DAKSHIN BIHAR GRAMIN BANK

DBGB mBanking Services

User Guide
Contents
Preface 2
Security Features 3
Safeguards 5
Steps for using Mobile 6
Banking
Security Tips 19
Dear Customer,

We welcome you to the family of DAKSHIN BIHAR GRAMIN Bank’s esteemed

customers. We feel privileged to extend banking through mobile channel using
DBGB mBanking Services.

Our Commitment

At DAKSHIN BIHAR GRAMIN Bank, we believe technology is partner of the

customer, an efficient, honest and reliable friend. We are committed to
leveraging the latest and emerging trends, to serve our customers better. We
shall establish a standard in banking in–out long–standing relationship, as we
believe our success is based on the satisfaction of our customers.

Regards,

Chief Manager-ITD
Security features in Mobile Banking Services

 Separate passwords for login and transaction

 Password is stored in one way encrypted form in the database
 Mandatory change of password on first login
 Password Expiry period –System will force user to change login and
transaction password mandatory after specified period
 User Expiry period – User ID would get disabled if user does not login
for a period of 180 days
 Disabling login-Id after ‘3’ consecutive unsuccessful login attempts

Others

 Profile based access, Audit trails & Logs

 Periodic Audits/ Penetration Testing by External Auditors
 Unique session ids, Session Expiry period
 Encrypted URLs using application key

Remember:

 You have 3 attempts to login. The password is case sensitive i.e p (small)
is different from P (capital). So be careful while punching the
password(s).
 The password length for various passwords to be used for mobile
banking are as follows:
1. login and transaction password : 6 characters
 The password selected by user should contain minimum 6 characters
and maximum 28 characters.
 At the time of first login to the services, you will be asked to change the
password(s). If you have both the login and transaction passwords, you
have to keep both distinct for security reasons. Once passwords are
changed, the new passwords are to be keyed in.
  The expiry periods for Login and Transaction passwords are 999 and 180
days respectively. This period is from date of issue of password by the
bank or change of password by the customer. If the service is not being
used for the said periods, you will require new passwords to resume the
same.

Unable to Log In:

In case your user id is disabled due to wrong/ incorrect password, then

approach your branch (where you want to receive the duplicate password) and
apply for a fresh password. The new password will be sent to branch after
getting the same request from the branch. Submit the acknowledgement for
activating your transaction password after receiving the new password. Login
password will always be enabled.

Know your Mobile Banking Status/ Details:

To know your Mobile Banking status/details contact your branch, where you
have forwarded the application form.

Our help line:

1800 180 7777 (All India Toll Free Number)

Safeguard:

 Do not reveal password(s) over phone, mail etc. to any person including
Bank.
 The passwords can be changed as frequently as you wish (using the
facility available after logging specific flavor). Please change your
password(s) before the passwords get expired or when the system
prompts you to do so.
 Do not click on website links/attachments in unknown/suspicious
emails. These links may take you to replica of banks website and ask for
keying in your user id and password(s).
 Bank will never send any e-mail requesting to provide user-id/password
and other sensitive information.
 In case there is any call, please confirm that the call is from the authorized
person of the bank.

Activation of user id:

 There are two cases where you should approach the branch for activating
your user id.
 When you receive a fresh password from the bank, you have to approach
any branch to get transaction facility activated, as new transaction
password comes in disable mode by default for security reasons.
 Your user id gets disabled if you exceed more than 3 attempts with wrong
passwords. In this case you have to approach your branch to get it
activated.

Disable user id:

If you have lost your user id and password and you want to block the access to
your Mobile Banking account then you may follow the following procedures to
disable your Mobile Banking access.

 Try to login with your user id and wrong passwords for more than 3
times, as you know user id gets disabled if you exceed more than 3
attempts with wrong passwords.
 Approach your branch to get it disabled
Steps for using DBGB mBanking Services

Registration:

A user has to subscribe for DBGB mBanking Services through branches and fill
application form.

The passwords will be delivered at branches and user shall collect them from
the branches where the application form was submitted.

