Internet Banking
Internet
Banking

Information on Risks and Protection Methods related with the Use of Electronic Banking Services

A. What is Fraud?

Fraud is the act of a person who deceives another person and obtains self-interests and interests for other in a manner damaging that person or another person through fraudulent behaviours. An increase is observed in digital fraud activities with the advancement of technology and increased use of it around the world.

As Fibabanka, we would like to provide information on widely used methods of fraud, risks, protection methods, and your rights and responsibilities to protect you against any digital fraud activities that may be encountered in connection with electronic banking services you use.

B. What are Mobile and Internet Banking Services?

Our bank performs non-financial transactions, transactions between own accounts, foreign currency and investment transactions and transfers to other accounts held in the bank, 24/7 through Internet and Mobile Banking channels. EFT and SWIFT services are closed at weekends and out of working hours; therefore, these services are not offered 24/7. However, FAST Transfer allows money transfers to banks through Internet and Mobile Banking channels out of working hours during the week and at weekends.

Our clients who wish to use services we offer through Mobile and Internet Banking channels can activate Fibabanka Mobile and Internet Banking over www.fibabanka.com.tr or Fibabanka Mobile Banking application. Channel is activated with the verification of at least 2 components of any information owned, known by the client. It is not possible to use services through these channels unless these procedures are completed.

Mobile and Internet Banking Fraud Methods

Social Engineering

As a fraud method, social engineering is a method used to obtain unjustified benefits by using information of clients such as identification, card, electronic banking, telephone, tablet, computer passwords. Defrauders abuse trust by contacting the relevant person by telephone, via e-mail, social platforms and even in person in order to obtain such private information. The goal is to obtain the required information through traps placed in a fake scenario / story.

In social engineering, methods such as:

  • Persuading the person to the story that he/she won a prize;
  • Causing fear;
  • Persuading the person that the fraudulent party is from security, military or judicial authorities;
  • Acting like a relative whose social media account is seized;
  • Asking for help or persuading that protection is offered by saying that a terrorist organization seized your accounts

are used to commit fraud about your financial assets by seizing personal or financial information as well as the required user information and passwords in connection with Internet and Mobile Banking channels.

How to ensure protection?

  • Do not take such notifications serious in case you are required to give money or provide your personal information specified above with promises such as “You won a prize & gift, correction of credit rating, reimbursement of expenses incurred”.
  • Do not take it seriously if any person who calls you by telephone, introduces himself/ herself as a public officer (police, soldier, prosecutor, judge, etc.) and asks you to give money, gold or provide your personal information.
  • Do not share your personal information in case it is requested on social media platforms.
  • Do not share your password with any person including staff members of the bank.

Important Note: None of the official authorities or bank would contact you via e-mail, by telephone or through similar other communication channels and request your card details and passwords, Internet or Mobile Banking password and your personal information.

 Phishing

Phishing attacks appear as they are from various banking and financial institutions or another reliable organization; they can give the impression that they are urgent or highly important and the purpose is to size your sensitive information (card and Mobile/Internet Banking password, SMS password, card details, identification details, etc.). E-mails and SMS that are send using this method may require you to install an application to your computer or mobile device or provide link to a fraudulent site in order to seize your sensitive information.

The following channels may be used in Phishing cases:

  • SMS
  • E-mail
  • Website
  • Mobile Application

The goal is the same with all methods: Obtaining financial gains or seizing your personal information.

  • In fraudulent e-mails, name of the sender resembles the name of the imitated sender.
  • They may start with a phrase addressing multiple users (i.e., “Dear User”).
  • They may contain clerical errors.
  • They may be intended to create the impression of urgency or importance.

How to ensure protection?

  • Search engines should not be used to access the internet site of our bank. Fraudulent websites may appear among results of search engines. Therefore, access should be made by typing www.fibabanka.com.tr in the address bar.
  • An up-to-date anti-virus software should be used.
  • It should be ensured that the device used is updated.
  • E-mails should be opened only when there is certainty about sender.
  • Documents attached to e-mails and SMS received from unknown addresses should not be opened.
  • It should be ensured that security picture selected for using our bank’s Internet and Mobile Banking channels is the same during each time of access to such channels.
  • Links that appear with appealing advertisement contents or links in advertisements appearing to be Fibabanka advertisement should not be clicked and advertisements requiring entry of Mobile/Internet Banking password or personal information should be ignored. In particular, it should be ensured that the internet page opened has a valid SSL certificate.
Fibabanka QR Kodu

 

Malicious Software

It is possible to spread malicious software to computers, smart phones or mobile devices through various methods. The goal of this method is to seize information in devices or control devices. Thus, personal information and financial gains can be obtained.

