Frequently Asked Questions
Some important things you should know about Online Banking.
A session is started when the authorised subscriber uses his or her browser to send a secure message via SSL to BankNet server. For this purpose he uses the customized password along with his User ID. The BankNet server verifies this data and responds by authenticating the customer and initiating session encryption.
Once the BankNet session is securely established, Emirates NBD's computer processes and routes the transaction data using internal protocols. This prevents other Internet users from proceeding past bank's series of firewalls and filtering routers.
BankNet protects financial transactions through a number of barriers that prevent unauthorized access. The first barrier is a system of filtering routers and firewalls, which separate the outside Internet from bank's internal network. The filtering router verifies the source and destination of each Internet packet, and determines whether or not to let the packet through. Access is denied if the packet is not directed at a specific, available service. In addition, the filtering router prevents many common Internet attacks.
In addition, the firewall is the only server in the Bank's network that communicates via TCP/IP - the Internet's communication protocol. No internal Online transaction processing systems are reachable using TCP/IP. This prevents unauthorized users from accessing any transaction data from the Internet.
The information is passed between the bank's main computer and the customer's PC after it is duly encrypted using the highest possible encryption.
Security is the first and foremost requirement of Online banking because the Internet is inherently unsecured. Millions of computers form a public network where communications can be intercepted. As data moves from sender to receiver, it almost always has to travel through several other connections. This is called routing. During routing, computers other than the sender and receiver can access the data. Even computers not directly involved in routing can access the data. Security is therefore a critical component of any Internet application.
Sending data across a network involves three basic security risks:
- Eavesdropping - intermediaries listen in on private conversations (one computer talking to another).
- Manipulation - intermediaries change information in a private communication.
- Impersonation - a sender or receiver communicates under false identification.
The situation is analogous to purchasing mail-order goods over the telephone. Mail-order shoppers want to know that no third parties can hear their credit card number (eavesdropping); that no one can insert extra order information or change the delivery address (manipulation); and that it is actually the mail-order company on the other end of the line and not a credit card thief (impersonation).
Current browsers counter security threats with a network communication protocol called Secure Sockets Layer (SSL). SSL is a set of rules that tells computers the steps to take to improve the security level of communications. These rules are designed for the following:
- - Encryption, which guards against eavesdropping
- - Data integrity, which guards against manipulation
- - Authentication, which guards against impersonation
However, these effects protect your data only during transmission. That is, network security protocols do not protect your data before you send it. Just as you trust merchants not to share your credit card information, you must trust the recipients of your online data not to mishandle it.
SSL uses authentication and encryption technology developed by RSA Data Security Inc. The encryption established between you and a server remains valid over multiple connections, yet the effort expended to defeat the encryption of one message cannot be leveraged to defeat the next message.
A message encrypted with 40-bit RC4 takes on average 64 MIPS-years to break (a 64-MIPS computer needs a year of dedicated processor time to break the message's encryption). The high-grade, 128-bit U.S. domestic version provides protection exponentially more vast. The effort required to break any given exchange of information is a formidable deterrent. Server authentication uses RSA public key cryptography in conjunction with ISO X.509 digital certificates.
The Internet is inherently unsecured. No security method can make claims of impenetrability.
- Always use the latest versions of software. Regardless of vendor, users of network should always ensure that they have the latest version of an application. The discovery of a security flaw is one of the most significant reasons for vendors to release new versions of software.
- Use the highest security version of your software. Customers who use Internet Explorer 3.02 can download the 128-bit add-on from the Microsoft web site. This software uses a 128-bit key that provides stronger security than the 40-bit key.
Emirates NBD is committed to provide the safest Online banking service to our valued customers so that all transactions involving financial and customer data are conducted in a safe and secure environment. Without thorough security, information transmitted over the Internet is susceptible to fraud and other misuse by intermediaries. Information travelling between your computer and a server uses a routing process that can extend over many computer systems. Any one of these computer systems represents an intermediary with the potential to access the flow of information between your computer and a trusted server. You need security to make sure that intermediaries cannot deceive you, eavesdrop on you, copy from you, or damage your communications.
Adequate security features are in-built into our BankNet to protect our customers. We use 128-bit encryption, the highest encryption security currently available, which earlier was restricted to Canada and US, but are now available to Banks outside the US in selected countries. Additional security comes with the User ID and Password, which are provided to you by the bank to access your account. The information, which you enter, passes through 128-bit encryption.
