CitiDirect Online Banking

CitiDirect Online Banking
Security,
requirements
and configuration
CitiService
CitiDirect Helpdesk
Tel. 0 801-343-978, +48 (22) 690-15-21
Monday to Friday 8:00 a.m. – 5:00 p.m.
[email protected]
Table of Contents
TABLE OF CONTEN TS .........................................................................................................................................................................................2
1.
SECURITY .....................................................................................................................................................................................................3
2.
TECHNICAL REQUIREMEN TS ...................................................................................................................................................................5
2.1
2.2
2.3
2.4
2.5
2.6
OPERATING SYSTEMS ............................................................................................................................................................................. 5
INTERNET BROWSERS .............................................................................................................................................................................. 5
JAVA SOFTWARE..................................................................................................................................................................................... 6
ADOBE READER ...................................................................................................................................................................................... 6
N ETWORK /INTERNET ACCESS ................................................................................................................................................................ 6
SYSTEM INSTALLATION AND UPDATES ..................................................................................................................................................... 6
3. CONFIGURATION ...........................................................................................................................................................................................7
3.1 INTERNET EXPLORER ..................................................................................................................................................................................... 7
3.2 JAVA SUN ..................................................................................................................................................................................................... 9
2
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.
1. Security
One of the most important goals in the CitiDirect development is to secure your information while
connecting to the Bank. System uses the most recent security methods available, ensuring
confidentiality in the process of creating, sending and browsing transactions.
CitiDirect uses a following four-level security system:
1. User identification and verification.
2. Authorization levels.
3. Data encryption.
4. Monitoring and alarming.
1. User identification and verification
Access to CitiDirect system is limited to strictly defined Users, who log in to the system using SafeWord
card (so-called token). SafeWord card generates unique and one-use passwords, which eliminates the
risk of getting access to the system by stealing or breaking the password. Additionally SafeWord card
itself is protected by 4-digit PIN known only to the card holder.
2. Authorization levels
User permissions are controlled by their access profiles, which define a specific authorization level to
CitiDirect options. Profiles are created by system administrators or by Citi Handlowy on your written
request and determine: access to specified accounts, types of transactions, the amount of a single
payment, schemes and authorization limits, etc.
3. Data encryption
Connection between the User and the Bank is encrypted in order to prevent intruders from getting
access to data. The encryption protocol (TLS) ensures privacy and reliability. 128-bit encryption required
from financial institution is enabled by a special digital certificate VeriSign. Thank to this CitiDirect
system establishes a secure connection, granting access to encrypted data only to authorized Users. TLS
also protects cohesion of the data sent in secure, encrypted connection thank to the Message
Authentication Code (MAC) MAC detects if data was not changed in the process of transmission.
4. Monitoring and alarming
Discrete and non-absorbing control and alarm mechanisms are a very important element in CitiDirect
security structure. It allows quick detection and identification of unauthorized attempts to access the
system. All events are reported to the 24-hour monitoring system which allows immediate investigation
and problem solution.
3
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.
Irrespectively of implemented security measures User must be aware of dangers that may occur in the
Internet and follow the rules listed below:
1. Before logging, make sure that you are on the proper safe program website. In the browser
window, on the status bar, down on the right side there must be a closed lock indicating that the
connection is encrypted. The website address should begin with “https”.
2. CitiDirect website uses certificate protection. Never ignore browser warnings about errors,
particularly certificate errors. If you state a certificate error, report this fact to the Bank
immediately.
3. SafeWord card – one-time password generator – makes CitiDirect resistant to attempts to steal
password. Make sure to always carry it with you, memorize its PIN number and do not record it
anywhere. All actions performed in CitiDirect are being registered. Each operation performed
with your card will be treated as yours. If you decide to share PIN number and card with a third
person, you do this on your own responsibility. If you lose your card, report to the Bank
immediately.
4. System automatically blocks the access after 15 minutes of inactivity and forces to log back in.
However, you should never leave the program opened longer than necessary. Log out right after
finishing your work or when you are going away from the computer even for a short while. Do
not create an opportunity for unauthorized persons to use – even for a few seconds – the session
you opened.
5. Care about security of your computer. Install system updates as soon as they become available.
Use antivirus programs and software that protects your computer from external attacks. Do not
install programs of unknown origin.
Any damages caused by not following the above rules are the sole responsibility of the USER.
Not logging to CitiDirect for over a year will result in removing SafeWord card from the system
permanently and its replacement will be necessary.
4
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.
2. Technical Requirements
2.1 Operating Systems
Windows® operating systems:
CitiDirect Online Banking is certified to operate on the Microsoft Operating Systems listed below
excluding versions indicated.
