SECURITY MEASURES WHEN USING BANKING PRODUCTS

SECURITY MEASURES WHEN USING BANKING PRODUCTS

PrivatBank always guarantees the safety of your funds, but you must take care of the security of your money as well. We have developed 23 simple rules, by virtue of which you will not fall victim to fraud. We recommend that you read them.

Rule No. 1. Never write down your PIN on a plastic card: in case your card is lost or stolen unauthorized persons can easily withdraw money from it.

Never write down your PIN on a plastic card: in case your card is lost or stolen unauthorized persons can easily withdraw money from it.

Rule No. 2. Block your card or financial phone number in case of theft or loss.

If you lost your card (or it was stolen), block it by calling 3700 from any available phone or in any other convenient way:

1) using the "Online Help" service on the bank's website;

2) via the Internet-bank Privat24;

If you have lost your mobile phone (or it was stolen), call the bank at 3700 from any available phone or contact the bank branch to block the financial transactions and logging in Privat24 with this number.

Rule No. 3. Please inform the bank that you are going to use the card abroad.

To ensure that our anti-fraud specialists do not consider a payment with your card abroad to be a high-risk operation, inform the bank that you are going to pay with a card abroad using your Privat24. To do this, select the card in "My Accounts" -> "Card / Account Management" -> "Do not Block a Card in Case of Traveling Abroad" or call 3700.

If there is no application for non-blocking of a card for operations abroad, if applicable, we may contact you to confirm the operation by phone. If it is impossible to reach you on your phone number specified by you in the bank, we will have to block your card (until the transaction is confirmed).

Rule No. 4. Use Privat24 observing safety precautions.

Log into the Internet bank only from the official websites: www.privat24.ua or https://privatbank.ua

Also, your Privat24 password may be requested during the registration on the government websites (gov.ua domain) if it is required to confirm the identity of a citizen when using BankIDtechnology.

Privat24 website has a security certificate.

• Pay attention to the address bar of your browser - there should be the address https://login.privatbank.ua/p24a/otp

• Install licensed anti-virus software with automatic updating on your computer. Regularly scan your computer for viruses.

Free antiviruses for your computer:

• Do not log in Privat24 from computers in public places (Internet clubs, places with public Wi-Fi).

• Configure your computer to automatically update the operating system and browsers.

• When you finish working with Privat24, click Exit in the upper right corner of the page.

• Do not download or store suspicious files from unknown sources on your computer. If you need to download the file after all, pre-check it with an antivirus program.

• Don't visit untrustworthy sites.

• If your computer or browser is blocked, and a message appears on the screen asking you to pay a fine for unlocking, be aware - it's a virus! In no case follow the requirements stated in the message. To solve the problem, use the special services ( https://www.avast.ua/index or https://www.avg.com/ru-ru/virus-removal), special recovery utilities or contact a specialist. Remember, paying a so-called fine will not solve the problem of blocking, but will only allow fraudsters to illegally get your money!

Rule No. 5. Ensure the safety of storage and usage of electronic digital signature keys (for business).

Store secret key files on mass storage devices (usb flash, etc.). Do not store key files on the hard disk. Immediately after the operations with the use of secret keys unplug the storage device from the PC. Use mass storage devices with secret keys only when performing operations in the system. Do not spread passwords to secret keys, do not write them and do not store them together with the key storage device (usb flash, etc.). In the event of comprometation or an attempt to compromise secret keys or computers, dismissal of the responsible employee of your company who had access to a computer or secret keys, immediately re-register the secret keys, and change the passwords.

Rule No. 6. Never give information about your cards to third parties, even if they apply to you ostensibly on behalf of the bank.

PrivatBank never calls or sends messages to ask clients to specify the number of the bank card, expiry date, PIN-code or CVV2-code of the card, the password to Privat24, as well as passwords received in SMS.

Besides ATMs, self-service terminals and POS-terminals, the PIN-code of your card may only be requested by Privat24 Internet Bank system. The bank never asks to dictate a PIN or send it in a message anywhere!

When you call to the bank, the employee can revise the maiden name of your mother or other codeword, but the bank employees never call the customers to revise this information.

To receive a transfer to a card for sale of goods (via OLX or Aukro), only the card number must be indicated. If a buyer requires you to give any further information (CVV2 code, card's expiry date, balance sheet, or card type) for transferring money to your card it should arouse your suspicion.

Rule No. 7. Stay alert, if you receive SMS of uncertain origins with a request to send the received code or a strange set of commands to another number.

It's most likely that this is a fraud. Do not disclose the content of your SMS message to others. Also, never perform any operations on the phone, the essence of which you do not know. Scammers may trick you into configuring call and SMS forwarding from your number to someone else's number. In this way, SMS or calls from the bank addressed to you will be forwarded to scammers who will be able to use them to access your accounts.
The combination for the forwarding of all calls of Kyivstar, Vodafone, lifecell mobile operators is ** 21 * + 380ХХХХХХХХХ # The combination for forwarding SMS of Vodafone mobile operator is to send SMS with code + 380ХХХХХХХХХ to number 3031.
For the rest of mobile operators, SMS forwarding can be configured in your user profile.