Malicious software allows:

  • Monitoring of keyboard or mouse movements in the device;
  • Access to personal information stored in your device;
  • Remote control of your devices;
  • Directing of SMS or calls you receive to another number.

How to ensure protection?

  • An up-to-date anti-virus software should be used.
  • Firewall application should be used.
  • Licensed software should be used.
  • Attachments received from unknown senders should not be opened.
  • All attachments should be scanned for viruses before opening.
  • Unsecured applications should not be installed in the device. Attention should be paid to install applications from official markets (Google Play Store, App Gallery and App Store). You can download our application by having your phone read the relevant QR code or clicking the 'download the app' buttons on our Mobile Banking page at https://www.fibabanka.com.tr/mobil-bankacilik.

What are the Telephone Banking Services?

Through our Call Center channel, non-financial transactions, credit, ATM and credit card transactions, password transactions, information update transactions, digital channel activation and deactivation transactions, transactions between your own accounts, foreign exchange and investment transactions and transfer transactions can be made to other accounts within the bank. EFT service can be provided on working days and during working hours.

Telephone Banking Fraud Methods

Fradulent Call Center Fraud

Fradulent call center fraud is the method of obtaining banking passwords, credentials and one-time transaction passwords of clients by making calls with numbers similar to the telephone banking numbers of banks.

How to ensure protection?

  • You must access Fibabanka Telephone Banking only at 444 88 88 and 0850 222 77 77. Disregard calls from different numbers.
  • You must dial the number yourself when you want to reach Fibabanka telephone banking from other people's phones or public phones. Make sure the number is dialed correctly.

What is ATM Banking Services?

Money withdrawal, balance inquiry, transfer between accounts, card password change transactions can be performed from Fibabanka ATMs 24/7.

Free withdrawals, deposits and balance inquiries can be made as much as you wish from İş Bank ATMs and Akbank ATMs, and up to 5 transactions per month from PTTmatiks.

Cash withdrawals can be made from all foreign ATMs with the Maestro emblem in the currency of the country where you are located at.

ATM Fraud Methods

Card Copying

Card copying fraud is the method of copying the data in the magnetic strip of the card used in the ATM by means of the assembly mounted in the ATM card input chamber.

The password of the card is obtained by placing a hidden camera in a position where the keyboard can be seen in the ATMs with the card copy mechanism attached.

The copied card information is transferred to another card with a magnetic stripe and used with passwords captured with a hidden camera.

How to ensure protection?

  • If you notice that there is an unusual situation in the ATM you are using, you can call our 444 88 88 and 0850 222 77 77 Fibabanka Telephone Banking. Our bank will ensure that the necessary measures are taken quickly.
  • When conducting transactions at the ATM, enter your card password in a way that no one can see and close the key panel with your other hand.

Card Trapping

Card trapping fraud is the method of trapping the card by using the mechanisms that prevent the ATM from reading or returning the card to be processed placed in the ATM card entry chamber.

As in the card copying method, the card password is obtained by visual observation the card password with the hidden camera that can see the ATM keyboard or the password keyed on the keyboard during the transaction of the people who come to help you as a result of the card being stuck in the ATM.

The jammed card is taken by the fradulent person after the card holder leaves the ATM and used with the password.

How to ensure protection?

  • Requests for assistance from anyone while performing transactions at the ATM should not be accepted.
  • If your card is withheld or jammed in the ATM, you can report it by calling our 444 88 88 and 0850 222 77 77 Fibabanka Telephone Banking. Our bank will ensure that the necessary measures are taken quickly.
  • When conducting transactions at the ATM, enter your card password in a way that no one can see and close the key panel with your other hand.

Money Trapping

Money trapping fraud is the method of trapping banknotes to the assembly placed in front of the lid of the ATM money dispensing chamber and to the assembly placed when the lid of the ATM money dispensing chamber is opened and the money inside is pushed out.

When the client leaves the ATM thinking that there is a malfunction in the ATM money transfer chamber, the banknotes attached to the assembly placed by the fradulent persons are seized.

How to ensure protection?

  • If you notice that there is an unusual situation in the ATM you are conducting transactions at, you can call our 444 88 88 and 0850 222 77 77 Fibabanka Telephone Banking. Our bank will ensure that the necessary measures are taken quickly.
  • If ATM does not allow money withdrawal after receiving your card in the withdrawal transaction, you can call our 444 88 88 and 0850 222 77 77 Fibabanka Telephone Banking to report the situation. Our bank will ensure that the necessary measures are taken quickly.

