The R-Connect online banking system employs the most advanced technologies to ensure security of payments and safety of customer accounts. In addition to reliable encryption, you get tools that enable total control of operations on the accounts and events within R-Connect via SMS and e-mail notifications.
General Information on Security in the Raiffeisen Connect System
Raiffeisenbank designed the Raiffeisen Connect service using reliable security protocols in accordance with the best international practices. This allows us to offer our customers services that are completely integrated into the existing banking infrastructure, and to completely control the functionality and operation of banking services, ensuring safety, convenience and reliability for our customers.
In order to ensure the security, the system uses:
- Secure SSL-connection, ensuring the confidentiality of information transmitted
- Tools to independently monitor your visits to the system
- One-time passwords for confirmation of active operations which can be generated using a card reader, or accessed through SMS
- E-mail and SMS notifications about active operations and modifications of personal data in the system
Recommendations for Users of the Raiffeisen Connect System
We’ve prepared a guide on the safe use of R-Connect, and strongly recommend that you read it.
This information is distributed to help customers to ensure proper security of data transmission through open communications channels (Internet). If you are not a technically knowledgeable user, please contact your system administrator for technical support.
In case you experience any difficulties you may also contact R-Connect Technical Support via phone, e-mail or using the available online feedback form.
- Make sure your connection to the bank server occurs in protected mode (SSL)
- Always log out of the system using the ‘Exit’ link
- Use strong passwords
- Disable the web form’s auto-complete option, and make sure that your saving and storage of confidential pages (SSL-page) is disables in your browser
- Pay attention to the time of the previous log-in to the system
- Use your e-mail to get information on changes in your personal data and signed requests for active operations
- Enable the ‘SMS Notifications’ option to get information about all actions, performed in the system
SSL (Secure Sockets Layer) is a protocol that protects data sent between Web browsers and Web servers. The main purpose of the protocol is to provide:
- Server authentication which guarantees users that they get to particular websites which they wanted to visit and protects them from malicious websites.
- Establishment of a secure channel through which encrypted information can be transmitted between the browser and the server to block 3rd parties from distorting information or gaining access to it.
Any page whose address begins with https is transmitted securely using SSL. The letter ‘s’, added to the familiar HTTP (Hypertext Transfer Protocol), means ‘secure’. Users do not need to take any special action to switch to SSL-connection — the SSL client program is built into web browsers.
How to Ensure that your Connection is in Protected Mode
You can check the authenticity of the (SSL) certificate of the Raiffeisen Connect server by clicking on the secure connection icon:
||Internet Explorer 8
||Internet Explorer 7
||Mozilla Firefox 2
||Google Chrome 27|
The data in the certificate must contain the following information:
- Issued to: CJSC Raiffeisenbank
- Issued by: Thawte SGC CA — G2
- Valid from December 12, 2012 to January 12, 2015
- In Internet Explorer 8.0 the certificate looks like this:
Below you can see a valid certificate, which is evidence that you are connected to the server of AO ‘Raiffeisenbank’.
If you click on the ‘Certification Path’ tab, you will see the current status of the certificate.
If the status of the certificate is different from ‘This certificate is OK’ or ‘This certificate is valid’, please log out of the R-Connect system immediately and report the incorrect certificate to technical support of the R-Connect system via phone, e-mail, or the online feedback form or personally to your account manager.
Use ‘Sessions’ to check the date of your last visit to the Raiffeisen Connect system.
If you suspect any unauthorized logon using your credentials, please immediately inform the R-Connect technical support via phone, e-mail or the online feedback form.
- Always log out of the Raiffeisen Connect system using the ‘Exit’ link so that your Internet sessions will be terminated immediately.
- We do not recommend using the R-Connect services in Internet cafes, public libraries and through other public Internet access points due to the lack of proper security systems in these places.
Use the following recommendations to create and use a strong password for work in the system. For security purposes, the system password has a limited duration — 180 days. After this period, you will need to change your password.
