Being aware of the risks consequent to information identity theft, Banca Transilvania firmly commits to assure data and transactional confidentiality for its clients. Due to the risk growth regarding illegal attacks initiated not only online but also through other means and methods ever more sophisticated, concomitant with the bank’s efforts for the security of information, the clients must be aware of the potential threats, being able to identify a malicious action and adopt the corresponding protection measures.
In order to maintain the confidentiality of personal data and the security of your online activities, please DO NOT share information regarding your personal identity, accounts, card number, expiration date, PIN code or other products and banking services. Banca Transilvania guarantees that it will not request such information from you.
Please see below the description of one of the most popular information attack methods, phishing, as well as the presentation of some general measures that can guard you against such attacks.
Phishing is an identity theft method whereby the clients of an organisation are determined to disclose personal or confidential data which can afterwards be used illegally for performing transactions from the client’s account. In order to obtain client confidential data, phishing attacks make use of electronic communication channels (email, telephone) or a malicious programme like a Trojan horse, which exploits the system vulnerabilities for the purpose of data theft.
In case of emails, an electronic message is sent to the clients pretending to be sent on behalf of a legitimate source (in our case, the bank), clients being required to introduce confidential data by accessing a link to a site indicated in the message body. This link directs clients to a false site which reproduces very well the original page of the bank or of the e-Banking product used. By introducing and validating confidential personal data, hackers get access to these and can use them for performing operations on behalf of the stolen identity.
A phishing attack may also be performed via telephone: a person who pretends to call on behalf of the bank, due to technical problems (i.e. in the payment system), asks for confidential information like PIN code, account number or password.
Banca Transilvania will never send out emails which contain links to websites where you are required to introduce data referring to personal identity, accounts, card number, expiration date, PIN code or other products and banking services you have acquired.
Banca Transilvania will never ask its clients to confirm confidential information by the means of an electronic channel (i.e. card number, expiration date, PIN code, password, etc.). Please do not ever respond to such requests.
When using the bank’s online products or banking services, please verify the authenticity of the website pages where you introduce personal or financial data by checking the validity of digital certificates and of their Internet address.
Banca Transilvania commits to assure the highest security standard of its own systems, but you, the final user, also play an important role in assuring information security on the Internet. Therefore, please make sure that:
- You regularly use updated anti-virus, anti-spyware software.
- You employ the security options of your PC. Make sure your browser uses the best encryption method available and be aware of the encryption levels of the sites and applications you use.
- Your system and your browser are updated with the latest security patches which will ensure increased protection.
- You do your best to prevent unauthorized access to your PC.
- You change your access passwords as often as possible and pay attention to choosing complex passwords which are hard to guess.
- You do not open suspect emails and do not try to access links or buttons in these links because this way malicious software (Trojan horses, viruses, spying codes, etc) can be installed on you computer which might then lead to data alteration or theft.
For Internet Banking users:
In order to make sure you have accessed the product webpage of the authentic site, please check the following:
- the authenticity of the bank’s site by clicking the VeriSign icon and making sure that in the window that opens you find information regarding the securing of the site and the validity of the certificate.
If the link does not open or if it doesn’t show the above mentioned information regarding the certificate, please quit your activity and contact the bank immediately.
- If you find yourself on the page asking you to introduce personal identification data and you use Internet Explorer, version 7, check the server identity by double-clicking the yellow lock shaped pictogram in the right corner of the page, which will show the existence and validity of the security certificate.
If the pictogram proves to be a static one and no option is available if double-clicking on it, please do not access that link and contact the bank immediately.
For any such detected problem, you may contact the bank and report the problem by calling the phone number : 0-800-842-824 or via email at email@example.com
According to the provisions of the Law no. 677/2001, we hereby inform you that:
Due to a series of regulatory acts adopted by the USA following the 9/11 events, for the purpose of fighting against terrorism financing, the US Department of the Treasury has gained access to certain personal data of financial institutions’ clients (natural persons), in the context of international fund transfers through the SWIFT system (Society for Worldwide Interbank Financial Telecommunication).
The services related to the SWIFT system entail the transfer of personal data from the territory of an EU member state (Romania) to the SWIFT operational centres in the USA or Belgium.
USA does not ensure the same protection level as the EU member states, but it offers the necessary guarantees (Safe Harbor).
The USA SWIFT operational centre (main centre - holding a centralized database) acts according to the American legislation and US authorities have the right to ask for access to the personal data stored in the SWIFT operational centre, but only for a specific and limited purpose, namely for the prevention of money laundering and fighting against financial support of terrorist actions."
In this respect we inform you that the data included in the SWIFT messages relating to the payments made in foreign currency are: name (of the natural or legal person), full address and payer’s and beneficiary’s account numbers. According to the Romanian legislation, banks have the obligation to keep messages regarding payments in foreign currency 3 years from the date of payment.
At Banca Transilvania, the person in charge with customer relationship in this area is Cornelia Jiloan - Organisation Methodology Compliance Department; contact details: email: firstname.lastname@example.org; phone 0264-407150.”