We place a great deal of attention on protecting the integrity of your transactions and information concerning your bank account.
We use the latest security software and apply procedures that protect your online transactions.
Furthermore, you need to know that the internet and electronic mail may be used as a means of engaging in illegal activities, and we therefore recommend that you read this information and familiarise yourself with some basic internet security measures.
More information on banking client security is available on the website of the Association of Serbian Banks.
General information about internet security
In the modern digital environment we now live in, many daily activities rely on the internet. Communication and business relationship are established online. This means that data and sensitive information are continuously exchanged via the internet. At times, internet and e-mail can be an unsafe channel for the exchange of information. It is precisely for this reason that internet security is a priority, both for individuals as well as legal entities.
At ProCredit Bank we believe in protecting the public interest in regard to information security and internet security. For this reason, we strive to increase awareness in terms of internet security and in this way contribute within this sphere. Above all else, we are dedicated to protecting the integrity of your transactions and information concerning your bank account. This is why at ProCredit Bank we use the latest security software and apply procedures that protect your online transactions.
In addition to the above, by clicking on the ‘padlock’ icon on ProCredit Bank's website, you can check out our Security Certificate (as shown in the image below):
The bank is always at your disposal for consultation and information. Anything out of the ordinary in relation to your electronic banking should be reported as suspicious. If in doubt, do not hesitate to contact ProCredit Bank by phone, by calling our Online Centre at 0700 700 000 or 011/2057 000 (if you are calling by mobile phone from abroad), or contacting your Client Advisor or by sending an e-mail at email@example.com.
Internet security advice - how to use the internet safely
- Always know who you are communicating and doing business with.
Always access your eBanking orders by using the links available on our website at , www.procreditbank.rs ,or by entering a URL path into the web browser's address bar that takes you directly to our eBanking application, such as:
https://online.24x7.rs/procredit/retail/LoginModule/LoginUP.aspx - for private individuals
https://webebank.ebb-bg.com/webbank/ - for legal entities
NEVER go to a website by clicking on a link you received by e-mail (unless the e-mail was sent by the bank), and DO NOT enter any personal information. If you are in doubt, contact ProCredit Bank via the following e-mail address: firstname.lastname@example.org or by calling us at: 0700 700 000, or 011/2057 000 (if you are calling by mobile phone from abroad).
- Keep your passcode and PIN in a safe place
Your passcode and PIN are used to identify you electronically, for this reason - BE CAUTIOUS! Be especially cautious when receiving unsolicited/unexpected electronic messages or calls requesting you to divulge personal information, card details, or requiring ‘confirmation’ by providing your passcode or PIN. Do not give out any information or any personal details to anyone you do not know. Do not share your PIN or passcodes with anyone, not even members of your family. Know that the bank or the police would never ask you to divulge your PIN and/or passcode.
- Keep your money safe!
Do not allow yourself to be tricked by an electronic message that seems to be sincere by giving you an opportunity to invest your funds and turn an easy profit. If the offer seems too good to be true, then it probably is! Be especially cautious with unsolicited electronic messages delivered from abroad, because this makes it much harder to check if someone is really ‘who they say they are’.
- Secure your computer
Install the latest version/updated antivirus programme, as well as a firewall. Next, if you have Microsoft Windows installed on your computer, always install updates through Microsoft’s official website. Use the latest version of your internet browser which updates security elements on its own. Be extremely cautious if you use internet cafes, libraries, other people’s computers or any computer that you have no control over.
Additional useful advice and security measures
- It’s best to learn your passcode and other confidential information by heart, and to destroy any notifications which include this information as soon as possible.
- Never write your passcode and other confidential information on notepads, in notebooks, etc.
- Always adhere to the general business regulations agreed with the bank.
- Do not use the same passcode that you use for electronic banking to access any other internet website.
- When changing your passcode, create a so-called ‘strong’ passcode which include a combination of letters, numbers and special characters, without including well-known elements such as names or important dates.
- Never ever divulge information about your computer or other confidential information. If you call the bank by telephone, be aware of the type of information the officer may ask you to provide - they will not ask you to divulge your passcode or PIN.
- Never leave your computer unsupervised when you are logged in to your eBanking page.
- Make sure to log out of your eBanking application properly each time you finish using electronic banking services.
‘Phishing’ or online identity theft
What is phishing?
