INTERNET BANKING

PRIVACY POLICY

INFORMATION ON RISKS AND PROTECTION METHODS RELATED WITH THE USE OF ELECTRONIC BANKING SERVICES

WHAT IS FRAUD?

Fraud is the act of a person who deceives another person and obtains self-interests and interests for other in a manner damaging that person or another person through fraudulent behaviours. An increase is observed in digital fraud activities with the advancement of technology and increased use of it around the world. As Fibabanka, we would like to provide information on widely used methods of fraud, protection methods, and your rights and responsibilities so, you do not suffer from any digital fraud activities that may be encountered in connection with electronic banking services you use.

WHAT ARE INTERNET AND MOBILE BANKING SERVICES?

Our bank performs non-financial transactions, transactions between own accounts, foreign currency and investment transactions and transfers to other accounts held in the bank, 24/7 through Internet and Mobile Banking channels. EFT and SWIFT services are closed at weekends and out of working hours; therefore, these services are not offered 24/7. However, our Transfer on Duty services allows money transfers to banks in our system through Internet and Mobile Banking channels out of working hours during the week and at weekends.

Our clients who wish to use services we offer through Internet and Mobile Banking channels can activate Fibabanka Internet Banking and Fibabanka Mobile Banking over www.fibabanka.com.tr or Fibabanka Mobile Banking application. Channel is activated with the verification of at least 2 components of any information owned, known by the client. It is not possible to use services through these channels unless these procedures are completed.

RISKS ABOUT USING INTERNET BANKING AND MOBILE BANKING

We offer solutions facilitating financial life of our clients via Internet Banking and Mobile Banking channels and we allow them to receive financial services and enjoy cost advantages without visiting a bank branch. However, unfortunately, these facilitating solutions lead to certain risks when necessary measures are not taken. It should be noted that defrauders are persons who would use any vulnerability caused by the use of Internet and Mobile Banking services by our clients, for their own interests without hesitating. Methods used for this purpose and measures that should be taken for protecting our clients from these risks are explained below.

İnternet ve mobil bankacılık hizmetlerinin kullanımın taşıdığı riskleri aşağıdaki gibi özetleyebiliriz:

  • Risks that may be caused by our Internet and Mobile Banking channels can be summarized as follows: Financial loss
  • Effort that will be shown to remedy the loss
  • Permanent disclosure of information specific to client
  • Legal efforts
  • Loss of reputation

FRAUD METHODS

Social Engineering

As a fraud method, social engineering is a method used to obtain unjustified benefits by using information of clients such as identification, card, electronic banking, telephone, tablet, computer passwords. Defrauders abuse trust by contacting the relevant person by telephone, via e-mail, social platforms and even in person in order to obtain such private information. The goal is to obtain the required information through traps placed in a fake scenario/ story.

In social engineering, methods such as:

  • Persuading the person to the story that he/she won a prize;
  • Creating fear;
  • Persuading the person that contracting person is from security, military or judicial authorities;
  • Acting like a relative whose social media account is seized;
  • Asking for help or persuading that protection is offered by saying that a terrorist organization seized your accounts

are used to commit fraud about your financial assets by seizing personal or financial information as well as the required user information and passwords in connection with Internet and Mobile Banking channels.

How to ensure protection?

  • Do not take such notifications serious in case you are required to give money or provide your personal information specified above with promises such as “You won a prize & gift, correction of credit rating, reimbursement of expenses incurred”.
  • Do not take it seriously if any person who calls you by telephone, introduces himself/ herself as a public officer (police, soldier, prosecutor, judge, etc.) and asks you to give money, gold or provide your personal information.
  • Do not share your personal information in case it is requested on social media platforms.
  • Do not share your password with any person including staff members of the bank.

Important Note: None of the official authorities or bank would contact you via e-mail, by telephone or through similar other communication channels and request your card details and passwords, Internet or Mobile Banking password and your personal information.

Phishing

Phishing attacks appear as they are from various banking and financial institutions or another reliable organization; they can give the impression that they are urgent or highly important and the purpose is to size your sensitive information (card and electronic banking password, SMS password, card details, identification details, etc.). E-mails and SMS that are send using this method may require you to install an application to your computer or mobile device or provide link to a fraudulent site in order to seize your sensitive information.

  • SMS
  • E-mail
  • Website
  • Mobile Application

The goal is the same with all methods: Obtaining financial gains or seizing your personal information.

  • In fraudulent e-mails, name of the sender resembles the name of the imitated sender.
  • They may start with a phrase addressing multiple users (i.e., “Dear User”).
  • They may contain clerical errors.
  • They may be intended to create the impression of urgency or importance.

How to ensure protection?

