Security Advisory
Security Advisory
- In its continued efforts to further enhance security while
logging onto HBZweb, HBZ offers its clients two options for
adding greater security while logging on to HBZweb.
The newest option is called "HBZcram" which is a
revolutionary new challenge - response - authentication -
mechanism (HBZcram). HBZcram is a free program which runs
on any Java enabled mobile / PDA device. Please log on to HBZweb
and go to the My Profile section to learn more and download
HBZcram.
The existing option (currently deployed on HBZweb) is a
secure token. This is a dynamically generated 5 digit challenge
embedded in a graphic background. This is displayed whenever the
HBZweb login screen appears on the user's browser. In addition
to the login ID, password and the optional secure key, the user
has to enter the challenge digits displayed in the specified
field. This new feature will prevent automated processes from
guessing HBZweb passwords.
- In order to further enhance security while logging onto HBZweb, a
new challenge - response - authentication - mechanism has been
introduced. A dynamically generated 5 digit challenge, embedded
in a graphic background, is displayed whenever the HBZweb login
screen appears on the user's browser. In addition to the login
ID, password and the optional secure key, the user has to enter
the challenge digits displayed in the specified field. This new
feature will prevent automated processes from guessing HBZweb
passwords.
- Keep your HBZweb password strictly private. Never share your
password with anyone including Bank employees.
- Make sure that the location bar on the browser at the login-page
shows the address starting with "https://online.habibbank.com/". Please
note the "s" after the "http." If it does not have an "s," DO NOT
enter any password and contact the bank immediately. This must be
checked even if the HBZweb link is bookmarked as certain viruses
can change bookmarks to point to fake sites.
- If you feel that your HBZweb password has been compromised, you
must lock your HBZweb account immediately. Attempt to log-in by
inserting an incorrect password three times. HBZweb access will
be automatically locked after the third unsuccessful attempt.
- Use the HBZweb option links and buttons to browse through the
HBZweb online banking site as using the browser's navigation
buttons (i.e. back, forward and refresh) may log you out of the
session.
- Always "log-out" from your online banking session when finished
and close the browser.
- Never leave your computer unattended after you have logged onto
HBZweb online banking.
- If you access your account from any computer other than your own
(e.g.computer at work) be sure the system is private, not shared.
- Make sure your browser supports 128-bit SSL encryption.
- Keep virus definitions on your computer updated.
- Always make sure that you have applied all the latest security
patches to your browser.
- For further security, opt to use HBZsecure Key.
- For certain options, such as third party fund transfer and
HBZeLocker, the use of HBZsecure Key is mandatory.
|