ffffffffffOur bank is taking all possible measures to ensure the security of online banking (Internetbank, e-Banking) and integrity of your funds. On the other hand, you should stay alert yourself, while using online banking and a computer or other digital device. First of all, this is about keeping Internetbank passwords secret and using such security tools for your computer as firewalls (a special program or device that allows to block the attempts of hackers, viruses and other malware to gain access to your computer through the Internet), anti-virus software and anti-spyware programs.
To encrypt the communication channel between your computer and the bank's information system, a TLS (Transport Layer Security) cryptographic protocol is used, which provides a protected data transfer between the hosts in the Internet. Since the first page of Internetbank is loaded (i.e. - after clicking on the "Internetbank" icon), the exchange of data between your computer and the bank is encrypted, providing protection against interception, distortion and falsification. Pay attention to the address bar of your Internet browser: it usually begins with a combination of characters "http: //". When working with Internetbank, the address bar should begin with "https: //", demonstrating that a secure connection is established using TLS protocol.
Another important aspect of confidentiality is to ensure the fact that you are really working with our genuine Internetbank. Fraudsters can use a false page that imitates the work with Internetbank, to seize user passwords. It is possible to make sure that you are really working with genuine Internetbank of TBB pank by checking the certificate issued by AS Sertifitseerimiskeskus (a certifying organization). To do this, just open the certificate using your Internet browser. The address of our web server: www.tbb.ee and term of validity of the certificate should be present in the popped up description box.
To ensure the security of transactions, the bank recommends that you use only the latest versions of popular browsers: MS IExplorer, Mozilla Firefox, Google Chrome, Apple Safari.
To use Internetbank, you need a User ID and a permanent password.
User ID and master password for you shall be issued upon conclusion of a contract for the use of Internetbank, in a sealed envelope. We strongly recommend you to change the master password at your first log-in session, immediately after signing your contract for the use of Internetbank (under section "SETTINGS-> Change Master Password"), and to change it regularly in the future every 15-30 days. A User ID may be changed under "Settings" section.
The registration of all users of Internetbank is carried out when concluding a contract for the use of Internetbank. In the case of a legal person, several users of Internetbank may be registered. Each user is assigned a separate ID and password. In the case of a legal person, the first user of Internetbank is the Master User, i.e. - the owner, he has access to all the resources and all the rights are assigned to such Master User, within the limits of the specific contract. He has the right to set various restrictions for other users, to block any user, etc.
User registration is based on a variety of legal documents that give the right to dispose of the account, such as Power of Attorney.
The system operates on the basis of the user rights that are currently valid. Monitoring of the validity term of a bank account title is performed at each session, and if there are no valid rights, the user rights shall be blocked.
Authentification of the user
Authentication of the user is made by one of the following ways:
1. Using ID- or Digi-ID-card.
User authentication is performed by means of three security elements:
✓ User ID
✓ Master password
✓ ID- or Digi-ID card, PIN1 is used
Personal Identification Card or ID-card – is the compulsory identity document of a citizen of Estonia and of a citizen of the European Union who is a resident in Estonia (having a valid Residence Permit)
Digital personal identity card or Digi-ID - is a digital document that allows you to verify your identity in the electronic environment and to affix a digital signature. Electronic identity cards are issued to Estonian citizens and foreigners who have previously been issued identity card or residence permit, or to those who apply for the identity card or residence permit along with electronic digital ID.
ID- or Digi-ID Card is sufficiently reliable. Data is recorded on the chip, and it can not be copied.
To use the ID- or Digi-ID Card it is necessary to know PIN1 and PIN2.
For user authentication in the Internetbank with ID- or Digi-ID Card, the user must have a special readout device to process the ID- or Digi-ID Card and special software installed on your computer.
It is possible to download the software from the home page of Sertifitseerimiskeskus: https://installer.id.ee. It is important to have the latest version of ID- or Digi-ID Card software installed on your computer. You can check the relevance of your version in the Settings section of your ID- or Digi-ID Card program.
It is recommended to use the latest versions of browsers to ensure correct work of ID- or Digi-ID Card apps.
2. Using Mobiil-ID (Mobile ID).
User authentication is performed by means of three security elements:
✓ User ID
✓ Telephone number
✓ Mobiil-ID (Mobile ID), PIN1 is used
With Mobiil-ID you can enter the e-service environment, make payments, settle deals, sign digitally.
