HypoVereinsbank
Greece offers its customers the ability to check
their account balance and movements, 24 hours a
day via internet.
This service is offered to registered customers
only, to whom the Bank has supplied with a unique
code/password so they can securely access their
accounts. |
| |
|
| Services |
| |
|
 |
View account(s) balance |
|
View/download
account(s) movements during the day and for past
days |
|
View outstanding
transactions (i.e. Time deposits, FX deals, Loans
etc) |
|
SWIFT Payments |
|
Send pre-agreed
formatted data files for domestic payments to
the bank |
|
Send/Receive pre-agreed information
to/from the bank |
| |
|
| |
|
| Entrance |
|
If you are already registered, click here 
to start the e-banking service. |
| |
|
|
If you are not registered and wish to see a demo
presentation, click here
and continue with the Demo button. |
| |
|
| |
|
| Registration |
| |
|
|
If you are
not registered and wish to, please download and
complete the e-Banking
contract |
| |
|
| |
|
| Security |
| |
|
The bank provides ebanking
security that can be divided up into the following
layers: |
|
|
|
Hardware |
| |
There are two
firewalls that filter incoming packets. |
|
Transport |
|
The HTTPS/SSL
protocols are used to encrypt incoming data and
authenticate the bank's server. |
|
Application |
| |
A signing mechanism
is in place so that every form request made to
the web application is checked to see if it came
from the same execution session of the application.
Every form that is returned to the application
via CGI has a checksum for the fixed values of
the form, and every form has a session number
included in the form. This session number is unique
to an individual and their interaction with the
application on one occasion.
The signing mechanism offers two advantages:
|
| |
- A user cannot
take over another user's session by changing the
session number in their HTML as the signature
will not match.
|
| |
-
A user cannot modify any static information
in their HTML when submitting a form as its values
are encoded in the signature and the signatures
will not match. The signature is generated using
the MD2 algorithm and the key is dynamically generated
for every page. |
| |
|
| |
There is a twenty minute timeout on
each session - if a user does not communicate with
the server for twenty minutes, the session is considered
finished. |
| |
|
|
Authentication |
| |
Company Name/Password and
User Name/Password is required.
The communication between the client's browser
and the web server is 128bit SSL encrypted.
Passwords are encrypted within the system using
MD5 hashing.
The user's password must be changed every thirty
days, and must be between 6 and 12 characters
in length.
Especially for SWIFT payments, the SecureID authentication
system is used to enhance the individual indentification.
It uses a hardware token (SecureID token) containing
a pseudo random number generator to generate a
new number every minute. The number is preceded
by a PIN known only to the individual (user) and
the authentication server. |
| |
|
