The Cooperative Bank of Chania is particularly sensitive when it comes to security of information and communications and constantly strives to offer maximum security with its digital services. Regarding the eBanking services, the Cooperative Bank of Chania adopts up-to-date methods to ensure transactions security, data protection and proofing of communications from malicious acts.
Access credentials (Personal Codes)
In order to use the eBanking services, every user is required to provide personal credentials (“Username” and “Password”), which they know personally and chooses on their own. The Bank urges and obliges automatically the user on a regular basis (3 – 6 – 12 months) to change their password.
In Chaniabank Mobile App it is possible to log in using biometric data (Touch ID/Face ID) and/or a 4-digit PIN code.
The Bank applies encryption (Transport Layer Security TLS) of the data exchanged to every transaction.
Access and Communications Control
The Bank has specialized latest-generation security systems for controlling and registering all accesses and for preventing any non-authorized access or malicious act upon its systems.
Strong Customer Identification
In order to increase transactions security, the Cooperative Bank of Chania applied to its eBanking service Strong Customer Identification methods where the use of an additional OTP confirmation code is required. OTP is a 6-digit one-time password sent via Viber or text message to the mobile number the user specified when registered with the eBanking serice.
The OTP code is unique and time-limited and is generated each time the user wishes to execute a transaction. The combination of OTP with the username and the password offers increased security to users.
Alternatively, for the approval of transactions carried out through the service environment (browser use) it can be selected by the use of ChaniaBank Mobile App to send a Push Notification to his mobile device.
If while using the system the user stays inactive for 10 minutes, the connection is automatically terminated (“Idle Timeout”).
- Choose passwords that include a combination of lowercase letters (a-z), uppercase letters (A – Z), number digits (0 – 9) and special characters (e.g. !, @, %, & etc.)
- Make sure to keep your passwords safe so that interception is not possible
- Change on a regular basis your passwords (e.g. every 3 months)
- Set different passwords per service and do not use the same ones but always choose new or variations of older passwords
- The Bank will never ask you for your security codes in any way (e.g. via phone, e-mail, text message or any other way). Your codes are personal, and you must not disclose them to anyone.
Computers are targeted by malicious third parties that try to install to your computer and intercept important information. This information may be either personal info or access passwords to emails, banking systems (eBanking) etc. Therefore, you need to take extra care in proofing the computer you use to access systems that contain sensitive for your information. Some of the measure you can take are:
- Shield your computer with security software, such as Antivirus, Firewalls etc.
- Run regular scanning with antimalware systems in order to ensure maximum security
- Update regularly your computer with the latest versions and security patches of the operating system, the anti-malware programs, the browsers that you use as well as the applications that you may use to execute banking transactions (e.g. Viber)
- Always keep your security codes safe and protected
- Avoid using your computer in public networks (e.g. hotels, cafés etc.) or at least don’t access systems and applications that contain sensitive data when using public networks
- Avoid using public computers or those belonging to third parties (e.g. hotels, your friends)
- Avoid installing programs you don’t know how to use or come from non-trustworthy sources. You must be especially careful with emails that prompts you to follow a link or install any program
Always check authenticity of the websites that prompt you to enter connection info (username and data)
- Αποφυγή χρήσης του υπολογιστή σας σε δημόσια δίκτυα (πχ ξενοδοχεία, καφετέριες κτλ.) ή τουλάχιστον κατά τη χρήση τους σε αυτά τα δίκτυα να μην εισέρχεστε σε εφαρμογές και συστήματα που περιέχουν προσωπικά δεδομένα σας.
- Αποφυγή εγκατάστασης προγραμμάτων που δεν γνωρίζετε τη χρήση τους ή προήλθαν από μη έμπιστες πηγές. Οπωσδήποτε πρέπει να είσαστε πάρα πολύ προσεκτικοί σε ηλεκτρονική αλληλογραφία που προτρέπει είτε να ακολουθήσετε ένα σύνδεσμο (link) είτε να εγκαταστήσετε οποιοδήποτε πρόγραμμα.
- Ελέγχετε πάντα την αυθεντικότητα των ιστοσελίδων που προτρέπει να εισάγετε τα στοιχεία σύνδεσής σας (όνομα χρήστη και κωδικό)
When using Automated Teller Machines (ATMs), you can take certain measures that ensure your transaction are secure, such as:
- Do not trust anyone offering to assist you with the use of your card
- Make sure no suspicious accessory is attached either on the keyboard or on the card slot or any spot that can affect your transaction. If you notice anything suspicious, contact the Bank immediately.
- Do not write your secret code (PIN) on your card
- Protect your PIN when typing with the palm of the other hand, so no one can see the digits you press
- Change regularly your PIN
- Do not replace your PIN with an easily predictable one (e.g. your birth date).
- When the transaction is completed, make sure you collect the card and the receipt of your transaction
Information about the typology of fraud «SIMs. Swapping»
Using the mobile phone number as one of the main and basic elements for the strong and reliable identification of its holder / subscriber, is an international practice used by organizations, companies and the public for the services they offer.
Banks are no exception to this practice, as they use their customers’ mobile phone numbers as a means to send codes (OTP) which enhance the security of electronic transactions (capital transfers, card purchases, etc.), the sending of alerts for transactions that have been executed and their remote registration in new services.
