DirektNet Security

Related link: Security ABC

Security-related recommendations

Electronic banking offers a very high degree of security, but at the same time the incidence of abuse aimed at defrauding bank customers of their money is gradually increasing. In what follows we summarise what you can do to protect your data, so that you can use the DirektNet Internet Banking service safely.

  • Treat with suspicion all messages that ask you to verify or send your personal banking data!
    Please note that Raiffeisen Bank never sends any e-mails to its customers that contain a link to the DirektNet Internet Banking log-in page, and never asks for your identification data in an e-mail.
    Please do not respond to such requests!
  • Make sure you only give your Raiffeisen DirektNet Internet Banking customer ID number and password on the DirektNet log-in page that is accessible by typing www.raiffeisen.hu into the title bar of the browser. Do not use any other link!
  • Our employees working at the telephone customer service desk are instructed to ask only for your customer identification number (T-PIN)- never for your password.
  • If you use the internet and the internet banking service, we recommend that you protect your computer with a firewall and regularly updated anti-virus software.

1. What you can do to protect your data
2. Fraudulent e-mails and websites
3. What to do in suspicion cases
4. DirektNet's own security elements

1. What you can do to protect your data

1. Protect your ID numbers and codes!
Never give anyone the Raiffeisen Direkt PIN code that you received when you signed the contract, or the password you were given after the service was activated! Never record these in a place (such as your computer or mobile phone) from where they could fall into unauthorised hands and thus enable people to log in under your name!

2. Choose a complex password!
Always choose a password that can't be connected to you and that is therefore more difficult to work out (for example, don't choose your pet's name or a simple series of ascending numbers). Such passwords may be harder to remember, but they provide you with a bit more security.

3. Never let your internet browser record your password!
If you browse the internet with a browser that allows you to automatically record passwords (the browser stores the password linked to a specific web page, so that you don't have to type it in again), don't let the browser store your password for accessing DirektNet!

4. Install firewall software and update it regularly!
There are always malicious programs lurking on the internet that search for unprotected computers and when they gain access to an unprotected computer, they make it possible for their programmer to access non-public data. In certain cases, so-called Trojans may even install themselves on your computer and forward the data you type on your keyboard. This means that unauthorised persons can detect your ID code and password even if a secure connection is established between the bank's computer and your own. In order to avoid this and other such problems, we recommend that you install firewall software on your computer, which prevents the installation of malicious software and protects your computer against intrusion. It's important to remember that the threat of malicious programs spreading to your computer from the internet is almost permanently present, and so the firewall can only provide full protection if it is regularly updated (for this, see the recommendations of the software manufacturer).

5. Use anti-virus software and update it regularly!
We recommend that you protect your computer using anti-virus software that has a regularly updated virus database! Make sure you use the software to check regularly for viruses!

6. Use the Raiffeisen Mobile Banking service!
You can use the Raiffeisen Mobile Banking service to receive notification of each banking transaction in an SMS to your mobile (including bank card and credit card operations). This will allow you to know immediately that a given an order has been fulfilled, and also, therefore, if an unauthorised person has initiated a transaction on your account.

7. When logging off DirektNet, use the Logoff button - do not simply close the browser!

We advise you not to use public computers for accessing internet banking sites (unsupervised computers accessible to all in internet cafés, libraries, book shops and educational institutions), because neither the bank, nor its customers are able to protect themselves against these computers, or the applications running on them.

2. Fraudulent e-mails and websites

Trojans
Instead of asking you to reply to an e-mail directly, some swindlers will ask you to download a "banking application" by clicking on a link they send you in an e-mail. This is actually malicious software or a virus, which the fraudsters will use to try to disable your anti-virus and firewall programs.

Data phishing
This means that an e-mail that appears to come from the bank is in fact sent to the customer by swindlers in order to mislead customers and obtain their banking data and codes (DirektNet, T-PIN, password, bank card PIN code). The link in the e-mail leads to a fraudulent internet page, which looks deceptively like the bank's own website. Through these fake websites, fraudsters try to "fish" data, such as ID codes, passwords, and other confidential information, from unsuspecting bank customers. Please do not respond to any e-mails of this kind!

Pharming
Fraudsters can make a copy of the bank's internet website and direct visitors to a fraudulent internet page. Note that with real banking internet sites, a small padlock icon, indicating a secure connection, appears in the lower bar/upper title bar of the browser.

So, for your own protection, please read the information below.

How can you recognise fraudulent e-mails or websites?

Fraudulent e-mails - which may be in Hungarian or another language - often press you to provide or update your data urgently, and may even include a threat (e.g. "If you do not provide your data, your account will be blocked.").

