• Private Banking
  • Digital projects

Take care of your financial security

1. When using remote banking services (RBS):

- Use secure key media to overlay an electronic digital signature and methods of multifactor authentication.
- From a personal computer, which prepares and sends documents to the bank, it is necessary to minimize the use of the Internet. Do not visit sites with questionable content and any other non-productive Internet resources (social networks, conferences and chats, telephone services, etc.). Do not read mail or open e-mail attachments from unknown or suspicious recipients. You should not install or update any software outside of the official websites of the manufacturers.
- Set up separate network equipment for corporate and personal computers. Restrict access to the Internet to a “white list" of sites from all workplaces where the preparation, signing and sending of payment documents. The “white list" should include only verified sites of the organization, banks, tax service, other government agencies, access to which is NECESSARY in the production process, update servers for system and anti-virus software.
- Minimize the number of computer users who prepare and send documents to the bank. It is advisable to restrict physical access to personal computers on which documents are prepared and sent to the bank (provide access only to responsible employees who are directly authorized and have the right to work with the software of the RBS system).
- Use modern anti-virus software, update and perform anti-virus scanning on computers. We emphasize that malicious software can intercept any data exchanged with the bank, personal computers of customers and/or personal data of holders of electronic means of payment and store/disseminate such information for further unauthorized use by third parties.
- Ensure that security updates for your operating system, browsers, and computer software are installed in a timely manner. It is necessary to set strong passwords for access to the personal computer, to ensure periodic change of these passwords.
- Do not allow unauthorized use of electronic digital signature keys, store key media in a way that eliminates unauthorized access to them. The generation of secret keys should be performed only independently. Do not tell or pass passwords to anyone's personal keys to anyone (including bank employees). Do not write or save passwords with the key carrier.

2. When using electronic means of payment:

- Never disclose confidential data of your card to third parties (PIN code, full card number, validity period and CVV2/CVC2 code). Remember that bank employees NEVER ask for this information.
- If you receive a call from the bank and are informed about the unauthorized debiting of the account - hang up, regardless of the number from which the call came. To check the information, call your bank by YOURSELF on the number indicated on the back of your card.
- Always set a limit on purchases on both physical and virtual cards.
- For online purchases, use a SEPARATE physical or virtual card, so as not to “disclose" the data of the main card, such as salary card. Do not keep your money on online shopping cards for a long time; it is better to spend a few minutes to transfer the required amount than to lose your money.
- Immediately change the PIN code to your card if there is a suspicion that it has become known to others. Block the card in case of attempts to make unauthorized payments.
- Pay special attention to the sites where you plan to make payments for goods/services. The site name field must have a security protocol that when you hover the cursor in this field, it looks like this: “https://{site name}"

3. Phishing: what it is and how to protect yourself from it
According to the National Bank of Ukraine, more than half of all non-cash transactions in Ukraine today are conducted online. And every year the number of transactions and the total amount of non-cash payments doubles. The number of e-commerce stores (e-commerce) that serve payment cards is also indicative. There were 2,915 of them in Ukraine as of January 1, 2016. Experts are convinced that in the coming years the Internet will become the predominant way to make non-cash transactions.
But with the development of online payments, the number of fraudulent transactions that are carried out without the physical use of payment cards is rapidly increasing.
Fishing (from English - "fishing") - one of the most common types of fraud using social engineering methods. Its purpose is to lure confidential information from payment card holders under various pretexts, including payment card details, which makes it possible to access the account and steal money. To catch a gullible user, criminals imitate the activities of existing issuing banks and companies, actively using non-voice means of communication: SMS, e-mail, form of payment on the site, which is a phishing web resource.
A phishing site is a fraudulent web resource that steals payment card details under the guise of providing services (this can be, for example, replenishing a mobile account or transferring funds from card to card), or a clone of a web resource of an organization that a user trusts (like portmone.com , ukrposhta.com etc.). According to statistics, more than 90% of phishing sites provide fake services to replenish mobile accounts and transfer funds from card to card. Citizens must be especially careful when conducting these operations on the Internet.
The main recommendation of cyber security experts in the field of payment is never to indicate the data of your payment card (number, validity, three-digit security code CVV2/CVC2 on the back of the card), as well as the bank confirmation code of SMS-messages on suspicious and unverified sites.
Recognizing a phishing web resource is not a problem
You can check the site even just visually, without using any additional services.
If the page's domain
starts with http://instead of https:// and doesn't have a stylized lock character that indicates a secure https connection, the resource is at least as dangerous as the maximum - it can be phishing.
Registration of a site that provides card-to-card funds transfer services, as well as mobile phone replenishment or online lending not in the .UA national level domain may be a sign of a phishing resource.
The presence of zero commissions and other “INCREDIBLE" proposals should be alarming.
Thematic shortcomings, such as differences in the domain name in the address bar and in the text or on the banner, may also indicate that it is a fraudulent site.
If the address bar displays the same addresses for all pages of the site, the user exactly went to the phishing resource.
Legitimate sites mask the input of card details (for example, asterisks) or use a virtual keyboard, phishing resources - do not mask.
To combat phishing, the Ukrainian Interbank Association of Members of EMA Payment Systems, which with the support of the US State Department implements the National Safe Card Electronic Payment and Card Payment Assistance Program in Ukraine, has created and regularly updates the list of detected phishing sites.
Every Internet user can get acquainted with the list
of sites that pose a danger on the official EMA resource in the section “Black list of sites": https://www.ema.com.ua/citizens/blacklist/
List of verified reliable payment services: https://www.ema.com.ua/citizens/whitelist/
Links to official pages of members of the Ukrainian Interbank Association of Members of EMA payment systems (banks, payment systems): https://www.ema.com.ua/about/members/

4. Message to the bank
Contact the bank AS QUICKLY AS POSSIBLE if you find:
- loss of electronic means of payment;
- unauthorized access or change of customer information in remote service systems;
- phishing websites or information about them.
Round-the-clock customer support:
(056) 734-50-05, (050) 734-50-05, (068) 734-50-05
е-mail: callcenter@concord.ua