Safety recomendations

(according to the recommendations of the National Bank of Ukraine dated 04.07.2018 № 57-0009 / 36366 and materials from the official site of the Ukrainian Interbank Association of Members of EMA Payment Systems)
1. When using Remote Banking Systems (DBS)
- applicable yte by media key information for applying digital signatures and authentication methods multifactorial.
- From a personal computer, which prepares and sends documents to the bank, it is necessary to minimize the use of the Internet. Do not visit sites of dubious content or any other non-productive online resources (social networks, conferences and chats, phone services , etc. ). Do not read mail or open email attachments to emails from unknown or suspected recipients. Do not install or update any software other than the manufacturer's official sites.
- Set up your corporate and PC network equipment separately. Restrict your access to the Internet to a whitelist of sites from all workplaces that prepare, sign, and send payment documents. The "whitelist" should include only verified sites of the organization itself, banks, tax service, other government agencies, access to which is REQUIRED in the production process, system update servers and antivirus software.
- Minimize the number of computer users who prepare and send documents to the bank. It is advisable to restrict physical access to personal computers that prepare and send documents to the bank (to provide access only to responsible employees who are directly authorized and authorized to work with the software of the OBD system).
- Use modern antivirus software, update and perform antivirus scan on your computers. We note that the malware is able to intercept any data during the exchange of bank ohm , PC clients and / or personal data of holders of electronic means of payment and store / distribute such information to further unauthorized use by third parties of crime.
- Ensure that security updates for your operating system, browsers, and software are installed in a timely manner. It is necessary to set reliable passwords for access to the personal computer, to ensure that these passwords are changed periodically.
- Avoid unauthorized use of digital signature keys, store key media in a way that prevents unauthorized access to them. Generation of private keys should only be performed independently. No one (including bank employees) should be given passwords or passwords to personal secret keys. Do not write or save passwords with the key media.
2 . When using electronic means of payment
- Never share your card confidential information with third parties (PIN, full card number, expiration date and CVV2 / CVC2 code). Remember that bank employees will NEVER ask u u informatio th .
- If you are called from the Bank and notified of an unauthorized cancellation from your account - put on the handset, no matter what number the call comes from. To verify the information, call your bank on your own by the phone number on the back of your card.
- Always set a limit on purchases, both physical and virtual card.
- For online purchases, use ANY physical or virtual card in order not to " reveal " the details of the primary card (for example, salary). Do not save your money on online shopping cards for a long time, it is better to spend a few minutes to transfer the required amount than to waste your money.
- Immediately change the PIN code to your card if you suspect it has become known to others. Block your card when attempting to make unauthorized payments.
- Pay particular attention to the site and where you plan to pay for the goods / services . The site name field must have a security protocol that looks like this: https: // { site name } when hovering in this cursor field .

3 . Phishing , what it is and how to protect yourself from it
According to the National Bank of Ukraine, more than half of all non-cash transactions in Ukraine are conducted online today. And every year the number of transactions and the total amount of non-cash payments are doubled. The number of e-commerce (e-commerce) shops serving payment cards in Ukraine on January 1, 2016 was 2915. The experts are convinced that in the coming years the Internet will become absolutely dominant way of making non-cash transactions.
But with the development of online payments, the number of fraudulent transactions conducted without the physical use of payment cards is also increasing rapidly.
Phishing (from Eng . Fishing - «fishing") - one of the most common types of fraud using the methods of social engineering. Its purpose - under various pretexts to lure cardholders confidential information, including details of payment cards, da tion able to access accounts and steal money. To catch the hook unsuspecting user criminals mimic the activity of real issuing banks and companies actively using neholosovi communication: SMS messages, e- mail messages, online payment form, which is the phishing of web resources.
Phishing second site - a fraudulent Web resource that provides stealing props along with payment cards under the guise of non-existent services (which may be, for example, recharge mobile account or transfer money from card to card) or clone your organization's resources, which the user trusts (like portmone.com, ukrposhta.com , etc. ). According to statistics, more than 90% of phishing sites provide exactly non-existent services for replenishing mobile accounts and transferring funds from card to card - citizens should be especially careful when conducting these operations on the Internet and the Internet.
The main recommendation of cybersecurity professionals in the payment area is to never enter your payment card information (number, expiration date, three-digit CVV2 / CVC2 security code on the back of the card), as well as a bank confirmation code for SMS messages on suspicious and unverified sites.
Identifying a phishing web property is not a problem
You can even check the site visually, without using any additional services.

If the domain page starts with http : // , instead of https : // and has a stylized symbol of the castle, which announced the establishment of a secure http s -z'yednannya, Resource least dangerous, as a maximum - can be a phishing m .
Registration of a site providing card-to-card money transfer services, as well as mobile phone recharge or online crediting, is not a national .UA domain can be a sign of a phishing resource.
The presence of zero commissions and other " incredible " proposals should be alarming.
Topical weaknesses, such as differences in domain name in the address bar and in text or banner, can also indicate that this is a fraudulent site.
If the address bar Displays S ARE equally and addresses and for all pages, the user just went to phishing resource.
Legitimate sites mask the introduction of card details (such as asterisks) or use a virtual keyboard, phishing resources - do not mask .
To combat phishing Ukrainian Interbank Payment Systems Member Association EMA, which is supported by the US State Department in implementing Ukraine national program promoting security of electronic payments and card payments Safe Card , created and regularly updates the list of detected phishing sites.
The list of sites that pose a danger can be viewed by every Internet user on the official EMA resource in the section "Blacklist of sites":
The list of trusted payment services proven:
Links to the official pages of the participants Ukrainian Interbank Association of Members of EMA Payment Systems (Banks, Payment Systems):
4. Messages to the bank
- losses and electronic means of payment;
- Unauthorized th access to or modification of information systems, remote client service;
- Phishing websites or information about them
24/7 Customer Support:
( 056) 734-50-05, ( 050) 734-50-05, (068) 734-50-05
Viber / WhatsApp / Telegram
e- mail : callcenter@concord.ua