What is form fraud? SIMs. Swapping;
First of all, SIM Replace is a completely legal service that mobile phone providers offer to their subscribers, so that the latter can keep their phone number in case of loss or theft of their device or due to the need to use a different one. SIM card size. By activating the new SIM card, the old card is automatically deactivated and mobile phone services (calls, SMS, Internet access) are now made by the new card that works with the same number.
In cases of SIM Swapping fraud, the perpetrators take advantage of the ability to change the SIM card and pretend to be either the SIM card holder or someone authorized by the legal subscriber, thus trying to deceive them. mobile phone providers and obtain a new card to replace the one held by the rightful owner.
Once the new card is activated, the old one, which is in the possession of the legal subscriber, is deactivated and so all services (calls, SMS, internet access) are received on the device in the possession of the deceived perpetrator, giving them the opportunity to carry out illegal activities. without the knowledge of legal subscribers. (e.g. receiving calls and messages intended for them, stealing single-use codes or security verification messages, etc.).
But how can the perpetrators replace the SIM card to get into my e–Banking?
Unauthorized replacement / exchange of the SIM card is usually the second part of the above illegal mode of operation. In the first part, the perpetrators have managed to steal the e-Banking codes usually through one phishing e-mail or through malware (trojan / malware) installed on the victim’s computer.
Useful Tips, What Can I Do?
- If your mobile phone stops working for unusual reasons, contact your mobile provider immediately. Sometimes you may lose your signal due to wider problems affecting your mobile phone service. However, if you lose the service in a position that is usually well covered, it is safer to contact your network provider and confirm that your SIM has not been deactivated.
- Do not disclose your mobile phone number in social media.
- Subscribe to the services of organizations that provide SMS and e-mail notifications when your transactions are performed.
- Never reply to unknown messages or calls asking you for your account details and your registered phone number.
- Do not follow website links and do not open attachments that you may receive from unknown email senders. Carefully check the sender as perpetrators often pretend to be legitimate businesses and organizations.
- Do not notify anyone and do not enter unknown websites, your e-banking codes (username and password) or card numbers. You confirm that you have visited the official site of your Bank and remember that banks will never and in no way ask you for your passwords.
- Your computer and your devices (tablet, smart phones) always have the latest operating and application updates. Install and always have a reliable malware protection program updated.
- Check the movements of your accounts frequently.
- If you have been a victim of SIM Swapping fraud or have found transactions that do not have your approval, notify your Bank immediately.
What measures do banks take?
Banks can’t know if a subscriber has been the victim of SIM Swapping, phishing or fraud infected with malware his computer and his passwords have been compromised.
Banks always aim to ensure electronic transactions in accordance with current technical and technological developments, global best practices in information security as well as applicable laws and regulations. In addition, much emphasis is placed on the user experience and speed of the services they provide to their Customers.
Electronic fraud is a broader problem and requires the cooperation of many parties involved to prevent or prevent it. Especially at this time, when the use of electronic services has increased significantly worldwide due to coronavirus, the perpetrators are trying to take advantage of the special conditions with increased attempts to steal data. The Hellenic Banking Association has set up a special Committee for the Prevention and Treatment of Fraud in the Media and Payment Systems with the aim of monitoring, processing and guiding in this area. The Commission coordinates the cooperation with Cybercrime Prosecution of the Greek Police, the Bank of Greece and cooperates systematically with other competent bodies in Greece and abroad.
Fraud concerning telephone calls for 'alleged' computer failure (technical support scams)
We inform the public of a new typology of fraud recently emerged, which uses the method of repairing an alleged computer failure or providing technical support scams. Fraudsters usually call unsuspecting citizens from abroad and impersonate technicians representing a large IT company. The telephone conversation is frequently conducted in English. On the pretext that their computer and/or mobile device is “infected” by malware, they ask citizens to install remote access software, in order to supposedly repair – fix the problem.
These applications, once installed, allow the fraudsters to gain full control over the electronic devices of unsuspecting citizens, whom they deceive in order to detach their personal access codes for e-banking (user name, password, etc.), as well as One-Time-Password/OPT they receive. Then, fraudsters transfer money from their victims’ e-banking accounts to bank accounts controlled by themselves or their accomplices.
Banks are not able to know whether one of their e-banking customers has fall victim of such deception and cannot take any action for preventing and deterring such malicious acts. For this reason, banks inform the public accordingly, since awareness and cooperation of all parties involved is the best way to deter and prevent electronic fraud, especially now, when the use of electronic services has significantly increased worldwide due to the pandemic crisis. Aspiring fraudsters are trying to take advantage of this special circumstance, and the only way to stop them is to act proactively.
Useful Tips, What can I do?
- If you receive a phone call from an unknown caller/number, especially from abroad, who claims to represent any IT company, without having previously reported a fault in your computer, immediately disrupt the call
- Never install any remote management software proposed by unknown callers/strangers
- Do not disclose to third parties, for any reason, your personal codes (e-banking passwords, OTPs you receive etc.) as well as your personal and financial information
- If you have fell victim of such fraud and discovered transactions effected without your approval, please inform your bank immediately