Deutsche Bank db easynet. Secure method of use of the db easynet e-banking system

Deutsche Bank db easyNET

Secure method of use of the db easyNET e-banking system

Deutsche Bank db easyNET

Introduction Deutsche Bank pays particular attention to your security. Therefore, the funds entrusted to us by our Customers are protected, using the most advanced and very effective security measures. Your security on the Internet also depends on your behaviour. Therefore, we kindly request you to read these guidelines which will help you use our service in a secure manner. The objective of this guide is to make you familiar with the basic security rules and the status of security measures, to enable you to protect your computer, tablet and smartphone against possible attempts to acquire your confidential data.

General security rules The secure use of the db easyNET system depends on your behaviour to a significant extent. To use the db easyNET system in a safe and secure manner, you must remember the following rules.

Effective protection of your computer — Use the e-banking services only on trusted computers, tablets and smartphones. Do not use the e-banking services from publically available Internet access points without confirming their authenticity. — Protect your e-mail system against incoming spam. Remember: e-mail messages are one of the most popular ways to disseminate viruses and to wheedle out of you confidential data (such as your Identification number or Access code). Do not open attachments and do not click on links received from unknown senders. — Ensure that a legal operating system is installed on your computer, tablet and smartphone, and improved systematically with the use of updates made available by its vendor. — Install only legal software. Regularly update your software and adhere to the instruction of its vendors. — Do not install any software of unknown origin. — Ensure that your Internet browser’s settings are those recommended by the Bank (see: Recommended browser configuration). — Protect your computer, tablet and smartphone using antivirus software and remember that the software must be regularly updated.

WZ/2012/10/19, v. 2.0

— Use your personal Firewall – this will enable you to protect your data more efficiently against external interventions and will limit access to information stored on your computer, tablet or smartphone.

2/7

Deutsche Bank db easyNET

Log in from “authorized” pages

WZ/2012/10/19, v. 2.0

— Always log in to db easyNET only from our website: http://www.deutschebank.pl/ or manually enter in your browser the following address: https://ebank.db-pbc.pl/, and to the mobile platform (for tablets, smartphones) — the address: https://dbeasynet.deutschebank.pl.

3/7

Deutsche Bank db easyNET

—W  hile logging in, never use links that you have received from unauthorized sources (e.g. in an e-mail message). —E  nsure that the locked padlock icon is displayed in the browser window (in the address bar or at the bottom of the page). Ensure that the address begins with “https” rather than with ”http”.

— Check the validity of the certificate. To do this, click the locked padlock icon. Here is a view of the correct certificate for db easyNET:

Here is a view of the correct certificate for the service supporting mobile platforms (tablets, smartphones):

— Each time you have successfully logged in to the system, check whether the date of the last login is correct or not. Information available in the top right section of the db easyNET system. On the platform used to support mobile devices (tablets, smartphones), the information is available in a drop-down menu, on the left-hand side

— that the padlock is not locked, — a warning symbol is displayed next to it, — the certificate is invalid — or has been issued for another organisation than Deutsche Bank AG, do not log in! Please report on such an event, and all inconsistencies of date and hour of login to the system, to the employees of our Bank (call one of the following numbers: 801 18 18 18, +48 12 625 80 00, +48 500 919 000) or visit your nearest Branch of Deutsche Bank. 4/7

WZ/2012/10/19, v. 2.0

If you observe:

Deutsche Bank db easyNET

Efficient protection of the Identification number and Access code — Do not disclose to third parties information used by you to log in to the system (your Identification number and Access code). — If you have reasons to suspect that somebody knows your password, change it immediately. This may be done directly in the db easyNET system or on the platform used to support mobile devices (tablets, smartphones). — Remember to change your Access code in the db easyNET system (the option: Settings>Access>Change the Access code). — Never send confidential data (such as your Identification number and Access code) by e-mail. — Avoid recording your Access code on paper or in a computer file. If your Access code has to be recorded for some reasons, use encrypted files for this purpose. — Do not store login credentials in the Internet browser. Remove all saved logins and passwords. — Never leave your computer unattended while logged in to the db easyNET e-banking system. — Remember to log out from the system using the ‘Log out’ link in the top left section of the system.

Deliberate authentication of disposition — Before confirming the transaction, carefully verify the correctness of the recipient's bank account. — When accepting a payment made by another User, check whether all transaction details are in line with the expected information.

Security measures implemented in the db easyNET system Identification number and Access code The authentication of the user who logs in to the db easyNET system takes place upon the entry of a unique Identification number and Access code. The Identification number – is a string of 10 characters delivered to you in the Starting Package received by you upon the execution of the E-banking Service Contract. The Access code – is a string of 8 characters known only to you, generated by you during your first connection with Teleserwis (using telephone numbers: 801 18 18 18, +48 12 625 80 00 or +48 500 919 000). Remember! You can improve your security by the application of some simple rules. The Access code should not: — be a component of your Identification number, — contain strings of the same digit, WZ/2012/10/19, v. 2.0

— contain dates directly associated with your personal data (your date of birth, dates important to your relatives, etc).