Rule No. 8. When paying for online purchases, be careful and never disclose personal information.

When paying for online purchases you only need to indicate the card number, its expiry date and CVV2 code. For security reasons never give your CVV2 to third parties!

If you often make purchases online, open a special Internet card. In this way you protect your basic card as much as possible, because its number and other details are not indicated anywhere.

Always pay attention to the interface of the website for payment - any change of colors and fonts, spelling errors should arouse your suspicion.

If you are asked to reveal the date and year of birth, your mother's maiden name and other personal data, or to dial different combinations of numbers on your phone, you are dealing with a scammer. Be careful, because if you transfer funds to a scammer they can be returned to you only by court decision. If you have any doubts whether to send an advance payment for a product, we recommend checking the seller's data online (by card number or phone number) or contact 3700 (from mobile) for consultation.

Rule No. 9. Use strong passwords and do not disclose them to anyone else.

A strong password is difficult to guess but easy to remember:
• Use complex passwords consisting of letters (uppercase and lowercase), digital symbols and special characters (@, #, $, &, *,%, etc.) that you can remember without writing down;
• NEVER use a password that includes personal information that is easy to identify (name, surname, date of birth, phone number, car number, address, pet names, names of close relatives, etc.);
• NEVER use the same repeating character or repeating combination of several characters as a password (for example: ZZZZZZZ, abcabcabc, 111222333);
• NEVER use a combination of characters typed in a logical order on a keyboard (for example: "12345678" or "qwertyui", etc.) as a password.
Never give out your passwords to anyone!

Rule No. 10. Stay always in touch with PrivatBank.

Stay always in touch with PrivatBank. If you have noticed suspicious devices on an ATM or if you have any difficulties with a card transaction, please report about this fact in any of the following ways:
by phone 3700 (from mobile) or (056) 716 52 52 or
by sending SMS to the number +38 (092) 302 07 17.

Rule No. 11. Carefully inspect the ATM before using it.

Inspect the ATM for unusual devices (scammers often place them next to the card reader or keyboard).

The safe card reader can be of two types: only a slot without any additional devices, a card reader with a transparent cover.

If the card reader has a non-transparent cover, it may contain a device that reads the data from a card. Do not use such an ATM! Also, do not use an ATM if it is difficult to insert a card into the card reader.

If the keyboard is installed unevenly or stands unusually, do not use such an ATM!

If you detect strange devices on an ATM, call 3700.

Rule No. 12. Avoid online deals with people who use fraudulent tricks.

a) "I cannot possibly meet with you" - refusal to meet in person for the transaction under any pretext.
b) "Very urgent!" – the extreme urgency of the transaction.
c) "Cash on delivery? No, I've never heard about this "- refusal of cash on delivery service.
d) "Cheaper than the cheapest" - a much underestimated price for goods.
e) "You know, I have a difficult situation! .." - stories about life difficulties that do not concern the deal.
f) "Money up front!" - the requirement for an advance payment.
g) "What about the balance and PIN code?" - question about card data: balance, PIN code, CVV-code, expiration date.
h) "You can receive your transfer via an ATM!" - an invitation to complete the transfer of funds to the ATM.

Rule No. 13. Be careful! The cases of hacking network service accounts (mail, messenger, social network account) have become more frequent.

There is a new kind of fraud - scammers download (without hacking) user information on the social network and create a copy of the page to get money out of the victims' friends.

If you receive a financial request or a suspicious link on your e-mail, Skype, Viber or in a message in social networks from your friend who has never previously sent anything like it, contact him/her in a voice mode and confirm that he/she has sent this message. The account may have been compromised by attackers.

Set secure and different passwords for all your accounts (mail, social network) (see Rule No. 8 for details). If your account can be further protected by two-factor authentication (when login to your account shall be confirmed by using a mobile phone), use this option.

We strongly recommend you to follow this rule with respect to the e-mail address which you indicated in the bank and to which confidential information about your accounts (reports on suspicious transaction in Privat24, statements, certificates, etc.) comes.

Rule No. 14. Letters with viruses.

Be careful when working with email. Scammers can send letters on behalf of the bank with false information: you have a large overdue debt, the provision of services is suspended, etc.

Attackers attach files allegedly with a detailed description of the situation to such messages. Opening such a file infects the computer with a virus, which subsequently leads to theft of personal information, money from accounts, etc.

If you receive such an e-mail, do not open the attached file. Clarify all the details by calling the contact numbers of the bank.

Rule No. 15. Phone number spoofing.

If you receive suspicious SMS or calls asking you to refund the money "mistakenly" transferred to your phone or card, please inform the bank's employees and do not contact the person who applies to you with such a request.

Information about your calls or state of account can be used by scammers to re-issue the SIM card. Scammers can intentionally make a top-up/ transfer for a small amount to obtain accurate data for reissue.

