PRIVACY WHEN USING INTERNETBANK

Our bank is taking all possible measures to ensure the security of online banking (Internetbank, e-Banking) and integrity of your funds. On the other hand, you should stay alert yourself, while using online banking and a computer or other digital device. First of all, this is about keeping Internetbank passwords secret and using such security tools for your computer as firewalls (a special program or device that allows to block the attempts of hackers, viruses and other malware to gain access to your computer through the Internet), anti-virus software and anti-spyware programs.

 

Confidentiality

 

To encrypt the communication channel between your computer and the bank's information system, a TLS (Transport Layer Security) cryptographic protocol is used, which provides a protected data transfer between the hosts in the Internet. Since the first page of Internetbank is loaded (i.e. - after clicking on the "Internetbank" icon), the exchange of data between your computer and the bank is encrypted, providing protection against interception, distortion and falsification. Pay attention to the address bar of your Internet browser: it usually begins with a combination of characters "http: //". When working with Internetbank, the address bar should begin with "https: //", demonstrating that a secure connection is established using TLS protocol.

 

Another important aspect of confidentiality is to ensure the fact that you are really working with our genuine Internetbank. Fraudsters can use a false page that imitates the work with Internetbank, to seize user passwords. It is possible to make sure that you are really working with genuine Internetbank of Tallinn Business Bank by checking the certificate issued by AS Sertifitseerimiskeskus (a certifying organization). To do this, just open the certificate using your Internet browser. The address of our web server: www.tbb.ee and term of validity of the certificate should be present in the popped up description box.

 

Browsers

 

To ensure the security of transactions, the bank recommends that you use only the latest versions of popular browsers: MS IExplorer, Mozilla Firefox, Google Chrome, Apple Safari.

 

User Identification

 

To use Internetbank, you need a User ID and a permanent password.

 

User ID and master password for you shall be issued upon conclusion of a contract for the use of Internetbank, in a sealed envelope. We strongly recommend you to change the master password at your first log-in session, immediately after signing your contract for the use of Internetbank (under section "SETTINGS-> Change Master Password"), and to change it regularly in the future every 15-30 days. A User ID may be changed under "Settings" section.

 

The registration of all users of Internetbank is carried out when concluding a contract for the use of Internetbank. In the case of a legal person, several users of Internetbank may be registered. Each user is assigned a separate ID and password. In the case of a legal person, the first user of Internetbank is the Master User, i.e. - the owner, he has access to all the resources and all the rights are assigned to such Master User, within the limits of the specific contract. He has the right to set various restrictions for other users, to block any user, etc.

 

User registration is based on a variety of legal documents that give the right to dispose of the account, such as Power of Attorney.

 

The system operates on the basis of the user rights that are currently valid. Monitoring of the validity term of a bank account title is performed at each session, and if there are no valid rights, the user rights shall be blocked.

 

 

AUTHENTICATION OF THE USER

 

Authentication of the user is made by one of the following ways:

 

1. Using ID- or Digi-ID-card.

 

User authentication is performed by means of three security elements:

  • User ID;
  • Master password;
  • ID- or Digi-ID card, PIN1 is used.

Personal Identification Card or ID-card – is the compulsory identity document of a citizen of Estonia and of a citizen of the European Union who is a resident in Estonia (having a valid Residence Permit)

 

Digital personal identity card or Digi-ID - is a digital document that allows you to verify your identity in the electronic environment and to affix a digital signature. Electronic identity cards are issued to Estonian citizens and foreigners who have previously been issued identity card or residence permit, or to those who apply for the identity card or residence permit along with electronic digital ID.

 

ID- or Digi-ID Card is sufficiently reliable. Data is recorded on the chip, and it can not be copied.

 

To use the ID- or Digi-ID Card it is necessary to know PIN1 and PIN2.

 

For user authentication in the Internetbank with ID- or Digi-ID Card, the user must have a special readout device to process the ID- or Digi-ID Card and special software installed on your computer.

 

It is possible to download the software from the home page of Sertifitseerimiskeskus: https://installer.id.ee. It is important to have the latest version of ID- or Digi-ID Card software installed on your computer. You can check the relevance of your version in the Settings section of your ID- or Digi-ID Card program.

 

It is recommended to use the latest versions of browsers to ensure correct work of ID- or Digi-ID Card apps.

 

2. Using Mobiil-ID (Mobile ID).

 

User authentication is performed by means of three security elements:

  • User ID;
  • Telephone number;
  • Mobiil-ID (Mobile ID), PIN1 is used.
Mobiil-ID (Mobile ID) – is an electronic digital identity application related to a certificate connected with SIM-card of a mobile phone. The certificate provides an opportunity to identify a person digitally in an electronic environment. And the second certificate allows to affix a digital signature.
 

With Mobiil-ID you can enter the e-service environment, make payments, settle deals, sign digitally.

 

3. Using PIN-generator.

 

User authentication is performed, in this case, by means four security elements:

  • User ID;
  • Master password;
  • PIN-generator, i.e. a special device gemalto ezio system;
  • Your bank card.
PIN-generator is a special device, i.e. - the terminal into which you insert a bank card. PIN-code generator calculates the response code to a request from a bank, and is used when entering the Internetbank and when signing payment orders.
 

The main security element in such authentication system is a bank card of a customer. The protection of a bank card is provided by its PIN-code.

 

PIN-generator uses a technology called «Challenge / Response».

 

The information system of the bank generates a request (challenge) and sends it through Internetbank to the user. The user activates the PIN-generator by inserting its bank card to the device.

 

Then, it is necessary to select the desired function LOGIN (login to the system) or SIGN (signature of payment), enter the request from the bank to PIN-generator and enter the PIN-code of your bank card.

