Security Measures While Using PSB On-Line System
OJSC Promsvyazbank is constantly improving the security of clients’ operations while preserving the convenience of using the services.
For clients’ protection the following measures are being used:
- encryption of communication pathway by means of SSL protocol;
- Signature Key Certificates (SKC) for confirmation of operations;
- USB-tokens for generation, safe storage and secure work with an SKG;
- notification about an IP-address from which the last operating session has been executed.
While using Remote Banking please kindly consider the following recommendations in order to increase the security of the system:
- Use a USB-token for safe storage of an EDS Private Key. The usage of a USB-token considerably enhances the safety of a certificate.
- Under no circumstances do not give information about your certificate’s password to anybody including Bank’s officers, relatives and other persons.
- Under no circumstances do not keep information about your certificate’s password on any storage devices including computer. If you have suspicions that somebody has obtained the information about your password you need to change your certificate’s password by yourself or request the Bank to block the certificate. You can do it by giving a call to our Call Centre with further written application for blocking. The unblocking of the certificate is executed in the Bank’s office at Client’s personal request.
- Perform change of a password to certificates on a regular basis (in case of firing of an employee in charge or an employee having an access to Remote Banking system an immediate change of passwords must be performed; a password must contain not less than 6 symbols; the Bank recommends to use a password containing not less than 8 symbols consisting of a combination of letters, digits and non-alphabetic symbols (for example - !, $, #, %)).
- It is not recommended to store a certificate on a hard disc of a computer. Keep certificates only on USB-tokens, USB flash devices or on CDs in a inaccessible for third persons place (safe-deposits boxes, locking drawers, etc.)
- Limit the access of employees and third persons to certificates and computers with installed Remote Banking Systems.
- Monitor payment orders sent via Remote Banking System.
- Avoid working with untrusted computers (internet cafe, kiosks, etc.) because in this case the risk of user’s data theft (login / password, certificate) increases.
- Check the information about an IP address from which the last operating session has been executed.
- After an operating session in Remote Banking System is completed you must close the system’s window using the button EXIT. After logging-out you must take out from the computer a USB-token or any other certificate storage device.
- Make sure that your computer is protected against viruses. Install and activate an antivirus programme. Update your antivirus database on a regular basis. Please take into consideration that virus might act with an aim of obtaining and transferring to third persons the information about your password and certificate.
- Install and adjust personal firewall on your computer – this will allow to prevent unauthorized access to the information on your computer. Additionally you can adjust your firewall to have access only to system’s address: http://online.payment.ru/ [188.8.131.52] for the ports 9443, 9080 and 80.
- Always use licensed software from reliable and trusted sources. Do regular updates of an operational system and its applications (browser, documents operating software, etc.).
- Pay attention to changes of usual procedures of logging in or functioning of the system. Any changes, especially those related to safety, are being announced by the system. If you have any doubts regarding the correctness of the functioning of Remote Banking System please do contact to the Bank’s Call Centre.
- If you discover attempts of unauthorised access or in case of reasonable concerns that this kind of attempts can be carried out please kindly:
- inform the Bank about it immediately;
- check the last payment documents sent to the Bank, in case of detecting unauthorised payment instructions write an application to recall certificates;
- switch off your computer using HIBERNATE or SHUT DOWN;
- undertake measures to save log file of your Internet session (data from proxy-server, your firewall or request it from an operator);
- provide the Bank with a detailed written description of the circumstances of certificate’s compromise or unauthorised access.
THE BANK ALWAYS WARNS ITS CLIENTS ABOUT ALL CHANGES MADE IN THE SYSTEM. NEVER USE THE INTERFACE THE CHANGE OF WHICH IS NOT CONFIRMED BY THE BANK.
Should you have any questions please kindly contact the Bank at the following telephone and e-mail address:
Tel: (495) 228-38-25