Rule No. 16. Answering to a call.

If someone calls you from an unfamiliar number, and when you answer a call, he/she asks: "Do you hear me?" - you must hang up your receiver without an answer. Scammers can record your answer "Yes" to use in phone fraud.

Rule No. 17. Suspicious calls from the bank.

If someone calls you from the bank under the pretext of lowering the interest rate, transfer of servicing to another bank, etc., and offers to do some actions in terminals, ATMs, social networks, hang up your receiver and notify about the call to 3700 line.

Rule No. 18. Never ask strangers to help you to use your plastic card.

Enter PIN-code yourself, without showing it to others and without speaking out loud.

Rule No. 19. Untrustworthy drawing lots

If you receive an SMS, an information message, a letter, etc. about the prize, for which you need to immediately pay a tax, duty or enter your personal data, it means that scammers are trying to deceive you. To protect yourself from fraud, please visit the official website of the company or contact customer support - large companies always place information about their promotions. Never transfer money before receiving a prize and take your time, scammers lay account with unconscious and fast actions of customers.

Rule No. 20. Untrustworthy offers.

If you receive a letter from a manager, a business partner or a bank / letter from a bank with a proposal, request or requirement to make an unplanned payment or transfer money to a certain account to solve a problem, etc., never transfer money immediately.
First, call the manager and confirm whether you need to make a payment, or contact the bank directly at 3700 to clarify all the details. Scammers hack computer systems to send fake letters on behalf of managers or partners to receive money on their own accounts.
A fraudulent letter may have minor differences from the original one in email address, company name, etc.

Rule No. 21. How not to become a victim of phishing

Just follow 7 simple tips:

  • Be sure to check the address bar, which you are recommended to go, for minor misspells.
  • Use only a secure https connection. The absence of the letter s in the website's address should get your attention.
  • Do not click on links from suspicious messages about replenishment of your accounts by an unknown person.
  • Be suspicious of any emails with attachments and links. Even if they come from a familiar address, it does not guarantee security: the mailbox can be hacked.
  • When you receive an unexpected suspicious message, contact the sender in any alternative way and confirm whether he sent it.
  • If you still need to visit the resource, it is better to enter its address manually or use the previously saved bookmarks.
  • Do not use open Wi-Fi networks to access online banking and other financial services: they are often created by criminals.
    Even if this is not the case, it is not difficult for hackers to connect to an unprotected connection.
  • Configure two-factor authentication on all your accounts, if possible. This measure can save the situation if the main password becomes known to hackers.

Rule No. 22. Four tips for working with bitcoins

Bitcoin is a virtual crypto-currency and has no physical form (coins, banknotes etc.). If you are offered to buy bitcoins in the form of coins or banknotes - that's a cheat!

Use only verified exchangers with a large number of positive reviews, since unknown exchangers are mostly fraudulent. The process of exchanging real money for bitcoins is not protected and takes place at the risk and peril of a buyer.

Use a good antivirus, because bitcoins are stored in electronic wallets on special websites, keys from which can be stolen by Trojan programs.

Do not deposit bitcoins, because such offers are fraud. After receiving the keys to the wallets scammers will immediately transfer funds, and you will be left without bitcoins.

Rule No. 23. How not to become a victim of a fraudulent mobile application.

Malicious software installed on your smartphone can trap your personal information, emulate a phone number and configure call forwarding to the phone of scammers.

In order to protect your personal data and money, we recommend you to follow a few simple tips from Symantec:

  • Regularly update your applications.
  • Do not download programs from suspicious resources but use only trusted resources such as Google Play.
  • Be attentive to the accesses requested by the installed application.
  • Regularly back up your important data.
  • Install anti-virus software on your smartphone.

Bank's counter fraud policy

PrivatBank actively counters fraud by encouraging employees to report frauds. Both within and outside the bank, we adhere to the zero tolerance policy with respect to fraud and use the whole range of measures to prevent thefts of our clients' funds. You can help us by reporting fraud.

Regulation "On the prevention of fraud"

Anti-Fraud Hotline

If you have information about fraud on the part of bank employees or clients, we ask you to fill out this form. This will save someone's money. The Bank guarantees you confidentiality. Reward is up to UAH 10,000.

If you have any problem with sending a message via this form, send an email to antifraud@privatbank.ua

On all matters related to fraud on the part of clients and third parties (other than bank employees), you can contact any nearest branch. We will review your application as soon as possible and we will certainly inform you of the measures taken.

BugBounty Program

Even a high security level does not mean complete invulnerability! If you know the "vulnerabilities" of banking systems, as well as in any of PrivatBank web resources, please let us know by using the page https://bugbounty.privatbank.ua and get a reward of up to USD 1,000 in case of confirmation and elimination of gaps by experts of the bank.

If you have any problem with work at https://bugbounty.privatbank.ua, send an email to bugbounty@privatbank.ua with a detailed description of the problem. Your warning will be considered within 7 working days from the date of receipt.

To give a warning