• Information security
      is defined as providing the following basic principles:
      • Confidentiality
        Information is only available to those who have authorized access thereto.
      • Integrity
        Protection of information accuracy and consistency and of the processing methods.
      • Аvailability
        Authorized users have access to the information and other accompanying items necessary for its presentation in case of business need.
      • Non-Repudiation
        Confirmation and undeniability of activities related to the access and use of information.
      • Accountability
        Activities related to the use and access to information may be uniquely noticed and recorded.
    • ISO - Information Security Officer
      is primarily responsible for effective and efficient functioning of the information security process.
    • Information Security Policy
      is the main initial document defining the acceptable level of security and providing general guidelines and strategic goals of the information security process.
    • Physical security controls
      serves for securing adequate physical security of information and information devices (servers, network devices). An example of a physical security control is the use of uninterruptible power devices (UPS ), security service, sensors and alarms and similar physical access control and information system protection measures of the Bank.
    • Technical controls
      are controls fitted into the information devices or application software, network-communication equipment and accompanying devices. Technical controls are also called logical controls.
    • Administrative controls
      include establishing procedures, instructions, strategies and security policies that give the employees access to the information system the necessary authorization to perform their business processes and clear picture of the activities in terms of ensuring more reliable information system.
    • Windows Domain
      a network of Windows personal computers grouped into a single unit.
    • Firewall
      a part of the computer system or computer network intended to block unauthorized access, and to approve authorized communications. It is a device or a group of devices, configured to approve or deny network transfers based on a set of rules and other criteria.
    • Phishing
      is a term used to assimilate the identity of a legitimate organization or network site using counterfeit email, or email and/or webpage to persuade the users to share their usernames, password and personal data (name, credit card numbers, ID numbers or social security numbers) in order to be abused. This is also called identity theft. In case of phishing attacks, social engineering and technical tricks are used to steal personal and financial data of the user. An email is usually used to prompt the customers to visit false networking sites simulating appearance of legitimate brands such as banks and e-tailing companies or credit cards. Similar is the result when fraud is performed through chat systems.
    • Social engineering
      usually means art of manipulating people performing activities or disclosing confidential information. Although it is similar to deception of trust or simple fraud, the term usually refers to counterfeit or fraud for the purpose of gathering information, deception or access to a computer system; in most cases the attacker never comes face-to-face with the victims. “Social engineering” as an action of psychological manipulation was popularized by Kevin Mitnick, computer security consultant and hacker. The term was previously connected with social sciences; its use was however dispersed among computer professionals.
    • Email spam
      is a type of spam (unsolicited commercials) relating to sending almost identical messages to numerous users via email. Spam is considered an email not requested by the receivers and sent in an identical form to many recipients.
    • Identity theft
      is a deliberate use of someone else’s identity without their knowledge and permission. The perpetrator must get access to your personal data or steal your identification documents irrelevant if they are in a paper form (ID card, travel document) or digital IDs to identify your identity such as your username and password, list or device for generating one-time codes, your digital certificate stored on a PC, CD, or security token, the PIN to access the digital certificate and etc. Identity fraud is unauthorized use or misuse of a stolen identity in criminal activities, ultimate purpose of which is illegal gain of proceeds, services or funds.
Computer viruses
    are harmful and undesirable programs which “enter” the users’ computers without their knowledge and will. There are various ways that these malicious programs (viruses) “infect” your computer, primarily due to the dramatic increase in the Internet popularity. The damage done by some of the viruses is quite trivial such as messages and pictures displayed on your screen, but it can be huge, for example, deleting data or system configuration files, encrypting (unavailability of) documents and etc. There are various types of viruses or malicious programs:
    • Virus is a program that, when executed, replicates itself in executable files. Viruses may be spread through CDs and DVDs or via networks (local or internet).
    • Worm is a standalone malware program solely spread via the network. New worms also spread via email and are capable of infecting thousands of computers in few minutes. They also rely on failures of the operating system in order to record the harmful program.
    • Trojan is a malicious program that does not spread via network, but is located in an executable file. Trojans mislead users of its true intent pretending to be a useful program, while deleting files in the background to send your passwords to their creator.
    • Spyware is a harmful program running background without the user’s knowledge, and aims to gather the following information: bank account password, search history, installed programs, social network passwords and etc.
    • Adwareis a program installed alongside another program and aims to show adds and pop-ups, change the browser’s homepage and etc.
    • Keylogger is a program running background without your knowledge. This program aims to record the keys struck on a keyboard and send them to the hacker. These programs usually accompany Trojans or worms.
  • PIN is abbreviation for Personal Identity Code
    This number in card operations serves for confirmation of your transactions when withdrawing money from ATMs or trade of so-called POS terminals. This number has to be protected against unauthorized access and known to you only.
  • Card Verification Value
    is a three-digit number printed in the signature section on the back of the card. CVV is a security feature when making transactions for debit and credit cards used to check whether a valid card is used when making transactions on the Internet.
  • TCP/IP Transmission Control Protocol/Internet Protocol
    is a basic communication protocol for interconnection of computers (and devices in general) on the Internet. It can be also used as a communication protocol in private networks (LAN).
  • Internet Of Things
    essentially means the ability of a device to instantly connect to the Internet or other device so that it can share information, starting from devices such as our smart phones to the coffee machine or the lamp in our home.
  • Cloud computing
    is a locally independent operation where shared servers allow resources, software and data on computers or other devices when requested, similar to power supply.
  • Business continuity plan - BCP
    is a document with defined set of procedures and/or processes describing how business processes and operations are supported and restored in case of significant disruption.
  • Disaster recovery plan - DRP
    is a document with defined set of procedures and/or processes for restoration of processing critical applications and systems in case of huge hardware and software breakdown or processor outage.
  • ISO/IEC 27001 / BS 7799-1:1999 Code of practice for information security management
    published by the International Organization for Standardization (ISO), as an international standard arising from the British National Standard – BS 7799. Guideline or framework with recommendations for implementation and management of risks and controls within the information systems.

Take measures for protection against fraud

Reduce the risk against frauds and abuse of your identity. Find the right tools and programs on your computer, but still raise your awareness.

If you perceive a suspicious activity or unauthorized access to your computer, please report it to the following link or call the Contact Center on 02/3200 600.