The link in the fraudulent e-mail directs the bank's customer to a fraudulent web page, where he is asked to provide his data. Make sure you check the authenticity of the Raiffeisen Bank internet page!

How to recognise a fraudulent web page:

1. The small padlock icon, indicating a secure connection, is missing from the lower bar/upper title bar of the browser.
2. The domain name in the title bar-in this case, raiffeisenhu.com-is incorrect.
3. The customer is also asked to provide his telephone ID code (though this is not always the case).

How to make sure you're on the genuine website: 1. The lower bar/upper title bar of the browser contains a small padlock icon indicating a secure connection.
2. The domain name in the title bar is correct: www.raiffeisen.hu
3. No telephone ID code is asked for on the page.

At the bottom of the browser, a small padlock icon is displayed, representing the secure and encrypted channel protected by SSL technology. If you click on the icon, the following window will appear:

By means of this quiz you can learn how to identify fraudulent e-mails.

http://www.sonicwall.com/phishing/index.html

3. What to do in suspicious cases

Always be suspicious if you receive an e-mail or other message that asks you to provide the data you use for your Raiffeisen Bank services by clicking on the link in the e-mail or by calling a telephone number.
Never do this. Instead, notify the Bank immediately:

  • by e-mail, to info@raiffeisen.hu, or
  • by calling Raiffeisen Direkt on 06 40 48 48 48.

If you have already provided your Raiffeisen DirektNet, Internet Banking and/or Raiffeisen Direkt telephone ID codes in response to a fraudulent e-mail or other message sent to you in the name of Raiffeisen Bank, you must have these codes disabled as soon as possible and ask for further information by calling our customer service hotline on 06 40 48 48 48.

4. DirektNet's own security elements

Raiffeisen Bank Zrt. has developed the DirektNet Internet Banking system to the highest possible level of security known today. And this has been achieved in a way that ensures that the security requirements, and the information and security operations required of customers, do not impair the system's functionality or ease of use.

1. DirektNet is constructed dynamically, in a way that prevents the reverse engineering of the security logic.
To use the DirektNet service, you only need an internet browser - the installation of other programs or the use of applets is not required. (It has been demonstrated that applets pose a high risk for people who use the internet for banking purposes, because the applets and the encrypting mechanism in them can be downloaded and saved, making reverse engineering possible.) The DirektNet system contains no applets; the sides are built up dynamically by the bank?s web server, so it is impossible to reverse engineer the banking security logic applied.

2. The bank's systems have multiple firewall protection.
The task of a banking system's firewalls is to protect the bank's systems and customers' data as well as to prevent access by unauthorised persons. The multi-level firewall system at Raiffeisen Bank provides the very highest level of security.

3. When DirektNet is in use, all communication passes through an encrypted channel.
Due to the open nature of the internet, the bank protects all pages and mechanisms that contain or may be used for the transfer of sensitive business information. Whenever you access and use pages like this, a secured https connection is established between the customer's computer and the bank's web server, instead of the standard http connection. Data passing through a channel protected by SSL technology is encrypted using a 128-bit key.
The key required for encryption has been certified for Raiffeisen Bank by NetLock Kft., a recognised Hungarian certification authority.

4. Time-out function.
Security of use is further enhanced by the fact that the system automatically logs you out of the Raiffeisen site if you break off using the DirektNet service for more than 5 minutes (i.e. the browser window is inactive or no active operation is taking place in it).

5. Protection against concurrent log-ins.
The Raiffeisen site does not allow concurrent log-in using the same Direkt ID code on different computers. In this way, if an unauthorised person obtains an ID number or code through the negligence of the user, this person cannot log in concurrently with the user and have access to his or her accounts. Even better, if the customer is logged in and somebody tries to log in from another computer in his or her name, both parties are immediately notified, the system prohibits all additional operations and logs the user out.

6. The date and time of the last log-in is displayed.
To help you to monitor your DirektNet use even more closely, whenever you log in successfully, you can check the date and time of the last successful log-in in the window that list notices.

7. The password must be changed regularly.
It is compulsory to change your password every 90 days, and the system will ask you to do so automatically. Naturally, you can change your password more often, whenever you want to. You can do this on the 'Your profile' page.

8. Treatment of the password.
If an incorrect password is given three times during a log-in attempt, the system temporarily blocks access, thereby preventing any unauthorised person from performing any transaction on your account.

9. The IP address is recorded during communication.
The Bank's web server records the data of all computers logged onto the internet that initiate a request to the web server, thereby assisting the tracking of any cases of unauthorised access.