The bank uses the latest information and security technology aimed to protect customer activities from unauthorised access or operation. However, we have to emphasise, it is the customer, who is the most important element of e-Banka security. It is essential to keep the main security rules when using services of electronic banking,

Should a customer encounter a non-standard conduct of e-Banka, he is advised to consult operators of our contact center Dexia Linka. In case of any doubts or a suspicion of a security problem, please inform us by your e-mail sent to: eb@dexia.sk.

• Bank Information Security
• Customer Information Security

Bank Information Security

Encrypted communication

A connection between a customer and Prima banka Slovensko, a.s. has been secured by the SSL protocol aimed to secure transmission of private data through the Internet.
The SSL protocol is used by majority Internet browsers, recognising a secure connection based on the address starting with the instruction https or a symbol of a lock , depicted in the right hand button of the Internet browser. Depending on the browser setting, a window pops –up, warning of entering a secured web page.

When a customer logs in e-Banka via https://eb.dexia.sk, his connection is secured. All confidential data, as well as his personal ones, are encrypted before being sent from his computer to our bank. Thus nobody else can read them, only a sender and a recipient. (i.e. a customer and the bank).
A 128-bite SSL encrypting is used in our bank, being accepted as industrial standard.

Customer identification
It is a procedure, where a user is introduced to the system (he identifies himself). It may be deemed a non-binding or a preliminary statement of a customer identity. In general, it represents a customer name, his identification number, profile, certificate, identifier, key, etc.
A customer identification in the bank´s e-Bank is done via a valid user (log-in) name, which has to be pre-set and active in the bank´s system.

Customer authentication
Authentication verifies a user identity, i.e. it investigates, whether it is truly authentic. Identification and authentication are two consecutive, inseparable procedures.
In order to authenticate a customer, the bank uses:

• SMS authentication (verification by a code sent to a pre-set mobile number)
• authentication by GRID card (verification of One-Time password from GRID card)
• authentication by Vasco token (verification of One-Time password from authentication device).

Connection expiration
Should a customer forget to log- off or his computer is non-active for a certain time, session will be automatically terminated by e-Banka´s server.

General technological measures
In order to secure the required level of information security, there are several levels of procedural and technological measures in the bank. In general, we may state:

• licenced software is used exclusively
• operation systems are updated with the latest security patches
• antivirus software is globally and immediately updated
• sophisticated network infrastructure, subject to regular audit, is used aimed to protect non-authorised intrusion into the bank´s network
• modern system of intrusion detection is used for revealing possible attacks.

Customer Information Security

It is quite demanding to secure a sufficient level of information security with respect to an increasing number of attacks. A lot of measures require an IT assistance. However, a customer is recommended to observe some basic rules aimed to secure his data, when executing transactions via e-Banka.

The general rules of the Internet browsers use:

• log- in e-Banka exclusively via the secured https://eb.dexia.sk
• log-in e-Banka exclusively via the web address https://eb.dexia.sk, or via a bookmark in Favourites in this exact form
• do not access e-Banka from public or unknown computers, whose security is not known to you, if possible
• e-Banka application does not require storing loaded web pages in temporary files in a customer´s computer. Despite this fact, all customers are recommended to check their Internet browser setting, which may force to store temporary files
• having finished your work in e-Banka, it is necessary to log-off and close the window of the Internet browser.

Password policy
A password is an important authentication element. Therefore customers are advised to observe the following recommendations:

• keep your password in secrecy
• do not put down your password, keep it only in your memory
• do not allow anybody to use your log-in data for e-Banka
• make sure you change your access password regularly (the bank will ask you automatically to change your password minimum once a year)
• do not satisfy a request of persons known or unknown to you for sending or revealing identification and authentication information
• you are recommended to follow instructions for a password production
• having a suspicion of revealing authentication data, immediately change your password and simultaneously inform operators of the contact center Dexia Linka

It is a challenge to produce a password you are able to remember and simultaneously, being difficult to puzzle out.

How to produce a “strong” password - some hints:

Rule	Recommendation/Example	Inappropriate example
Produce long passwords	At least eight characters	Do not use your log- in name or its part (e.g. ”Jane“, ”Novak“)
Vary small (lower-case) and capital (upper-case) letters	joZkomRkvicka	JANE, jane, NOVAK, novak
Vary characters	joZkomRkvicka44	Do not use actual words from any language
Use at least four different characters	joZkemRkvica48	Should there be several identical alphabet letters, change some change them for different ones deliberately Do not use identical characters (e.g. ”xxxxxx“ or “2222222“).
Use random figures and letters		Do not use letters, being adjoined in keyboard (e.g. ”qwertz“)

Technological measures
It is very important to log-in e-Banka from a computer, having:

• the latest security updates, patches of operation system and the Internet browser ,
• appropriate antivirus software
• appropriate antispyware software
• personal firewall

Prevention of possible e-mail attacks
Currently, bank customers are more frequently exposed to malicious attempts seeking to obtain and misuse their personal data and other banking-related information through fraudulent e-mails and fraudulent web sites, the so-called Phishing and Pharming. Therefore, our customers are recommended to follow the security procedures:

• do not respond to any e-mails requesting a provision of your personal data (a bank never requests to send private authentification data to by e-mail)
• do not open e-mail attachments sent by unknown senders
• pay more attention to suspicious emails (even though they might give an impression of coming from reliable sources, including banks)
• never disclose to anyone numbers of your accounts, any balances therein, your PIN codes or access passwords (it is always highly suspicious if any organization or an individual requests to provide your personal data or other sensitive information)
• do not send or enter your personal data or banking information to/into non-encrypted or unsecured web sites.