  • Search engines are used to access the internet site of our bank. Fraudulent websites may appear among results of search engines. Therefore, access should be made by typing www.fibabanka.com.tr in the address bar.
  • An up-to-date anti-virus software should be used.
  • It should be ensured that the device used is updated.
  • E-mails should be opened only when there is certainty about sender.
  • Documents attached to e-mails and SMS received from unknown addresses should not be opened.
  • It should be ensured that security picture selected for using our bank’s Internet and Mobile Banking channels is the same during each time of access to such channels.
  • Links that appear with appealing advertisement contents or links in advertisements appearing to be Fibabanka advertisement should not be clicked and advertisements requiring entry of electronic banking password or personal information should be ignored. In particular, it should be ensured that the internet page opened has a valid SSL certificate.

Malicious Software

It is possible to spread malicious software to computers, smart phones or mobile devices through various methods. The goal of this method is to seize information in devices or control devices. Thus, personal information and financial gains can be obtained.

Malicious software allows:

  • Monitoring of keyboard or mouse movements in the device;
  • Access to personal information stored in your device;
  • Remote control of your devices;
  • Directing of SMS or calls you receive to another number.

How to ensure protection?

  • An up-to-date anti-virus software should be used.
  • Firewall application should be used.
  • Licensed software should be used.
  • Attachments received from unknown senders should not be opened.
  • All attachments should be scanned for viruses before opening.
  • Unsecured applications should not be installed in the device. Attention should be paid to install applications from official markets (Google Play Store and App Store).

RECOMMENDED SECURITY MEASURES AND BANKING SECURITY PRINCIPLES

  • Do not share your customer number, password, verification codes you use for access to Fibabanka Internet Banking or Fibabanka Mobile Banking channels and transaction approvals, with any other person.
  • Do not share your credit card and debit card number, expiry date and security code (CVV2) in the back of your card and passwords with any other person.
  • Change your passwords on regular basis.
  • Do not allow any other person to use your device when you are connected to Fibabanka Internet Banking and Mobile Banking channels.
  • End session by clicking ‘Logout’ after completing your transaction.
  • Check the date and time of the last transaction using “Last Successful Login” when you access Fibabanka Internet Banking or Mobile Banking channels and check whether any third person uses your accounts or not. Report any unauthorized access to our Bank.
  • Do not use public computers for banking transactions. Various malicious software intended to size your account information and personal passwords may be present in public computers.
  • Search engines are used to access the internet site of our bank. Fraudulent websites may appear among results of search engines. Therefore, access by typing www.fibabanka.com.tr in the internet address bar.
  • Please pay attention to not using web pages specified in electronic mails or in any other environment. Do not access to Fibabanka Internet Banking through links provided in other pages.
  • In case of any doubtful situation, problem or fraud case, you can report by visiting branches of our Banks or calling Fibabanka Telephone Banking at 444 88 88. Our bank will ensure that necessary measures are taken immediately.
  • In case you become victim of a fraud act, please file a complaint to the closest Public Prosecutor’s Office.
  • An SMS is sent to your mobile phone number registered in our Bank and information is provided about the transaction in each case of debiting financial transaction performed using our Internet or Mobile Banking channels. You can report any SMS information you did not prompt by visiting our branches or calling Fibabanka Telephone Banking providing services 24/7, at 444 88 88.
  • You can define extra security measures over our Internet Banking channel and make changes as required. You can perform the following updates in “Security” menu after logging into the Internet Banking.
    • Change Password
    • Restrict Access from Foreign Countries
    • Management of Authorization and Limit about Transactions: You can reduce transaction limit and daily limits to the minimum amounts of the Bank for transactions performed using Internet Banking (e.g., transfer to another account, EFT and SWIFT). You can prevent performance of a specific transaction by reducing this limit to the minimum level for transaction sets you would like to prohibit.
    • Information Messages: You can procure an SMS to your registered mobile phone number and/or an information e-mail to your registered e-mail address subject to minimum limits of the bank for transactions specified in the notifications list.
    • Date/Time Restriction: This application allows your transactions to be performed in Internet and Mobile Banking channels on the date and time specified by you.
    • IP Access Restriction: IP restriction option gives access permission to Internet and Mobile Banking channels through connections made from the IP or IP ranges specified by you.
  • Browser Support: All visitors and clients with browsers such as Microsoft Edge, Google Chrome 69 and higher, Mozilla Firefox 62 and higher and Safari 10 and higher can use services we offer through our internet site without encountering any problem.
  • Device Support: Our clients using mobile operating system such as iOS 11 and above, Android 5 and above can use our services offered through Fibabanka Mobile Banking application without encountering any problem.
  • Our Bank uses up-to-date and preventive USTA Anti-Fraud Module designed to ensure prevention of fraud.
  • Our Bank formed an Anti-Fraud Unit. Internationally accepted software is used to detect risky transactions within the scope of electronic banking transactions and transactions are monitored 24/7 with adequate number of staff members.
  • Information Security Unit provides services for the purpose of ensuring information security in our bank.
  • Only authorized staff members can access to personal data of clients stored in Fibabanka. Audit trails are created for access to sensitive and critical data.
  • Fibabanka uses state-of-the-art security technologies for effective protection of clients and their data against cyber threats in accordance with its responsibilities described under Banking Law and other applicable legislation.
  • Measures taken are regularly evaluated through risks assessments that are compulsory under the applicable law and regulations. As a minimum, measures taken are evaluated through tests defined within the scope of the applicable legislative provisions. Thus, reasonable level of protection is ensured in connection with sensitive and critical data stored in our Bank.
  • Technical infrastructure of the Internet Banking and Mobile Banking channels are inspected through risk assessments performed regularly and improvement actions are taken as required. Having a redundant system architecture aimed at ensuring business continuity, our Telephone and Internet/ Mobile Banking channels are designed to provide services from two different locations in case of interruption.
  • Security Infrastructure
  • Joint solutions have been developed with the leading technology companies in the world and the most secure internet technologies are used in order to keep security of banking transactions performed in Fibabanka Internet and Mobile Banking channels at the highest level.
  • Information you use for login to Fibabanka Internet and Mobile Banking channels is protected with 128-byte SSL encryption as a minimum during information transfer to our Bank; thus, access of any 3rd person to such information is prevented. SSL is an encryption technology applied by the newest internet browsers for access to the internet. You check security status of your connection via SSL.
  • Communication you establish through Fibabanka Internet and Mobile Banking channels will be encrypted with a new password consisting of 40 digits thanks to 128-byte encryption.
  • Transaction Time: Your session will be automatically ended for your own security if you are not active for 570 seconds after access to Fibabanka Internet and Mobile Banking channels. You will be required to enter your client number (or T.R. identification number) and password for accessing again. Thus, the system will prevent any other person to perform any transaction even if you leave your computer unattended. Security level has been increased by limiting access duration of passwords for single use with 3 minutes.
  • Two-Level Identity Verification: The following identity verification methods should be used simultaneously in order to ensure secure financial transactions over the Internet/ Mobile Banking channels and protect your personal information in accordance with banking legislations.
  • Known factor (e.g.: password and pin number)
  • Owned factor (e.g.: mobile phone)