3. Using PIN-generator.
User authentication is performed, in this case, by means four security elements:
✓ User ID
✓ Master password
✓ PIN-generator, i.e. a special device gemalto ezio system
✓ Your bank card
The main security element in such authentication system is a bank card of a customer. The protection of a bank card is provided by its PIN-code.
PIN-generator uses a technology called «Challenge / Response».
The information system of the bank generates a request (challenge) and sends it through Internetbank to the user. The user activates the PIN-generator by inserting its bank card to the device.
Then, it is necessary to select the desired function LOGIN (login to the system) or SIGN (signature of payment), enter the request from the bank to PIN-generator and enter the PIN-code of your bank card.
PIN-generator generates a response code.
NB! If you enter the PIN-code incorrectly three times in a row, the bank card will be blocked.
The resulting response on the display of the PIN-generator, which is in the form of a set of numbers, you need to enter in your Internetbank.
The information system of the bank checks the response code for its request and, if the numbers match, the operation is allowed. The operation of the PIN-generator is specified in more detail in the "Guidelines for the use of PIN-generator in the Internetbank system."
Additional security to the PIN-generator is provided by separation of functions, i.e. – availability of special function keys, which perform only its own particular function (program): LOGIN, SIGN.
In parallel, for added security when using PIN-generator, the bank sets a daily limit on the sum of all payments, beyond which you will be required to sign the payments in a compulsory way using the PIN-generator.
The use of PIN-generator You are not required to install any additional software on your computer or to acquire any new hardware, it works completely independently.
PIN-generator can be obtained at any time and at any branch office of the bank.
More info: http://www.gemalto.com.
Limit for performance of operations
For security reasons, the system of Internetbank uses the following limits:
✓ Daily limit
✓ Monthly limit
When performing any payment, the existing restrictions on the daily and monthly limits shall be controlled and a summing up shall be made to account for the payments made.
Additional security measures
If you leave the Internetbank webpage open, without any online actions in the Internetbank, then, in 10 minutes, the link will be disconnected, and, to continue, you will have to repeat the authentication procedure.
Confirmation of payment by phone (security question).
To ensure the security of payments in large amounts, the Bank offers an additional measure: to set the maximum amount of payment in the Internetbank, starting from which the additional confirmation of payment by phone (security question) is required.
The maximum payment amount shall be specified in the internet bank usage agreement and shall be determined by the client.
At the signing of payment, the amount of which exceeds the maximum amount specified in the contract, the processing of such a payment shall be suspended until receipt of the customer's confirmation by phone. At the same time, on a computer screen of Internetbank user appears a message about the payment that requires confirmation.
Amounts of payments that require phone confirmation are not accounted for in daily and monthly limits.
NB! Payments in excess of the maximum permitted amount according to the contract will not be processed without prior obtaining your confirmation by phone.
When concluding a contract for Internetbank services, the bank employee will offer you to choose from a list of possible security questions to which you must respond during confirmation of payment over the phone. You can also offer your own version of the question and the answer to it.
Your answer to the security question will be used by the bank to authenticate you as a true account holder performing the payment. The answer to the security question should be known only to you. You need to remember it, not to share with the others and keep it out of reach of third parties. It is not recommended to use the security questions, the answers to which may be apparent: date of birth, the child's name, nickname of a pet, car registration number, and so on.
Security question may also be used in different situations when dealing with the bank on the phone, for example: to block access to the Internetbank, to block your bank cards, etc.
We would like to draw Your special attention to the fact that passwords are issued to you personally, should only be known to you alone, and should not be passed to anyone else!
Fraudsters attempt, from time to time, to seize the safety elements. To this end, they send letters and messages by e-mail or regular mail (sometimes, on behalf of the bank) with a request to disclose passwords to Internetbank under some plausible excuse ("to restore data after a system failure ..." and so on). Phone calls with such requests are also possible.
WITH OUR FULL RESPONSIBILITY, WE ASSURE YOU THAT:
- YOUR PASSWORDS TO INTERNETBANK MAY BECOME NECESSARY TO NONE BUT FRAUDSTERS
- DO NOT DISCLOSE YOUR PASSWORDS TO ANYONE (INCLUDING PHONEY "EMPLOYEES OF THE BANK") UNDER ANY PRETEXT.