Banif has taken every care in selecting the security systems and technologies used in the Banif@st service, opting in all cases for the most secure and sophisticated devices on the market.

Security systems cover three areas:

Communications

All data exchanged in the Banif@st environment is processed in secure session (SSL – Secure Socket Layer) and encrypted 128 bits technology, Verisign certified), protecting them against any attempted access by third parties. This technology does not require the customer to possess any additional software.

Encryption
Process whereby the information sent by the customer or Banif@st is transformed, so that it cannot be read or deciphered by anyone, except the intended recipient. The data is encrypted through the private keys/public keys method.

SSL (Secure SocKet Layer)
Standard protocol ensuring security and privacy in internet communications. The protocol supports client and server authentication. The SSL negotiates the opening of a secure session and the exchange of public keys before the exchange of data between the parties involved.

Access and use

Approved browsers
Access to Banif@st is limited to browsers which meet the minimum security standards and support data encryption at 128 bits. Banif@st must therefore be accessed through Microsoft Internet Explorer 4.0 or higher or Netscape 4.0 or higher.

Contract number and individual secret code
In order to authenticate access to Banif@st you will need to enter a contract number and the 4 random digits of the 1st level password, which identifies the client. The contract number and the password are encrypted when sent over the internet. The access keys are assigned on registration.

SMS
As a  user of the SMS channel you will only be permitted SMS access from a single mobile telephone number, which you are required to indicate.

All banking operations, except for consulting balances and statements, must be validated by entering 4 random digits of the Banif@st secret code, which should be known to you alone.

You should avoid your mobile phone being accessible to third parties when the SMS channel is active. Although they will not be able to effect any transactions (all operations require you to enter 4 digits of the secret code), they may be able to obtain information on your account.

You should delete messages with confidential information from your mobile phone, as these may be viewed by others.

If your mobile phone is stolen, you should immediately disable the service by accessing Banif@st by Internet or by calling Banifone 808 200 200 (+351 217 211 500  from abroad).

Automatic suspension of access
If the customer enters the Banif@st access codes incorrectly on consecutive occasions, access will be suspended.

Automatic cancellation of access
If the customer fails to logout of Banif@st after using the service, Banif has developed an automatic cancellation device, which takes effect after a given period of time.

Note also that customers must also accept an important part of the responsibility for the security of the service, keeping their access codes and contract numbers secret and logging out of Banif@st (through the "Logout" option) whenever they end a session, or need to move away from the computer where they have opened the Banif@st session.

System Infrastructure

Physical security of equipment
All the IT equipment involved is housed in safe premises with adequate entry controls, with a round-the-clock security presence. The equipment is also protected against power cuts.

Firewall
Security firewall, with the prime function of restricting access to customers using the protocol defined by Banif@st (HTTPS protocol), in other words, who use the language accepted by the Banif@st system.

Monitoring
Specialist staff responsible for permanent monitoring use of the Banif@st system, analysing access and operations.