Creating a Strong Password
A strong password is a password that is hard to guess but easy to remember. In order for the password to be hard to guess, it must have specific syntactic characteristics.
When choosing a password it is advisable to follow the following rules:
- The password must be at least 8 characters (the longer the password, the better)
- The password must be a combination of letters, numbers and, if possible, special characters
- The password must be a combination of uppercase and lowercase letters
- Words that are present in standard dictionaries (including dictionaries of foreign languages) should not be used as a password (to eliminate the possibility of finding the password by iterating through)
- The password must not contain repeated sequences of characters (for example, the word ‘access’ contains more than two identical characters, following each other), obvious patterns, or sequences formed with characters (for example, asdfghjkl or erdfcv).
A strong password has the following characteristics:
- A strong password should be easy to remember. Overly difficult passwords are likely to be written down and will therefore become unreliable.
- A strong password can be entered quickly. If entering your password takes too long, then people that are near can determine its structure (for example, its length).
Follow these tips to remember your password:
- Mix short words with digits or special characters, for example, ‘this;Is: One. good: PassWord’ or ‘3Doggiesareloud’!
- Create an abbreviation using the initial letters of words that form a sentence which you can easily remember. For example, you can create an abbreviation Tpftssivhtc from the initial letters of words in this sentence: ‘This password for the security system is very hard to crack’. If you need several passwords, you can choose a sentence and form one password from the first letters of the words in this sentence, the second password from the second letters of the words, etc. This method also allows you to include digits to the abbreviations, for example, O21A68WPmiC. (‘On 21 August 68 Warsaw Pact marched into Czechoslovakia.’)
- While forming your password you can intentionally make spelling errors to obstruct lexicological analysis of your password.
AutoComplete / Saving Pages
- When your browser asks you to choose whether to use AutoComplete for login and password or not, you should reject this function. If the AutoComplete of personal information in the forms of your browser is already activated, you can manually disable this feature in your browser preferences.
- To make sure your browser does not allow the storage of confidential pages (SSL-page), you need to disable the forms function in your browser settings. It will disable the saving of data (password, username, etc.) on your hard drive.
General Recommendations on Security of Online Banking Systems
- Use strong passwords consisting of letters, numbers and special characters that you can remember without writing down.
- Don’t give your confidential logon data (login, password) to anyone, including your relatives, colleagues or employees of the bank.
- If you choose to receive one-time passwords via SMS, please, make sure that the receiving phone is used only by you and cannot be accessed by a third-party.
- Before entering the code to confirm an operation from an SMS, always check the operation parameters (type, amount, receiver), contained in the message.
- Before entering data into the card reader, always check whether they correspond to the parameters of operation you want to confirm.
- Raiffeisenbank does not send emails, SMS or other messages to clarify your confidential data. Be careful: do not respond to such requests.
- We recommend that you use a password-protected personal computer for work with the Raiffeisen Connect system. Log-in from another computer, as well as computers in Internet cafes is not safe.
- Install antivirus software on the computer that you use for work with the system and configure it according to the supplier’s recommendations. Install security updates regularly.
- Always use the ‘Exit’ link when you finish working with the Raiffeisen Connect system.
- Configure and monitor notifications about the actions performed in the system (enter your email address in the ‘Settings’ menu; if you’re not subscribed to the SMS Notification service, please add it in the ‘SMS Notifications’ menu. If you are subscribed to the SMS notifications service and your telephone number has changed, please contact a bank office to change it).
- If you have any suspicion that your confidential logon data has become known to an unauthorized third party, as well as in case of loss of your phone or bank card that you use to confirm transactions in the system, or in case of detection of unauthorized transactions in the system, please immediately contact support service by phone 8 800 700-00-72 or the nearest office of Raiffeisenbank.
For more information on R-Connect System please contact the R-Connect technical support by phone, e-mail or using the feedback form.