Microsoft Internet Explorer with 128-bit encryption uses:
- Server authentication (thwarting impostors)
- Privacy using encryption (thwarting eavesdroppers)
- Data integrity (thwarting vandals)
- Firewall is used to protect data in Emirates NBD's main computer and only authorised persons have appropriate access to the data in our system.
- The SSL protocol delivers server authentication, data encryption, and message integrity. SSL is layered beneath application protocols such as HTTP, SMTP, Telnet, FTP, Gopher, and NNTP, and layered above the connection protocol TCP/IP. This strategy allows SSL to operate independently of the Internet application protocols.
- With SSL implemented on both the client and server, your Internet communications are transmitted in encrypted form. Information you send can be trusted to arrive privately and unaltered to the server you specify (and no other).
Firewalls and routers form a barrier between the Internet and our bank's main computer. All incoming traffic is routed to the firewall, which verifies the source and destination of each information packet. The firewall then changes the address of the packet before delivering it to the appropriate site within our internal network. This way, all internal addresses are protected, keeping the structure of Key's network a secret. Our firewalls record all activity with BankNet, including sign-ons, sign-offs, and access violations. This allows for quick identification of any suspicious activity.
The security protocol works as an adjunct to other protocols without limiting access capabilities. You can use your browser to bring either secure or insecure documents.
Online forms can be secure if the submit action is an https:// URL to a secure server.
You can save a secure document (though secure documents are not cached to disk among sessions). You can also view the HTML source of a secure document. Security affects the transmission of a document without affecting your ability to manipulate the document.
There are two ways to tell if your browser is operating with security features:
- First, your Location Bar should show a Uniform Resource Locator (URL) that uses an https: address, as opposed to an http: address.
- Second, the security lock will appear in the lower right corner of your browser window.
You can enter your credit card number on a secure (https) form and transmit the form over the Internet to a secure Server without risk of an intermediary obtaining your credit card information.
Secure communications does not eliminate all of an Internet user's concerns. For example, you must be willing to trust the server administrator with your credit card number before you enter into a commercial transaction. Security technology secures the routes of Internet communication; security technology does not protect you from unreputable or careless people with whom you might choose to do business.
The situation is analogous to telling someone your credit card number over the telephone. You may be secure in knowing that no one has overheard your conversation (privacy) and that the person on the line works for the company you wish to buy from (authentication), but you must also be willing to trust the person and the company.
Encryption is the scrambling of information for transmission back and forth between two points.
When you send out a letter to your friend, you communicate in a language that both of you understand. Since, your language is understood by thousands of other people also, if someone else gets hold of your letter, he will not have any problem in understanding its contents. If you do not want anyone other than to whom this letter is intended, you must use a secret language or you must substitute each alphabet in your letter for some other alphabet, which only two of you will understand. Using a secret language or substituting one alphabet or word for another is called encryption and your letter is said to be encoded. To decode your letter, the receiver must have the same key that you used for encoding. To any other person who does not have this key, the message in the letter will not make any sense and will be garbage.
Computers also use the same principle. The browser in your computer uses a string of numbers, characters and special keys and makes the encoding and decoding immensely complicated. Your computer and the one at the receiving end agree upon the keys to be used for encoding. These keys are based on a set of mathematical formulae called algorithms. When a computer encrypts a message, there are billions of key combinations to select from. However only one of the billions of combination will be correct. Only the computers on both ends of the transaction know what key combination is in use during that session. The sending and the receiving computers use a different key combination for each session and only these two computers know what key is used for the current session. So if anyone else tries to read your message, he will get meaningless string of numbers and characters only.
Encryption finds its application in variety of transactions that involve sensitive matters and even for national security. Encryption is used for sending e-mail messages, sensitive documents and in electronic commerce such as credit card transactions and electronic banking
The security provided by encryption is measured in terms of how long is the encoding key used by your computer for encryption. The level of encryption is measured in bits like 40-bit or 128-bit encryption.
If the encryption has a 40-bit key, it means that there are 240 possible different combinations for solving the key. Similarly, for a 128-bit key, there are 2128 possible different combinations. In general, the longer the key, the longer it would take for someone without the correct decoder key to break the code.
