Internet Banking System Security:
Access to customer's NetBanking account is granted using a Customer ID and IPIN (internet banking password) that is privy to the customer. Without a valid IPIN corresponding to the customer ID, access to customer account cannot be gained by anyone.
- IPIN is randomly generated by the system and directly printed on tamper proof media that it is not accessible by anyone other than the customer.
- Customer is forced to change his IPIN such upon first login such that customer is assured that IPIN is not compromised before delivery.
- IPIN is stored by the Bank by use of encryption technology such that it is not accessible to anyone including the system administrator.
- IPIN can be generated online using the Debit Card details plus One Time Password (OTP) authentication on the registered mobile number.
Access to the customers are provided through a secure webpage that encrypts the session between the customer's computer and the webpage using 128-bit encryption so that the communication between the customer's computers and the webpage cannot be intercepted by anyone over the internet.
HDFC Bank systems time out the customer's login sessions to his NetBanking account upon prolonged inactivity for protection against misuse.
The webpage of the HDFC Bank's internet banking server is identified by means of a digital certificate provided by Verisign to ensure its customer that they are on the correct site and protect themselves from revealing their confidential account information on some fake website.
Taking internet security to a new level and to prevent frauds, HDFC Bank has enhanced its NetBanking security by obtaining the Extended Validation Secure Sockets Layer Certificate (hereby referred to as “the EVSSL certificate” or “the certificate”).
The EV SSL Certificate provides clear visual indicators in the form of green address bar so that customers can easily identify a genuine website. This implies that it belongs to the organization it claims to be from. In this case it is HDFC Bank. As soon as the bar (URL address bar) turns green, customers can be assured it is the genuine website. Alternatively, if the bar turns red, it means that the web page they are accessing might be unsafe and customers are advised to stop accessing the web page immediately. For further verification you can also click on the green address bar to check for the details of the organization (Simultaneously you can also be on a lookout for padlock* in the bar and the Norton Secured Seal**).
Some of the other benefits of having the EVSSL certificate also includes that the online shoppers can recognize the green address bar as an easy and reliable way to verify the site identity and security.
The customers should be informed that the certificate works on all the major browsers like Internet Explorer 7, Mozilla Firefox 3, Opera 9.5, Google Chrome and Safari 3.2 and the higher versions of these. In case customers are using an older browser, they will not get a green color notification in the address bar, even though the website is EV SSL authenticated. It is highly recommended that they upgrade their browser to a version that is compatible with EV SSL certificates.
The next time you log in to the NetBanking page, watch out for the green address bar as below:
Customer can use the feature of Virtual Keyboard while logging into his NetBanking account. This protects the users IPIN from being compromised by keylogger software installed on untrusted/shared computers e.g cyber cafes.
The Bank has InstaAlert service to send SMS/ Email alert to the customer upon registration for defined transaction denominations and while adding beneficiary/ies for carrying out Third Party Transfer transactions.
All banking systems are secured using state-of-the-art security solutions acknowledged world wide viz, firewalls, intrusion detection systems, intrusion prevention systems, anti-malware systems to extend secure banking services to our customers.
The Bank has robust processes, skilled people and competent service providers who monitor the security of our systems round the clock.