 

PIN-generator generates a response code.

 

NB! If you enter the PIN-code incorrectly three times in a row, the bank card will be blocked.

 

The resulting response on the display of the PIN-generator, which is in the form of a set of numbers, you need to enter in your Internetbank.

 

The information system of the bank checks the response code for its request and, if the numbers match, the operation is allowed. The operation of the PIN-generator is specified in more detail in the "Guidelines for the use of PIN-generator in the Internetbank system."

 

Additional security to the PIN-generator is provided by separation of functions, i.e. – availability of special function keys, which perform only its own particular function (program): LOGIN, SIGN.

 

In parallel, for added security when using PIN-generator, the bank sets a daily limit on the sum of all payments, beyond which you will be required to sign the payments in a compulsory way using the PIN-generator.

 

The use of PIN-generator You are not required to install any additional software on your computer or to acquire any new hardware, it works completely independently.

 

PIN-generator can be obtained at any time and at any branch office of the bank.

 

More info: http://www.gemalto.com.

 

4. Using the reusable multi-password card.

 

User authentication is performed by means of three security elements:

  • User ID;
  • Master password;
  • Password from the reusable multi-password card.
Password card – is a plastic card with Internetbank address, customer service phone number, e-mail and 30 passwords. To ensure the confidentiality, a special protective layer is applied on the passwords. This is done so no one can copy the passwords of your card or to have a sneaky peek at them. Upon receipt of the card in the office of the bank, please, check for the presence of such a protective layer.
 

If you use this method of authentication when signing payment orders the amounts of which exceed the daily limit of 200 EUR (established by the agreement of the Banking Union - Pangaliit) you must use passwords of additional one-time password cards.

 

4.1 Using one-time password card.

 

One-time passwords are used for signing payment at Intenetbank when user authentication has been done by means of a password from the reusable multi-password card. Each of the passwords is used by the system only once.

 

Additional one-time passwords (30 numbered 6-digit codes) on a plastic card shall be issued at the conclusion of the contract. You can get several of these cards.

 

If necessary, one of the passwords, defined by Internetbank, is used.

 

To ensure the confidentiality, a special protective layer is applied on the passwords.

 

You can always replace the currently used one-time multi-password card by choosing a new card from the list of the cards issued to you by us.

 

The number of login attempts by any of these methods is limited. If, during the client authentication process, the incorrect password is repeatedly entered, the access of the client to the Internetbank will be blocked.

 
 

LIMIT FOR PERFORMANCE OF OPERATIONS

 

For security reasons, the system of Internetbank uses the following limits:

  • Daily limit;
  • Monthly limit.
Limits are set in the process of signing a contract for use of the Internetbank. The limits shall be assigned to each bank account separately.
 

When performing any payment, the existing restrictions on the daily and monthly limits shall be controlled and a summing up shall be made to account for the payments made.

 

In the case the reusable multi-password card is used to authenticate a user, an additional control is carried out when signing payments, namely: if the daily amount of payments exceeds 200 EUR (established by the agreement of the Banking Union - Pangaliit), such excess payments require their authorization with use of the one-time password card.

 

 

ADDITIONAL SECURITY MEASURES

 

If you leave the Internetbank webpage open, without any online actions in the Internetbank, then, in 10 minutes, the link will be disconnected, and, to continue, you will have to repeat the authentication procedure.

 

Confirmation of payment by phone (security question).

 

To ensure the security of payments in large amounts, the Bank offers an additional measure: to set the maximum amount of payment in the Internetbank, starting from which the additional confirmation of payment by phone (security question) is required.

 

The maximum payment amount shall be specified in the internet bank usage agreement and shall be determined by the client.

 

At the signing of payment, the amount of which exceeds the maximum amount specified in the contract, the processing of such a payment shall be suspended until receipt of the customer's confirmation by phone. At the same time, on a computer screen of Internetbank user appears a message about the payment that requires confirmation.

 

Amounts of payments that require phone confirmation are not accounted for in daily and monthly limits.

 

NB! Payments in excess of the maximum permitted amount according to the contract will not be processed without prior obtaining your confirmation by phone.

 

When concluding a contract for Internetbank services, the bank employee will offer you to choose from a list of possible security questions to which you must respond during confirmation of payment over the phone. You can also offer your own version of the question and the answer to it.

 

Your answer to the security question will be used by the bank to authenticate you as a true account holder performing the payment. The answer to the security question should be known only to you. You need to remember it, not to share with the others and keep it out of reach of third parties. It is not recommended to use the security questions, the answers to which may be apparent: date of birth, the child's name, nickname of a pet, car registration number, and so on.

 

Security question may also be used in different situations when dealing with the bank on the phone, for example: to block access to the Internetbank, to block your bank cards, etc.

 

 

WE WOULD LIKE TO DRAW YOUR SPECIAL ATTENTION to the fact that passwords are issued to you personally, should only be known to you alone, and should not be passed to anyone else!

 

Fraudsters attempt, from time to time, to seize the safety elements. To this end, they send letters and messages by e-mail or regular mail (sometimes, on behalf of the bank) with a request to disclose passwords to Internetbank under some plausible excuse ("to restore data after a system failure ..." and so on). Phone calls with such requests are also possible.

 

 

WITH OUR FULL RESPONSIBILITY, WE ASSURE YOU THAT:

  • YOUR PASSWORDS TO INTERNETBANK MAY BECOME NECESSARY TO NONE BUT FRAUDSTERS
  • DO NOT DISCLOSE YOUR PASSWORDS TO ANYONE (INCLUDING PHONEY "EMPLOYEES OF THE BANK") UNDER ANY PRETEXT.
     

*Privacy when using Internetbank (pdf)