1.1 Authorisation means the procedure for certifying the Client’s rights and confirming the Client’s orders to the Bank, and that gives rise to the Bank’s obligations to the Client in respect of transactions.
1.2 Handwritten Signature Analogue (HSA) means an element of an electronic document that is designed to protect such document against forgery and is unique to such document, and that makes it possible to identify and authenticate the person who signed the document (authorship confirmation) and to check for any data distortion (confirmation of the electronic document’s integrity).
1.3 Authentication means authentication of a Client.
1.4 Private (Secret) Key means a unique sequence of digits known only to and generated individually by its holder through the System, designed to generate a handwritten signature analogue in electronic documents.
1.5 Transaction Day means a day on which the Bank carries out all transactions on the Client Accounts. Saturday is business day but not a transaction day.
1.6 Public Key means a unique sequence of digits corresponding to the private key of a handwritten signature analogue that is available to, and may be individually generated by, any user of the System through the System, designed to verify and authenticate a handwritten signature analogue in an electronic document.
1.7 HSA Authentication means a positive verification by the System of the sender of an electronic document’s ownership of a handwritten signature analogue in such document, and of the Handwritten Signature Analogue.
1.8 Raiffeisen CONNECT System (the System) means the system for the processing and transmission of electronic documents and/or any other electronic data, including hardware, software and organizational interaction between the Bank and the Client for the purposes of providing the Client with banking services.
1.9 Electronic Document means the document that contains data in electronic digital form.
2. General Provisions
2.1 The Client may be granted access to the services of the Raiffeisen CONNECT or ELECTRONIC OFFICE systems in the manner stated in this Clause 9. The choice of a particular System shall depend on the System supported by the Bank’s Subdivision in which the Client receives services. The provisions of this Section shall govern the procedure of the provision by the Bank of information to the Client on the Client’s Accounts with the Bank through the Raiffeisen CONNECT or ELECTRONIC OFFICE systems, the Client’s rights and obligations in respect of the use of, and access to, the System and services provided by the Bank, and establish the procedure and the terms and conditions of System operation.
2.2 The provisions of this Section shall constitute an integral part of the Agreement on the Use of Electronic Document and the Recognition of Electronic Digital Signatures in the Raiffeisen CONNECT System and the Agreement on Exchange of Electronic Documents Certified by a Handwritten Signature Analogue in the ELECTRONIC OFFICE System.
2.3 The Systems shall provide information services relating to the Account through open channels of communication. To ensure the security of data transmission, a standard SSL Protocol shall be used.
2.4 The Systems shall ensure the generation of Electronic Documents and their transmission to the Bank. The Electronic Document shall be certified by an HSA. HSA shall be produced through the generation and verification of HSA based on the document’s contents and a pair of keys – a private (secret) key for signature generation and a public key for signature verification, and shall have the following characteristics:
HSA may only be reproduced by one person who possesses the private (secret) key and the relevant software required to generate and manage the keys and create the HAS;
The HSA authenticity may be certified;
HSA is unique to the only, particular document.
2.5 HSA shall provide the protection of the Electronic Document as follows:
prevention of unauthorised modification of the document’s contents (verification of the Electronic Document’s authenticity);
identification of the document’s sender.
2.6 The HSA generation method used by the Systems complies with the Payment Systems’ standards.
2.7 The Bank shall reserve the right:
refuse the Client (or Authorised Representative) access to the Systems;
suspend the execution of the Client’s orders, received through the Systems, until it receives the Client’s order in writing stating that such execution is required;
alter the scope of services offered to the Client through the Systems;
suspend the operation of the two Systems either with or without the prior notification of the Client.
3. Client Registration in and Operation of the Raiffeisen CONNECT System
3.1 To gain access to the services provided by the System, the Client shall apply in writing for registration at any of the Bank’s Subdivisions either personally, or though his/her Authorised Representative.
3.2 The Client shall receive unique identification codes to access the System:
user name (login) for registration;
a sealed PIN-envelope containing a password and PIN2 code.
The information contained in the sealed envelope shall be confidential and known to the Client alone. The login and password will ensure access to the System’s information services, while PIN2 code is necessary for access to the key generation procedure.
3.3 Access to the System (login and the sealed PIN-envelope) may be received by the Client’s Authorised Representative upon submission of the original personal identification document and the original power of attorney duly notarised by a notary or certified by a Bank officer. The unique identification codes to access the System shall be valid no more than sixty (60) days from the date they are given to the Client or his/her Authorised Representative, with PIN2 code being valid no more than three (3) days from the moment of the first use of PIN2. Upon expiry of the above periods access to the System shall e automatically blocked by the Bank. To resume access to the System the Client will have to receive new unique identification codes (login and the sealed PIN-envelope) by personally applying to the Bank’s Subdivision. The new unique identification codes (login and the sealed PIN-envelope) shall be activated by the Bank after the Client receives such new unique identification codes and replace the old ones.