The 40-bit encryption and the 128-bit encryption differ in their complexity and the key length. 40-bit encryption can use one of the 240 possible different combinations (1 followed by 12 zeroes) and 128-bit encryption uses on of the 2128 possible different combinations (3.4 followed by 38 zeroes). 128-bit encryption is exponentially more powerful than 40-bit encryption.
According to Netscape, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption.
For Netscape browsers: The key at the bottom left-hand corner of your screen will have one tooth for 40-bit or two teeth for 128-bit.
For Microsoft browsers: You can find out the level of encryption by using your browser menu bar. Select "File" then "Properties" then "Security."
When you visit a site that requires encryption, your browser will display the symbol with a key or a lock. If you are not in a secure area, the key or lock will be broken.
40-bit encryption is not as powerful as 128-bit encryption. But this still requires a lot of dedicated effort to break. When the length of the key is increased by one bit, the amount of effort required for breaking the code doubles. However, as the power in the hands of the potential criminals increases, it is necessary to use a more complex and longer key for secure transmission of data electronically. This is being provided by 128-bit encryption.
In BankNet, customer information and account data is protected by two independent security protocols: data encryption and a verifiable Password. When customers use BankNet, they are first prompted to enter their Password . The EB computer will not send any account information to the customer's computer unless the Password associated with the User ID has been correctly entered. All information that passes between Emirates NBD and the customer's computer is put through data encryption.
Your banking session data is encrypted when the appears in the lower left corner of your screen in Netscape's Navigator, and when the appears in Microsoft's Explorer.
If you're using a version of Netscape Navigator with domestic-grade encryption running, a will appear in the lower left corner of your screen.
When not in a secure session, Netscape's appears broken and Microsoft's is not shown
You need to use a browser with 128-bit encryption for using BankNet.
Emirates NBD is concerned about the security of your transactions. Our success as a financial institution depends on our ability to manage these systems safely and to continue to earn your trust as our customer. By requiring 128-bit encryption, we are assuring the highest level of commercially available security for your financial transactions.
A browser is a software used use to surf the Web. In the absence of a browser you cannot visit a Web site and view its contents, graphics and other information.
Browsers offer varying degrees of security, particularly in regard to encryption:
- Some browsers allow you to encrypt information, so that the information is scrambled as it passes over the Internet.
- Some browsers offer more secure forms of encryption than other browsers do.
- Even the same version of a browser can come with different levels of encryption. Netscape Navigator 3.0, for example, comes with either 40-bit encryption or the more secure 128-bit encryption.
Browsers indicate that they are in a secure, encrypted mode by displaying an icon in the lower portion of your browser as follows:
- Netscape navigator: A key icon in the lower left hand corner
- Microsoft Internet Explorer : A lock icon in the lower right hand corner.
Netscape Navigator 1.1X distinguishes its browser using 128-bit encryption with an icon with 2 keys and Netscape Communicator 4.0 and Microsoft Internet Explorer do not distinguish between 40-bit and 128-bit encryption on the browser screen.
However, with Netscape Communicator 4.0, you can click on the icon to determine what level of encryption is being used for a particular Web page.
All acceptable browsers do provide detailed information on security levels in "Properties" or "Document Information" from the browser's menu bar. See you browser's help or documentation for more information.
- Encryption Your browser must have 128-bit encryption.
- No storage of account information
Your browser must not automatically store information viewed from BankNet into your hard disc unless you specifically download the information.
The following is a list of sites you can browse for additional information concerning Internet security:
Using RSA Public Key Cryptography:
Learn more about Banking Online banking Security systems:
During the wire less communication from PDA to Emirates NBD secured web server, the request goes via WTLS protocol from PDA to service provider Wapgateway and using SSL from Wap gateway to Emirates NBD site. The interport communication which happens at the wap gateway during this translation is often termed as WAP GAP.
WTLS is called Wireless transport layer security.
You can use any WAP device (mobile phones or PDAs) to access this service via any WML browser, which supports WTLS. For higher-grade security, use WTLS with 128-bit encryption to transport information to your device. Ensure that your WAP device supports such encryption.
Customers should make sure to turn on the security function of his/her WTLS-enabled WAP phone or PDAs in order to secure WTLS encryption during transmission.