•
Windows® Vista
Excluding: Arabic OS
•
Windows® 7
Excluding: Arabic OS
•
Windows® 8
Excluding: Arabic OS
Apple® Mac operating systems
•
Version 10.5 up to 10.7.2
Note: Lion operating system does not provide a Java runtime by default. In order to download
Java, please click here.
•
Version 10.7.3 and higher
Note: In order to download Java, please click here.
2.2 Internet browsers
Internet Explorer 8.0 (Windows Vista)
Internet Explorer 8.0 (Windows 7)
Internet Explorer 9.0 (Windows Vista)
Internet Explorer 9.0 (Windows 7)
Internet Explorer 10.0 (Windows 7)
Internet Explorer 10.0 (Windows 8)
Internet Explorer 11.0 (Windows 7)
Internet Explorer 11.0 (Windows 8.1)
Safari: version 4.0.5 and higher
5
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.
2.3 Java software
CitiDirect supports the following versions of Java:
•
•
•
Java 6 (27 through update 45).
Java 7 (through update 60). Note that updates 21, 23 and 25 may alert the User that CitiDirect is
not secure. CitiDirect is secure and Users can ignore this alert.
Java 8 (through update 25).
Note: We recommend that all Users still using Java 6 upgrade to Java 7.
2.4 Adobe Reader
Adobe Reader is used to view reports generated in CitiDirect in PDF format. CitiDirect supports the
following versions of Adobe Reader:
•
Version 9.0 or higher
Note: Adobe ended support for Acrobat 8.x in November of 2011 and earlier versions are no longer
supported by Adobe.
2.5 Network /Internet Access
-
Transfer to/from external network (for a single station) min. 128 kbs, we recommend 512 kbs
Opened ports http (80) and https (443)
No scanning, blocking, or caching Java and Active X applets from: https://portal.citidirect.com
Enabled TLS protocol in browser and Java settings – Details >>
2.6 System installation and updates
CitiDirect works on Java Sun platform and installs or updates itself when logging. On Windows User
account, on which CitiDirect will run, the Java platform access and full access do java cache folders shall
be ensured.
6
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.
3. Configuration
3.1 Internet Explorer
CitiDirect works correctly with internet options default settings.
To optimize performance we recommend using the below settings:
Run the web browser and go to Tools  Internet options…
Security tab
In the zone select window click
Trusted sites. Most likely security
level for this zone will be set as
custom. Reset settings by clicking
Default level button and move the
slide bar all the way down to set the
lowest security level – Low.
7
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.
Open the trusted sites list by clicking
the Sites button and add CitiDirect
system site address:
https://portal.citidirect.com
Privacy tab:
Settings section determines whether
the web browser remembers the User
created on the login page. Default level
– Medium – or lower should be
selected here.
8
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.
Advanced tab:
We recommend using default settings.
If you are not sure if settings are
default, click Restore advanced
settings button and Apply.
3.2 Java Sun
From Windows START menu, select Control Panel and double-click the JAVA icon.
General tab
Settings affecting
CitiDirect are located in
Network Settings and
Temporary Internet Files
sections.
9
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.
Network Settings
Chose the option Use
browser settings.
Temporary Internet Files
Keep temporary files on my
computer – this option has to
be checked.
Location – Windows User
needs to have full access to the
folder indicated here.
The compression level has to
be set as None.
The amount of free space on
hard drive should be at least
250 MB. Default setting – 1000
MB.
10
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.
Update tab:
We recommend turning the
automatic updates off. In
order to do that, uncheck
the Check for updates
Automatically option.
Niniejszy materiał został wydany jedynie w celach informacyjnych i nie stanow i oferty w rozumieniu art. 66 Kodeksu Cyw ilnego.
Bank Handlowy w Warszawie S.A. z siedzibą w Warszawie, ul. Senatorska 16, 00-923 Warszawa, zarejestrowany w rejestrze przedsiębiorców
Krajowego Rejestru Sądowego przez Sąd Rejonowy dla m.st. Warszawy w Warszawie, XII Wydział Gospodarczy Krajowego Rejestru Sądowego, pod
nr. KRS 000 000 1538; NIP 526-030-02-91; wysokość kapitału zakładowego wynosi 522.638.400 złotych, kapitał został w pełni opłacony.
Citi Handlowy, CitiDirect Online Banking oraz CitiDirect EB są zastrzeżonymi znakami towarowym należącym do podmiotów z grupy Citigroup Inc.
11
www.citihandlowy.pl
Bank Handlowy w Warszawie S.A.