‘Phishing’ is the sending of an e-mail with false representation of the sender, with the aim of deceiving and misleading the recipient of the e-mail to divulge confidential data, or information, which would then be used for malicious and unauthorised purposes. In principle, the aim of ‘phishing’ is to steal someone’s online identity
For the most part, ‘phishing’ messages include a link that directs the recipient to a fake website where the recipient is asked to ‘update’ their details, such as passcode, and the entry of these details is required under the pretext of ‘confirming’ their bank account numbers and so on. This makes phishing a well thought out form of theft.
By randomly sending malicious e-mail to a large number of people, senders count on the lack of caution and credulity of the recipient, and on the fact that a certain number of recipients will accept the e-mail as legitimate and ‘update’ their data. It is precisely for this reason that awareness needs to be raised in terms of possible ‘phishing’ attempts.
Keep in mind, the bank will never require its clients to enter details or to confirm their personal information in the above described manner.
How can I avoid phishing?
Always, always think twice before clicking, and then don’t click.
The bottom line is this: because of the amount of damage that may be caused if you become a victim of ‘phishing’, it is important to approach these types of emails with a great deal of caution. When you suspect fraud is in question, you’re probably right. It is best to be vigilant in regard to network communication, regardless of how harmless the e-mail you receive seems to be.
One of the most important things that the recipient of a malicious e-mail can do is to think about the context of what it is that the sender is asking for and does this request make sense, realistically. For example, a passcode is a unique form of authentication and why would the sender of an e-mail be asking for you to enter this data anywhere, if this is not an application you regularly access in a specific way (!). What’s more, ‘phishing’ messages usually ask the recipient to react to the message urgently, which is a further indication to take caution.
How can I recognise ‘phishing’?
We have provided a few elements that may assist you in recognising ‘phishing’ e-mails below:
- Legitimate senders will never ask for your personal information by e-mail
It is certainly an attempt at fraud if you receive an e-mail that contains a link or attachment, while also asking you to provide sensitive information. Most companies will not send you an e-mail in which they ask for passcodes, payment card details, account numbers, nor will they send you a link that you are supposed to log in to. Also, ‘phishing’ e-mails are sent randomly, and the senders definitely don’t know your real name and surname, and therefore they address the e-mail with a generic greeting such as ‘Dear Sir/Madam’, ‘Dear Client,’ or the like.
- Consider whether the sent e-mail includes suspicious elements
It is recommended that you consider, in detail, all elements of the received e-mail.
The following provides a clear example of ‘phishing’ with a fake sender address. Nevertheless, a ‘phishing’ e-mail may look like it was sent from a legitimate ProCredit Bank e-address (from a correctly provided domain). Unfortunately, due to the e-mail system, it is relatively easy for persons engaged in fraudulent activities to create a fake e-mail address in the From field. The address that appears in the From field of an e-mail message IS NOT a guarantee that the e-mail has been sent from a person or organisation whose name appears in the e-mail’s address. These types of ‘phishing’ messages are not sent via the bank’s system
An example of Phishing
The option to review agreement documentation allegedly prepared by the bank is also provided. If the recipient clicks on the ‘View Procreditbank Document’ link, this may provide the malicious sender with the opportunity to misuse the data and information.
Avoid opening links or attachments contained in e-mails, and do not register in e-banking applications through links sent to you by e-mail. The bank recommends that you use the links provided on ProCredit Bank’s official website, www.procreditbank.rs, or personally enter ProCredit Bank’s eBanking internet address in the address-bar/web-browser.
The bank is always at your disposal for consultation and information. Should you have any concerns relating to potential ‘phishing’ electronic messages, do not hesitate to contact ProCredit Bank by phone, by calling our Online Centre at 0700 700 000 or 011/2057 000 (if you are calling by mobile phone from abroad), or by sending an e-mail at email@example.com. You can also contact your Client Advisor in regard to the above.
Fake internet websites
To determine whether a website is fake or legitimate, we advise you do the following:
- Check the URL link
The first step is to place your cursor over the URL address and check the validity of the web address. Look for a ‘padlock’ icon (see image below). By clicking on the ‘padlock’ you can view the Procredit Bank internet website Security Certificate. Check whether the URL starts with ‘https://’ in the address field. The letter ‘S’ means that the web address is encrypted and protected by an SSL certificate. Without the ‘https:’, all information sent to this web-location is unprotected and can be intercepted by malicious people. Beware though, this system alone is not enough to confirm security, and users are advised to exercise additional caution and consider additional evidence to ensure that a web location is secure.