C. Risks about using Electronic Banking Services

We offer solutions facilitating financial life of our clients via Mobile, Internet, Telephone or ATM Banking channels and we allow them to receive financial services and enjoy cost advantages without visiting a bank branch. However, unfortunately, these facilitating solutions lead to certain risks when necessary measures are not taken. It should be noted that defrauders are persons who would use any vulnerability caused by the use of Internet and Mobile Banking services by our clients, for their own interests without hesitating. Methods used for this purpose and measures that should be taken for protecting our clients from these risks are explained below.

Risks that may be caused by our Mobile, Internet, Telephone or ATM Banking channels can be summarized as follows:

  • Financial loss
  • Effort that will be shown to remedy the loss
  • Permanent disclosure of information specific to client
  • Legal efforts
  • Loss of reputation

    D. Recommended Security Measures and Banking Security principles for Electronic Mobile Banking

    • Do not share your customer number, password, verification codes you use for access to Fibabanka Mobile and Internet Banking channels and transaction approvals, with any other person.
    • Do not share your credit card and debit card number, expiry date and security code (CVV2/CVC2) in the back of your card and passwords with any other person.
    • Change your passwords on regular basis.
    • Do not allow any other person to use your device when you are connected to Fibabanka Mobile and Internet Banking channels.
    • End session by clicking ‘Logout’ after completing your transaction.
    • Check the date and time of the last transaction using “Last Successful Login” when you access Fibabanka Mobile and Internet Banking channels and check whether any third person uses your accounts or not. Report any unauthorized access to our Bank.
    • Do not use public computers for banking transactions. Various malicious software intended to size your account information and personal passwords may be present in public computers.
    • Search engines are used to access the internet site of our bank. Fraudulent websites may appear among results of search engines. Therefore, access by typing www.fibabanka.com.tr in the internet address bar.
    • Please pay attention to not using web pages specified in electronic mails or in any other environment. Do not access to Fibabanka Internet Banking through links provided in other pages.
    • In case of any doubtful situation, problem or fraud case, you can report by visiting branches of our Banks or calling Fibabanka Telephone Banking at 444 88 88 and 0850 222 77 77. Our bank will ensure that necessary measures are taken immediately.
    • In case you become victim of a fraud act, please file a complaint to the nearest Public Prosecutor’s Office.
    • An SMS is sent to your mobile phone number registered in our Bank and information is provided about the transaction in each case of debiting financial transaction performed using our Mobile and Internet Banking channels. You can report any SMS information you did not prompt by visiting our branches or calling Fibabanka Telephone Banking providing services 24/7, at 444 88 88 and 0850 222 77 77.
    • You can define extra security measures over our Internet Banking channel and make changes as required. You can perform the following updates in “Security” menu after logging into the Internet Banking.

    o Change Password

    o Restrict Access from Foreign Countries

    o Management of Authorization and Limit about Transactions: You can reduce transaction limit and daily limits to the minimum amounts of the Bank for transactions performed using Internet Banking (e.g., transfer to another account, EFT and SWIFT). You can prevent performance of a specific transaction by reducing this limit to the minimum level for transaction sets you would like to prohibit.

    o Information Messages: You can procure an SMS to your registered mobile phone number and/or an information e-mail to your registered e-mail address subject to minimum limits of the bank for transactions specified in the notifications list.

    o Date/Time Restriction: This application allows your transactions to be performed in Internet and Mobile Banking channels on the date and time specified by you.

    o IP Access Restriction: IP restriction option gives access permission to Internet and Mobile Banking channels through connections made from the IP or IP ranges specified by you.

    • Browser Support: All visitors and clients with browsers such as Microsoft Edge, Google Chrome 69 and higher, Mozilla Firefox 62 and higher and Safari 10 and higher can use services we offer through our internet site without encountering any problem.
    • Device Support: Our clients using mobile operating system such as iOS 11 and above, Android 5 and above can use our services offered through Fibabanka Mobile Banking application without encountering any problem.
    • Our Bank formed a Digital Security Unit. Internationally accepted software is used to detect risky transactions within the scope of electronic banking transactions and transactions are monitored 24/7 with adequate number of staff members.
    • Information Security Unit provides services for the purpose of ensuring information security in our bank.
    • Only authorized staff members can access to personal data of clients stored in Fibabanka. Audit trails are created for access to sensitive and critical data.
    • Fibabanka uses state-of-the-art security technologies for effective protection of clients and their data against cyber threats in accordance with its responsibilities described under Banking Law and other applicable legislation.
    • Measures taken are regularly evaluated through risks assessments that are compulsory under the applicable law and regulations. As a minimum, measures taken are evaluated through tests defined within the scope of the applicable legislative provisions. Thus, reasonable level of protection is ensured in connection with sensitive and critical data stored in our Bank.
    • Technical infrastructure of the Internet Banking and Mobile Banking channels are inspected through risk assessments performed regularly and improvement actions are taken as required. Having a redundant system architecture aimed at ensuring business continuity, our Telephone and Internet/ Mobile Banking channels are designed to provide services from two different locations in case of interruption.
    • Necessary security equipment is used in our ATMs to prevent card copy and card Trapping attacks.
    • Security Infrastructure

    o Joint solutions have been developed with the leading technology companies in the world and the most secure internet technologies are used in order to keep security of banking transactions performed in Fibabanka Internet and Mobile Banking channels at the highest level.

