The Cooperative Bank of Chania is particularly sensitive when it comes to security of information and communications and constantly strives to offer maximum security with its digital services. Regarding the eBanking services, the Cooperative Bank of Chania adopts up-to-date methods to ensure transactions security, data protection and proofing of communications from malicious acts.
Access credentials (Personal Codes)
In order to use the eBanking services, every user is required to provide personal credentials (“Username” and “Password”), which they know personally and chooses on their own. The Bank urges and obliges automatically the user on a regular basis (3 – 6 – 12 months) to change their password.
In Chaniabank Mobile App it is possible to log in using biometric data (Touch ID/Face ID) and/or a 4-digit PIN code.
The Bank applies encryption (Transport Layer Security TLS) of the data exchanged to every transaction.
Access and Communications Control
The Bank has specialized latest-generation security systems for controlling and registering all accesses and for preventing any non-authorized access or malicious act upon its systems.
Strong Customer Identification
In order to increase transactions security, the Cooperative Bank of Chania applied to its eBanking service Strong Customer Identification methods where the use of an additional OTP confirmation code is required. OTP is a 6-digit one-time password sent via Viber or text message to the mobile number the user specified when registered with the eBanking serice.
The OTP code is unique and time-limited and is generated each time the user wishes to execute a transaction. The combination of OTP with the username and the password offers increased security to users.
Alternatively, for the approval of transactions carried out through the service environment (browser use) it can be selected by the use of ChaniaBank Mobile App to send a Push Notification to his mobile device.
Additional Transaction Authentication
In order to further enhance the security of transactions, an additional authentication mechanism has been implemented, introducing a third level of security for selected transactions made through the eBanking service (website or Mobile App).
The additional identification is carried out:
- by entering a unique one-time password (OTP) which the user will receive in the email associated with the eBanking service or
- by selecting one of the active debit or credit cards that the user holds with our Bank and has linked to the eBanking service, entering 2 of the 4 digits of its PIN.
The transaction is completed with the successful completion of one of the above options.
The additional transaction authentication mechanism is applied in addition to the requirements for Strong Customer Authentication in accordance with the provisions of Law 4537/2018, which incorporates the European directive on payment services (PSD 2) into Greek legislation.
If while using the system the user stays inactive for 10 minutes, the connection is automatically terminated (“Idle Timeout”).
- Choose passwords that include a combination of lowercase letters (a-z), uppercase letters (A – Z), number digits (0 – 9) and special characters (e.g. !, @, %, & etc.)
- Make sure to keep your passwords safe so that interception is not possible
- Change on a regular basis your passwords (e.g. every 3 months)
- Set different passwords per service and do not use the same ones but always choose new or variations of older passwords
- The Bank will never ask you for your security codes in any way (e.g. via phone, e-mail, text message or any other way). Your codes are personal, and you must not disclose them to anyone.
Computers are targeted by malicious third parties that try to install to your computer and intercept important information. This information may be either personal info or access passwords to emails, banking systems (eBanking) etc. Therefore, you need to take extra care in proofing the computer you use to access systems that contain sensitive for your information. Some of the measure you can take are:
- Shield your computer with security software, such as Antivirus, Firewalls etc.
- Run regular scanning with antimalware systems in order to ensure maximum security
- Update regularly your computer with the latest versions and security patches of the operating system, the anti-malware programs, the browsers that you use as well as the applications that you may use to execute banking transactions (e.g. Viber)
- Always keep your security codes safe and protected
- Avoid using your computer in public networks (e.g. hotels, cafés etc.) or at least don’t access systems and applications that contain sensitive data when using public networks
- Avoid using public computers or those belonging to third parties (e.g. hotels, your friends)
- Avoid installing programs you don’t know how to use or come from non-trustworthy sources. You must be especially careful with emails that prompts you to follow a link or install any program
- Always check authenticity of the websites that prompt you to enter connection info (username and data)
When using Automated Teller Machines (ATMs), you can take certain measures that ensure your transaction are secure, such as:
- Do not trust anyone offering to assist you with the use of your card
- Make sure no suspicious accessory is attached either on the keyboard or on the card slot or any spot that can affect your transaction. If you notice anything suspicious, contact the Bank immediately.
- Do not write your secret code (PIN) on your card
- Protect your PIN when typing with the palm of the other hand, so no one can see the digits you press
- Change regularly your PIN
- Do not replace your PIN with an easily predictable one (e.g. your birth date).
- When the transaction is completed, make sure you collect the card and the receipt of your transaction
Fraud concerning telephone calls for 'alleged' computer failure (technical support scams)
We inform the public of a new typology of fraud recently emerged, which uses the method of repairing an alleged computer failure or providing technical support scams. Fraudsters usually call unsuspecting citizens from abroad and impersonate technicians representing a large IT company. The telephone conversation is frequently conducted in English. On the pretext that their computer and/or mobile device is “infected” by malware, they ask citizens to install remote access software, in order to supposedly repair – fix the problem.
These applications, once installed, allow the fraudsters to gain full control over the electronic devices of unsuspecting citizens, whom they deceive in order to detach their personal access codes for e-banking (user name, password, etc.), as well as One-Time-Password/OPT they receive. Then, fraudsters transfer money from their victims’ e-banking accounts to bank accounts controlled by themselves or their accomplices.
Banks are not able to know whether one of their e-banking customers has fall victim of such deception and cannot take any action for preventing and deterring such malicious acts. For this reason, banks inform the public accordingly, since awareness and cooperation of all parties involved is the best way to deter and prevent electronic fraud, especially now, when the use of electronic services has significantly increased worldwide due to the pandemic crisis. Aspiring fraudsters are trying to take advantage of this special circumstance, and the only way to stop them is to act proactively.
Useful Tips, What can I do?
- If you receive a phone call from an unknown caller/number, especially from abroad, who claims to represent any IT company, without having previously reported a fault in your computer, immediately disrupt the call
- Never install any remote management software proposed by unknown callers/strangers
- Do not disclose to third parties, for any reason, your personal codes (e-banking passwords, OTPs you receive etc.) as well as your personal and financial information
- If you have fell victim of such fraud and discovered transactions effected without your approval, please inform your bank.