5/7

Deutsche Bank db easyNET

SMS Passwords If you have chosen secure and convenient SMS Passwords as the Authorization Method of transactions in the e-banking system of Deutsche Bank Polska S.A. – the Authorization will take place upon the entry of an SMS Password in the order/instruction form. The password generated for a specific transaction is sent to the mobile phone whose number you have given for this purpose. Remember! Every time you change your mobile phone number, advise the Bank of the change to continue the use of this convenient Authorization Method. The Bank never asks for installing additional software in mobile phones. Warning! While using the Authorization Method based on SMS Passwords, always remember to check whether the login page is correct or not (cf. General security rules) and do not enter data related to your telephone or to the passwords. The Bank never requests its Customers to give this type of information, and if you enter them, you may become a victim of a hacker’s attack. Never install any software of unknown origin in your mobile phone.

If you use the SMS Authorization Method, please read the following description of a dangerous Trojan horse known as Zeus (Zimto) The attack of this Trojan horse consists of several steps. The Trojan: — captures your login and access password to the e-banking system from the computer level, — captures mobile phone numbers of its victims by installing a malicious form in their browsers, — delivers a link to a ‘certificate’ using an SMS with the request to install it in your telephone (the installation version contains a dangerous Trojan). Once the installation is complete, the thieves are able to assume control over your mobile phone and can initiate transactions in the e-banking system, confirming them with the use of captured SMSes sent by the Bank to your telephone number.

The TAN Card If you have chosen the TAN Codes from your TAN Card as the Authorization Method in the e-banking system of Deutsche Bank Polska S.A., the Authorization will take place upon the entry of the TAN Codes indicated by the system. Remember that your TAN Card should be adequately protected. To ensure this: — Keep the TAN Card in a secure place. — Never disclose it to third parties. — If you suspect that an unauthorised person has taken possession of the TAN card or codes from the TAN card, such card must be blocked immediately.

WZ/2012/10/19, v. 2.0

Remember! The Bank will never request you to enter TAN Codes while logging in to the e-banking system.

6/7

Deutsche Bank db easyNET

Recommended browser configuration New versions of web browsers support 128-bit keys without the need to install additional software. The older versions of web browsers require enhancements to be installed to support 128-bit keys. Therefore, we recommend that you install on your computer the latest available version of a web browser which supports an SSL with a 128-bit key, i.e. MS Internet Explorer or Mozilla Firefox. These are the minimum recommended versions. The recommended web browsers, available for mobile devices (smartphones and tablets), are the program versions not earlier than: - Chrome Mobile 38.x (Android), - WebKit Mobile 4.x (Android Browser dla OS version 4.x), - Safari 6.x (iOS), - IEMobile 10.x (Windows Phone), - Firefox 39.x. If your system configuration does not support the latest versions of the web browsers, we recommend that you install Microsoft Internet Explorer Version 9.0 or Mozilla Firefox Version 23.0.1. This is necessary especially if you have received a message warning that your web browser does not correctly support 128-bit security codes. In such a case, you should download and install an enhancement to the used web browser, made available free of charge by the manufacturer on its website. Remember! Ensure that your web browser accepts cookies before logging in. Cookies are small text files sent from the Bank’s server to your web browser. Information contained in those files is used to identify your computer and plays an important role in the process of completion of banking operations over the Internet. Cookies do not contain any programs and themselves are not computer programs. Consequently, they may not contain viruses or be viruses. Cookies are necessary to correctly complete banking operations entered in the db easyNET system. Therefore, you must enable cookies to use the services offered by db easyNET. The activation method is described below. Warning! Never allow the browser to save your Customer Identification Number and password. Check if the server certificate hasn’t been revoked (unlocked padlock in the link to the page or red link). Do not save encrypted pages to disk, to avoid being redirected to other pages.

Alert situations If you become aware of any of the following events: — a failed/successful attempt to log in to your account in db easyNET by unauthorized persons, — a failed/successful attempt to complete unauthorized transactions at the db easyNET system level, — a suspected acquisition of access data to the db easyNET system by an unauthorized person or persons (phishing), — a suspected acquisition of the authorization data from the TAN Card/SMS Password by an unauthorized person or persons, — a suspected acquisition of the payment card number/the card by an unauthorized person or persons – please immediately contact the Bank (call one of the following numbers: 801 18 18 18, +48 12 625 80 00, +48 500 919 000* or visit your nearest Branch of Deutsche Bank), describe the issue to our employee and then follow the instructions given by the employee.

WZ/2012/10/19, v. 2.0

Additionally, if the matter involves suspected unauthorized use of the funds deposited in your account, immediately change the Access code to the system using the option Settings>Access>Change the Access code, and in the platform for supporting mobile devices (tablets, smartphones) using the option Security>Change password.

* Connection cost according to the tariffs in force at the operator.

7/7