    o Information you use for login to Fibabanka Internet and Mobile Banking channels is protected with 256-bit SSL encryption as a minimum during information transfer to our Bank; thus, access of any 3rd person to such information is prevented. SSL is an encryption technology applied by the newest internet browsers for access to the internet. You check security status of your connection via SSL.

    • Transaction Time: Your session will be automatically ended for your own security if you are not active for 570 seconds after access to Fibabanka Internet and Mobile Banking channels. You will be required to enter your client number (or T.R. identification number) and password for accessing again. Thus, the system will prevent any other person to perform any transaction even if you leave your computer unattended. Security level has been increased by limiting access duration of passwords for single use with 3 minutes.
    • Two-Level Identity Verification: The following identity verification methods should be used simultaneously in order to ensure secure financial transactions over the Internet/ Mobile Banking channels and protect your personal information in accordance with banking legislations.

    o Known factor (e.g.: password and pin number)

    o Owned factor (e.g.: mobile phone)

    Our system design requires two identity verification methods as a minimum for identity verification. (Known factor and owned factor)

    Our Bank ensures higher level of security in Mobile Banking channel with application that features devices recognition and allows customer verification through a secure channel. Our clients with a mobile device with Fibabanka Mobile application give transaction approval through this application instead of using the approval password sent via SMS in case of Internet Banking transactions. Transaction approval should be given within 60 seconds.

    • Security Picture: Security picture selection procedure is applied during the first use of our Internet or Mobile Banking channels. Upon selection of security picture, this picture should be checked to ensure that Fibabanka Internet Banking or Mobile Banking application is used for further access.

    E. Responsibilities of Clients

    • Customer is obliged to fulfil the following responsibilities for secure electronic banking service:

      • Ensuring physical security of the device used to connect to the Internet or Mobile Banking; using up-to-date anti-virus software and firewall applications in the device; avoiding the use of copied or unlicensed software in these devices and keeping operating systems up to date.
      • Avoiding the performance of Internet Banking transactions in devices that are open to public use or access of others.
      • Ensuring security of personal data, debit and credit card information and passwords, Internet Banking, Mobile Banking, Telephone Banking passwords and user information and refraining from sharing such information with any other person including family members.
      • For access to the Internet Banking, do not make a search using the internet browser and access to the internet site of our bank by typing the address www.fibabanka.com.tr in address bar.
      • Reading general security information provided by our bank and acting in accordance with the information provided.
      • If required, using security settings (such as changing the limit of money transfer) we offer under “Security” menu in the Internet Banking channel of our Bank.
      • Reading and complying with the information and warning messages sent by our bank.
      • Checking the last access and erroneous access information shown to you when you access to the Internet Banking channel and report any unknown access or attempted access to our Bank.
      • Not sharing card information and passwords with third parties, not keeping them in their wallets or mobile devices in writing.
      • Entering the card password in a way that no one can see while trading in the ATM and closing the key panel with the other hand.
      • Disregarding calls from numbers other than 444 88 88 and 0850 222 77 77.
      • When you want to reach our Fibabanka Telephone Banking from other people's phones or public phones, you dial the number and make sure that the number is correct.
      • In case of any doubtful situation, notifying our branches or Fibabanka Telephone Banking at 444 88 88 and 0850 222 77 77 immediately.
      • In case of any fraud, filing a complaint to the nearest prosecutor’s office.

    F. Rights of Clients

      • You can close your electronic banking channels any time by visiting our branches or calling Fibabanka Telephone Banking at 444 88 88 and 0850 222 77 77.
      • You can close your accounts temporarily or permanently for preventing any transaction that may be performed in your accounts held at our Bank.
      • You can update client identification details and contact information held by our Bank.
      • If required, using security settings (such as changing the limit of money transfer) we offer under “Security” menu in the Internet Banking channel of our Bank.
      • You can change your credit card, debit card, Internet Banking, Mobile Banking and Telephone Banking passwords. You can close credit card and debit card to online shopping, mail order and telephone order and request for renewal of your card.
      • You can ask our Bank to check your account activities.
      • Our Bank is not entitled to activate any electronic banking service without your application. If your access to any electronic banking service is closed or requested to be closed, the relevant service cannot be activated without your application.