Our system design requires two identity verification methods as a minimum for identity verification. (Known factor and owned factor)

Our Bank ensures higher level of security in Mobile Banking channel with application that features devices recognition and allows customer verification through a secure channel. Our clients with a mobile device with Fibabanka Mobile application give transaction approval through this application instead of using the approval password sent via SMS in case of Internet Banking transactions. Transaction approval should be given within 60 seconds.

  • Security Picture: Security picture selection procedure is applied during the first use of our Internet or Mobile Banking channels. Upon selection of security picture, this picture should be checked to ensure that Fibabanka Internet Banking or Mobile Banking application is used for further access.

RESPONSIBILITIES OF CLIENTS

Customer is obliged to fulfil the following responsibilities for secure Internet or Mobile Banking service:

  • Ensuring physical security of the device used to connect to the Internet or Mobile Banking; using up-to-date anti-virus software and firewall applications in the device; avoiding the use of copied or unlicensed software in these devices and keeping operating systems up to date.
  • Avoiding the performance of Internet Banking transactions in devices that are open to public use or access of others.
  • Ensuring security of personal data, debit and credit card information and passwords, Internet Banking, Mobile Banking, Telephone Banking passwords and user information and refraining from sharing such information with any other person including family members.
  • For access to the Internet Banking, do not make a search using the internet browser and access to the internet site of our bank by typing the address www.fibabanka.com.tr in address bar.
  • Reading general security information provided by our bank and acting in accordance with the information provided.
  • If required, using security settings (such as changing the limit of money transfer) we offer under “Security” menu in the Internet Banking channel of our Bank.
  • Reading and complying with the information and warning messages sent by our bank.
  • Checking the last access and erroneous access information shown to you when you access to the Internet Banking channel and report any unknown access or attempted access to our Bank.
  • In case of any doubtful situation, notifying our branches or Fibabanka Telephone Banking at 444 88 88 immediately.
  • In case of any fraud, filing a complaint to the closest prosecutor’s office.

RIGHTS OF CLIENTS

  • You can close your electronic banking channels any time by visiting our branches or calling Fibabanka Telephone Banking at 444 88 88.
  • You can close your accounts temporarily or permanently for preventing any transaction that may be performed in your accounts held at our Bank.
  • You can update client identification details and contact information held by our Bank.
  • If required, using security settings (such as changing the limit of money transfer) we offer under “Security” menu in the Internet Banking channel of our Bank.
  • You can change your credit card, debit card, Internet Banking, Mobile Banking and Telephone Banking passwords. You can close credit card and debit card to online shopping, mail order and telephone order and request for renewal of your card.
  • You can ask our Bank to check your account activities.
  • Our Bank is not entitled to activate any electronic banking service without your application. If your access to any electronic banking service is closed or requested to be closed, the relevant service cannot be activated without your application.

HANDBOOK OF THE BANKS ASSOCIATION OF TURKEY

For improved awareness on fraud, we recommend you to review the handbook named Fraud and Protection Methods that has been prepared by the Banks Association of Turkey and enriched with examples. You can access using the following link.

https://www.tbb.org.tr/Content/Upload/Dokuman/7328/TBB-Dolandiricilik-Eylemleri-ve-Korunma-Yontemleri.html