3.4 All of the Client’s connections to the System shall be established through a secure Internet connection using the SSL Protocol.
3.5 For purposes of accessing the System’s information services, the Client shall identify him-/herself by entering his/her unique user name (login) and password known only to such Client.
3.6 As the Client logs into the System for the first time, he/she must change his/her user name (login) and password that he/she has received from the Bank on the “Settings” menu of the System. Thereafter, the Client may change his/her user name (login) and password that he/she has set, on the “Settings” menu of the System. The System requires the Client to change the user name (login) and password once in one hundred and eighty (180) days. This period may be changed by the Bank unilaterally upon the prior notice given to the Client in any of the ways stated in sub-Clause2.10 of these General Terms.
3.7 The Client shall be granted access to active Account (card) Transactions after performing the key generation procedure and execution of the Agreement on the Use of Electronic Document and the Recognition of Electronic Digital Signatures in the Raiffeisen CONNECT System with the Bank through the System. To access the process of generation of digital keys, the Client will use PIN2 code.
3.8 PIN2 code shall be used by the Client to access the key generation procedure, download and install the client software (Web-based Java Applet) required to generate public and private keys, exchange public keys with the Bank, create the Client’s HSA to the Client’s instructions, and verify the Bank’s HSA. After the key generation procedure is successfully completed, PIN2 code shall be valid no more than three (3) days but no more than sixty (60) days from the moment of receiving PIN2. As and when necessary, it can be used for another key generation during that period.
3.9 The client software has been certified by an international certificate confirming its ownership by the Bank.
3.10 The public and private keys shall be generated on the Client’s computer. To protect the pair of the keys, the Client shall use a password (“password to keys”) known only to him or her. The generated keys will be used for signing with HSA the Electronic Documents transmitted through the System during the entire period of operation until a new pair of keys is generated. After re-generation of the keys, the previous keys shall cease to be valid, a new public key shall be transferred to the Bank, and a new Agreement on the Use of Electronic Document and the Recognition of Electronic Digital Signatures in the Raiffeisen CONNECT System shall be executed. The valid pair of keys for the Client shall be the latest generated one. New keys can be generated whenever the Client wishes, provided that the valid PIN2 code is available. The receipt of new system access data (user name, password and PIN2 code) shall invalidate the existing pair of keys. The existing keys shall remain valid until the next key generation procedure is performed.
3.11 The public keys shall be exchanged with the System automatically.
3.12 The Client’s public key shall be kept in the System’s database. The Client’s private key shall be kept on the Client’s electronic data carrier.
3.13 Having generated the digital keys for access to active transactions, the System can make a query to activate them. To activate the digital keys, the Client should apply to the Bank’s Call Centre in accordance with Clause 11 of the General Terms. The digital keys shall be activated within three (3) Business Days of the date of the Client’s application.
3.14 To perform active transactions through the System, the Client shall identify him- or herself by entering his/her user name, password and HSA. Upon the Client’s instruction, HSA shall be generated with the use of the Client’s digital keys.
3.15 Information on Card Transactions, carried out in trade outlets, automatic teller machines and electronic terminals, shall be reflected in real time.
3.16 The Bank may limit the amounts of transactions carried out through the System.
3.17 Access to the System services shall be blocked by the Bank, on the Client’s initiative, upon an application from the Client who should either personally apply to the Bank’s Subdivision or to the Call Centre in accordance with Clause 11 of the General Terms. The Bank shall block such access no later than the next Business Day after receiving the Client’s application.
3.18 The Bank shall reserve the right to block the Client’s access to the System services:
if the Client has any Overdue Indebtedness to the Bank;
if the Client does not comply with the terms and conditions of the Agreement, General Terms, and Tariffs;
if the Bank has any information on probable or actual illegal operations;
if the Bank has any information on the death of the Client;
if the Bank receives documents stating that the funds on the Account are under attachment (attachment of Account) or the Account
funds are subject to enforcement;
if any attempts of carrying out fraudulent transactions are identified;
on its own initiative without explaining the reasons.
4. Liability of the Parties
4.1 For unauthorised access to the information stored in the Systems, the Client shall be held liable in accordance with the applicable laws of the Russian Federation.
4.2 For the creation, use or distribution of viral software in the Systems, the Client shall be held liable in accordance with the applicable laws of the Russian Federation.
4.3 The Client shall keep confidential and not provide to any third parties the identification codes enabling access to the Systems (user name (login), password and PIN2 (for Raiffeisen CONNECT system) and password to the secret keys (for ELECTRONIC OFFICE system). The Bank shall not be liable for any consequences of any use of the unique identification codes by any third parties.
4.4 In view of the specifics of data transmission through open channels of communication, the Bank shall not be liable for any losses incurred as a result of the Client’s failure to receive any data mentioned above and/or the receipt thereof by an unauthorised person
Font size