STATE BANK OF INDIA

Internet banking services have made enormous strides over the past few years and have become increasingly popular. The introduction of Two-factor Authentication for conducting high-risk retail Internet banking transactions in mid-2005 was an important milestone significantly improving the security of Internet banking. To continue enjoying the convenience of Internet banking services, all you need to do is take a few simple safety precautions when using these services.
TWO-FACTOR AUTHENTICATION MEANS STRONGER SECURITY Two-factor Authentication protects you from Internet banking fraud. It uses two elements to verify a users identity: THE BENEFITS OF USING TWO-FACTOR AUTHENTICATION Protection for high-risk transactions All high-risk Internet banking transactions (such as fund transfers to non-designated accounts) are protected by an additional authentication factor that is physically held by you alone. Much more security Computer hackers cannot steal something you have physically by way of the Internet.

Password creation and maintenance

Use safe passwords that are: different from your user IDs easy to remember only by yourself difficult to guess a combination of letters and numbers of at least 6 characters. Never disclose your online passwords to anyone (including bank staff and the police) and do not record them anywhere. Contact your bank immediately if you believe your passwords have been compromised. Do not use the same password for other online services, e.g. e-mail or Internet access, or for other Internet banking accounts. Change your passwords regularly.

Disable your browsers AutoComplete function that remembers the data (including your online passwords) that you input. Refer to your browsers Help function for details. Your device for two-factor authentication, the security token, is now a crucial part of your personal identifier. Never leave it unattended or lend it to anyone. Enter your user-id password only in the space provided for- that you are normally used to. Any changes observed in the screen appearance from normal appearance, please make sure there is no attempt to steal your personal information before providing it. Do not provide user id passwords on any page popping up by clicking on a hyperlink received through email. Better practice would be to log into the service by typing in the URL in the address bar after making sure the page opening up is from the genuine service provider. Do not store passwords in a file on ANY computer system (including MIDs, I Pads, Palm Pilots or similar devices) without encryption. Change passwords at least once every 90 (ninety) days. Unique Characters: An acceptable password must have at least five (5) different characters. Repeated characters can make for palindromes and make it easier to crack. Character Types: An acceptable password must have characters from at least three (3) different character types -- upper case, lower case, digits, punctuation, etc. A password that includes a sample from a rich character set is difficult to crack. Long Alpha Sequences: An acceptable password must not have an alphabetic sequence any longer than three (3) characters. Long Digit Sequences: An acceptable password must not have a digit sequence any longer than two (2) characters. Forbidden Characters: There are a few characters that will cause problems if used in a password the "delete" character is one of the obvious ones. Passwords should not be any of the following: o Dictionary words (including foreign and technical dictionaries) o Name of a person or a thing, a place, a proper noun, a phone number or a vehicle number o Simple pattern of letters on keyboards o Any of the above reversed or concatenated

One possible method for picking a good password is to make up your own acronym. Do not let your computer remember your password. Do not accept auto complete option provided by your computer/ browser. As far as possible do not use un-trusted system to access sensitive service. If you must, change the password on the first occasion immediately thereafter from a trusted system.

Hardware Token Maintenance

Never store your token with your login name or password. Never provide personal banking information over the internet or phone if prompted by an email or website. Always check your statements for unusual or suspicious transactions. Avoid using public computers (internet cafes, libraries etc.) to access internet banking. Dont access iBank via links in other websites. Always log out of iBank when you have finished. Dont leave your session unattended because others can access your personal information or change your access code without your knowledge. A security token is devices that enable you authenticate yourself electronically during Internet banking transactions. A Security token adds a second layer of security, giving you more protection. If you are using Internet banking security token, a fraudster will also require your security token in addition to your PIN to access your Internet banking site. That means that once you keep your security token safe from prying eyes, your Internet banking account will be safe from most threats. An Internet banking Security token will also enable you handle more of your banking needs online. So get one from your bank, it does not cost much.

FAQs :What is a security token? A security token is a small electronic device that generates a onetime password, entered when high risk transaction is undertaken over the Internet Banking. It provides an extra layer of security of your details to help counteract fraudulent internet attacks. What is a one-time password? A one-time password is a 6-digit number generated by pressing the grey button on a security token. Who can request a security token? All customers who are registered for Internet Banking can request a security token. How much does a security token cost? The security token will be at no cost to members at initial request, however a charge for any replacement security tokens will apply. Will a security token work on my computer? Yes. As there is no physical or wireless connectivity required between the security token and your computer you will not require any additional equipment or software. How do I request and activate a security token? A security token can only be requested through your bank branch where the terms and conditions of token use must be accepted.

Do I have to use my security token every time I log into PCU Internet Banking? No. A onetime security token password will be required when a Member performs one of the following actions: Transfer of money to a third party. Add new Third Party Beneficiary.

What if I enter an incorrect one time password? Wait 30 seconds and press the grey button on the security token again to generate a new one time password. What should I do if my security token is lost, damaged or stolen? Contact your bank branch. A charge for a replacement security token will apply. Can I use my security token anywhere? A security token can be used wherever you can log into Internet Banking. This includes overseas and in remote areas. Can I cancel my security token after activation? Although State Bank of India does not recommend cancelling your security token, you can do so at any time by calling your bank branch. Who can help me with a security token? Call us on between 10am to 5pm Monday to Friday or email