Basic information about security measures
The Internet is an open network available to everybody, and that is why it is necessary to think about the security of RBA iDIRET Internet banking. The technology on which the service is developed guarantees security based on:
- user identification
- data transfer protection
- authenticity of the RBA iDIREKT Internet banking server.
RBA iDIREKT Internet banking user identification enables the Bank to know exactly who is using the system. This identification method also enables the users to be certain that no other person other than themselves can conduct transactions or ask for an account statement.
To identify yourself to RBA as a user, you need a Token or an RBA SmartCard.
The token contains two pieces of information vital for identification:
- Token identification number (printed on the back and displayed for a short period of time on the token display during activation)
- One-time password.
The one-time password is a secret number displayed on the token after activation. Each time a token is activated, a new one-time password will be displayed, as it is valid only once (even if someone were to see or in any other way find out what a used one-time password is, they could not use it). The next one-time password is impossible to predict. The token is activated by means of a PIN (personal identification number), which is known only to the token user and which the user may change.
RBA SmartCard is a chip card that contains the following data:
- RBA certificate
- public and secret key of the certificate user.
The RBA certificate, along with a PIN that unlocks the card, identifies unequivocally the private individual using the card to access RBA iDIREKT Internet banking. The user uses his/her private key to sign every transaction ordered. This method of identification is known as PKI (public key infrastructure) and represents state of the art in the world technology of user authentication security.
RBA strives to protect the confidentiality of your data in standard banking, as well as during transactions performed by means of RBA iDIREKT Internet banking.
Data security during transfer between your computer and the Internet banking service provider is ensured through encryption.
A secure connection between your computer and the Internet banking service provider is established through Secure Sockets Layer (SSL).
When connecting to the RBA iDIREKT Internet banking server, your computer defines a secret key that consists of an array of randomly selected digits. The server accepts that key. That secret key is known only to your computer and to the RBA iDIREKT Internet banking server. Before data transfer itself takes place, the data is encrypted (at your computer if you are sending the data, at the server if you are requesting the data) by means of the secret key. The computer that receives the data uses that same secret key for their decryption.
The Internet banking server supports the latest encryption technology, the 128-bit data encryption.
It is recommended that you, as a user, also use the latest Internet browsers (Microsoft Internet Explorer or Netscape Navigator version 6.x or higher).
Along with the already described protection of data during their passage through the net, the Bank protects the data as well as the RBA information system by means of a firewall.
The RBA iDIREKT Internet banking service provider and the RBA information system are protected from any unauthorized entry, and data flow is monitored 24 hours a day, 7 days a week.
Authenticity of the RBA iDIREKT Internet banking server
In order for you as a user to be certain that you are communicating with the RBA iDIREKT Internet banking server, RBA has certified its server with THAWTE, a company owned by VeriSign, an accepted Internet authority worldwide.
It means that as a user you will be able to verify the identity of the service provider. The name of the service provider, displayed at the address bar of your Internet browser while you are working with the RBA iDIREKT, must at all times correspond to the name stated in the certificate, and that is direkt.rba.hr
RBA iDIREKT Internet banking was developed by usings the technology of renowned global enterprises Oracle, Sun, BroadVision and IBM, guaranteeing additional security and durability of the RBA iDIREKT Internet banking product.