Next, pay close attention to the characters included in the web address. To trick users, malicious people will keep as close as possible to real addresses, making just minor changes. A web address can start with the name of the real website’s domain but the extension ‘.rs’ may be changed to ‘.org’ or the letter ‘o’ exchanged with the number ‘0’. Next, a web address may include additional characters and symbols that the original address does not. It is also possible to insert a fake address bar in the web browser window. Many links from these sites really can lead to a real website. Regardless, do not allow yourself to be tricked by this.
- Website contents
ProCredit Bank’s official website has been professionally designed. The grammar/spelling is accurate, and it includes quality graphics. If you find yourself on a ‘phishing’ website, despite the similarities, it is certain that you will notice a difference i.e., grammar/spelling errors and a difference in the quality of graphics and resolution may lead you to conclude that have accessed a fake website. We recommend that you leave the site immediately.
A potential indicator of a ‘phishing’ website may be that it lacks a ‘contact us’ section. Official websites usually include full contact information, such as a mailing address(es), telephone number(s), e-mail address(es) and other relevant contact information. If this information is missing, we advise that you leave the website.
Pop-up windows are used to commit identity theft. They include fake messages that ‘pop-up’ for users when surfing the net. In many cases, malicious people ‘infect’ legitimate websites with malicious codes that create pop-up messages. The contents of pop-up messages are what makes them effective.
What’s more, it is possible to see the address bar of the authentic website in the background, but all of the information you enter into this window will be downloaded by malicious people for fraudulent purposes.
In order to access your eBanking account, log in by entering the address into a new browser window or by using the link provided on ProCredit Bank’s official website at www.procreditbank.rs.
The address of your authentic eBanking webpage starts with ‘https’ and includes a small padlock icon in the window of the web browser.
Reporting a suspicious message
If you receive a suspicious message that mentions ProCredit Bank in any way or any elements of the business relationship that you have established with the Bank, we kindly ask that you notify ProCredit Bank immediately.
You can send your notification to the bank’s e-mail address at firstname.lastname@example.org.
Your notification should include a ‘print screen’ of the suspicious message as well as an explanation, and we will then be able to consider the relevant details.
What’s more, you can contact ProCredit Bank by phone, by calling our Online Centre at 0700 700 000 or 011/2057 000 (if you are calling by mobile phone from abroad), or by contacting your Client Advisor.
What you need to know
The Bank will never send you an electronic message with a request to ‘confirm’ or ‘change’ your passcode or any other personal information by asking you to click on a link sent in a message that will direct you to a certain website.
Passcode change is only acceptable and possible once you have logged in to your ProCredit Bank eBanking account, which has a visible security link icon. To register in our eBanking application, open your web browser and personally enter the address/link or use the links provided on ProCredit Bank’s official website, at www.procreditbank.rs .
How else can I protect myself?
Act with caution in terms of all unsolicited/unexpected electronic messages (in particular those you receive from unknown senders) and never visit unknown websites by clicking on links sent to you in these kinds of messages. You know that you can always access the bank’s website without having to click on links provided in messages.
Furthermore, we recommend that you install antivirus software, update it and perform security checks regularly. Check to ensure that you have a firewall installed on your computer, if not, activate one.
Install a current operating system into your computer, as older operational systems don’t have so-called Patches and other security innovations that protect users from cyber attack, business interruption, data compromise or loss.
3D (Three Domain) Secure Dynamic - secure online transactions
ProCredit Bank provides its Visa and Mastercard® clients with a secure, fast and easy online payment option, with the highest level of protection using additional identification programmes - Mastercard® Secure Code and Verified by VISA
3D (Three Domain) Secure Dynamic is a standard globally developed programme that allows for secure online transactions through a one-time authorisation code which is received via SMS message to the mobile telephone number registered with ProCredit Bank. For safety purposes, the authorisation code can only be used for one payment, within 180 seconds and cannot be used for multiple payments.
Internet retailers who use the advanced 2.0 version of 3D Secure Dynamic, provide a higher level of protection and therefore payment authentication via this authorisation code that is received via SMS message is not required for each transaction. Transaction verification as well as merchant verification is performed by the card issuer (Visa and Mastercard®), and they decide whether or not the authorisation code is required. In this way, the payment process is quicker and easier, while payment security and the safety of the provided data is raised to the next level.