorization

To ensure authenticity (confirmation of authorship), non-repudiation of authorship and integrity of electronic payment documents that are generated by clients and sent to the Bank, applies a digital signature mechanism. The validity of digital signature is checked before any operation on the document processing. Means of cryptographic protection, integrated system of Internet banking for the operations of forming and checking electronic digital signature, certified in accordance with the requirements of the legislation of Ukraine.

Information security of Internet banking #5 | Raiffeisen Bank Aval
5. Use as a carrier e-key USB-token (eToken)

To ensure reliable storage and use of personal keys, it is recommended to use mechanical devices to form a signature (a token) provided by the Bank. Hardware device creating the signature (token) — it is a means of cryptographic protection of information, the technical implementation of which ensures keeping of the personal key in protected memory 'memory and cryptographic operations in such a way that makes it impossible to copy the personal key or its location outside the borders of the protected memory' the memory of the device.

Information security of Internet banking #6 | Raiffeisen Bank Aval
6. Restricting the list of IP addresses and IP subnets during the access to Internet banking

If the ‘Internet Banking" is performed with a static IP address or range of addresses, we recommend you to contact the Bank for the establishment of limitation of the list of IP addresses and/or IP-subnetworks which can be accessed to the system “Internet banking". In this case, it will block all connection attempts to the system “Internet banking" with the IP addresses and/or IP subnets other than those specified.

Information security of Internet banking #7 | Raiffeisen Bank Aval
7. Use groups of two or more signatures to generate an electronic payment document

To minimize the risk of fraud on customer accounts by third parties in the event of loss or compromise of one of EDS keys, it is recommended to use the mechanism of group signature. In this case, it will be considered only those payment documents that contain a complete group of signatures and overlap with those signatures in the card with specimen signatures.

Expert advice on information security

Follow these tips to reduce the risk of fraudulent transactions, calculations, accessed via the Internet banking, and to protect the private key and access to it

1. Control messages

Daily analyze all messages accepted and rejected by the Bank, electronic payment documents, and immediately inform the Bank on unauthorized crediting (transfer) of funds!

2. Protect computer

To monitor all events and periodic scanning of the data stored on the hard disk of a personal computer's PC from which you access Internet banking, configure the antivirus and anti-spyware software. Install on a workstation:

  • license antivirus software and support version updates, regular and timely update anti-virus databases;
  • license antivirus software (antispyware);
  • personal software firewall (firewall, firewall). Setting it to the maximum limit outgoing and incoming network traffic. In particular, it is recommended to enable only access to resources of Internet banking and other minimum necessary resources, for example, to update virus signature database the antivirus software, update antispychotic software, operating system and other software.

3. Stay tuned

Regularly and promptly update the system software the computer's the computer from which you accessed the Internet banking, especially operating system, web browser, Java machine. It is recommended to enable automatic updates of the software.

4. Use only reliable resources

do Not install on workstations that are to work with the system “Internet banking" of software from untrusted sources (public software libraries, programs in email messages and the like). It is not recommended to implement such a computer’computer access untrusted (unknown) Internet resources.

5. Work in a separate account

During access to the system “Internet banking" it is not recommended to work in the operating system with a user account that has elevated privileges in the operating system, for example, “Administrator”.

6. Check the security Protocol

while connected to the web site of the system “Internet banking" (http://ibank.aval.ua) ensure the correct authentication of the web server system "Internet banking” over SSL. Avoid connecting to the web website via banner links or links received by e-mail. It is better to enter the web address of the website independently and add it to your browser's bookmarks. When you access a web site, pay attention to the browser's address field. Because the web site "Internet banking" has an authentic and valid security certificate from the global Internet certification centre, at the entrance to the site in the browser's address field should display the first symbols of the address https:// instead of http:// (in the browser window can't be the message that starts view pages over a secure’unity). The certificate of the website can be viewed using a browser. To do this, click the “lock” in the status field before the website address. The screen’will display information about the security certificate of the website ibank.aval.ua. Sign closed lock that appears when securely connecting to the system is proof that the web site is authentic.


7. Log in a reliable way

do Not access Internet banking via links received via mail, and also uncontrolled and unreliable the computer’computers located in Internet cafes, hotels, offices, and other organizations.

8. Pay close attention to emails

sometimes, the Attackers are launching attacks on user workstations to capture data, user authentication systems (personal EDS key and password to access it) for further illegal use. The main methods of obtaining key information:


  • sending users to fake emails with a link to a web site that masquerades as a Bank;
  • spread through e-mails or web sites software with malicious code (i.e. virus software) to capture authentication data of the user;
  • unauthorised remote control of personal computer’of the user's computer through remote access.


When you run the client offered, or a standard action copies keys and passwords and then sends this information to attackers. To prevent such situations, the amp’remember that the Bank never, under any circumstances, does not the sending of emails with requests to send key, password, go to the specified email address as well as distribute an email to the computer’utern program. Responsibility for the safekeeping of keys and passwords rests with the user. In case of receiving such letters, applications or any e-mails, immediately inform the Bank by letter or phone that are listed on the website of the Bank. Delete suspicious emails without opening them, especially letters from unknown senders with attached files that have the extension *.exe, *.pif, *.vbs and other files.

9. Monitor third-party experts

If you configured the workstation with which you can access the system “Internet banking”, provides a third-party specialist, ensure control over its actions.

1. Use reliable carriers

the private key and the password to access it is a critical data from the point of view of safe operation in the system “Internet banking". The private key is generated by the user — its owner under his personal control. The Bank under no circumstances has access to the private keys of users. To ensure safe storage and use of personal keys use the hardware for generation of the signature (a token) provided by the Bank. If the user selects the storage of the key in the file container, personal keys should be kept exclusively on a movable storage media (floppy disk, USB drive). Not allowed even temporary storage of EDS keys on a hard disk of the computers.

2. Keep the token under personal control

a key information Medium that contains a valid key (mobile information medium, token) must be under the personal control of the user, which makes it impossible to access it other persons under any circumstances are not permitted to transfer the key information medium (token) and/or disclosure of the password to third persons, including Bank employees.

3. Disconnect the mobile data carrier after completion of the work

a key information Medium that contains a valid key (mobile information medium, token) must be used only while working in the system “Internet banking". Do not leave the key information medium (token) connected to a personal computer’s memory if the system is suspended or not carried out, a personal computer's computer used to perform other functions, as well as after hours.

4. Keep the PIN in place are not available to anyone

the access Password (PIN-code) private keys should not be stored in cleartext (for example, to be written on paper) and used for other systems and services. Personal responsibility for the safekeeping of the access password (PIN-code) and the impossibility of using the media key information with another person rests solely with the user.

5. Change your payroll access

change the password Periodically access the key (at least once a month). The password must contain digits, uppercase and lowercase letters, and special characters. When selecting a password, do not use combinations that are easily guessed, such as names, birth dates, telephone numbers and the like.

6. Lock the keys to those who no longer use the system

if the release of user or transfer them to positions that do not involve work in the system “Internet banking”, you should immediately contact the Bank to block their keys.

7. Block componentbean keys

In the case of compromise or suspicion of compromise of the key (loss, damage of the media key information, the disclosure of the password or other events and/or actions that have led or may lead to unauthorized use of a key), you need to urgently contact the Bank for blocking the compromised key, via email or by phone required’sure called interlocking word.

Was this page useful to you?
Thank you! With Your help, we become better.