For other functionalities like reset password, change of security questions

answers, change of mobile number, disabling of facility all requests have to be
submitted in the branch only.

Enter user id and login password:

Welcome to login page:

DASHBOARD:
Click My Payee:

Click Add Payee and fill password. The payee will be added.
Transfer of Funds:

Transfer of Funds: Make a Transfer to other bank accounts, Select the

accounts, enter amount
Transfer of funds: Press confirms, enter transaction password and
authorize.

Transfer of Funds: Transaction successful message will be displayed:

Search Transfer Window:

Statement of Completed Transfers:

Customers can change Sign on Password and Transaction Password from
My Profile Menu:

Issuance of duplicate/fresh password:

Approach your branch for issuance of duplicate/fresh password. The password

will be sent to same branch.

Change of Mobile Number:

If you want to change your mobile number for using Mobile Banking, contact
your branch. Submit the request for changing your mobile number.

Security Tips:

Handset/ Mobile Browser Settings:

 Install anti-virus software on your mobile handset to protect against

viruses. If already installed, then ensure its updation on a timely manner.
 Download and run security updates and patches on your mobile browser.
This helps in protection from known possible security problems.
 Install a firewall on your mobile handset or enable the same if your
handset comes with a firewall.
 Remove all the temporary internet files after using mobile banking
services.
 Delete the browsing history of your mobile browser on a regular basis.
Emails/ Data/ Links/SMS from Unknown Sources:

 Do not open attachments or links from unknown sources. This helps in

protection from viruses or other unwanted problems.
 Type in the URL for mobile banking in the mobile browser, instead of
clicking on any link. This will ensure access of the authentic website of
the bank.
 Act with caution while installing any third party software on your mobile
handset to avoid spyware. Do not install pirated software or software
from unknown sources.
 Delete spam messages.
 Be aware of the potential for fraudulent SMS messages. The Bank will
never request or invite customers to logon to its mobile banking service
via a SMS message.

Unauthorized Access:

 Do not share your mobile banking credentials (user ID, passwords) with
anyone.
 Do not share your mobile handset with untrustworthy people, to restrict
unauthorized access.
 Do not leave your mobile phone unattended during an open mobile
banking session.
 Always disconnect from the Internet when you have finished your mobile
banking session.
 Avoid performing transactions or applications in public places. This helps
in minimizing the risk of security threats such as "shoulder surfing" of
mobile banking credentials.
 Ensure all other Internet sessions are closed before you logon to mobile
banking session. Do not open other Internet browser sessions and access
other sites, while accessing your mobile banking application. This can
help to ensure your financial information remains confidential and guard
against unauthorized access via other websites.
 Always remember to log off properly using the "Logoff" button when you
have finished your mobile banking session.
  Do not save your mobile banking credentials user ID, passwords in the
phone’s T9 dictionary. This helps to reduce the risk arising in case your
mobile phone is lost or stolen.
 Keep your mobile handset in an auto lock mode to provide additional
protection.
 Do not logon to the mobile banking application from a mobile handset
that is shared with other people, as it may be difficult to ensure the
handset is free of hacker or spyware.

Monitoring:

 Monitor your account regularly and always keep a record of your

transactions.

Wireless Access:

 While using Wi-Fi access, ensure that adequate security measures have
been implemented on your mobile handset to protect your mobile
handset against virus and attacks from other Wi-Fi users.
 Switch off the blue tooth function of your handset when not in use. This
protects from virus attacks.

Phishing:

Phishing is a form of social engineering attack used by cyber criminals to steal

sensitive information. Customers of leading Banks throughout the world have
been a target of Phishing. Phishing uses Spam mails to deceive consumers to
disclose their credit card numbers, bank account information, passwords, and
other sensitive information. Phishing attacks involve the mass distribution of
spoofed e-mail messages with return addresses, links, and branding that
appear to come from legitimate businesses the potential victims deal with—for
example, banks, insurance agencies, retailers, credit card companies, or
Internet service providers (ISP).

The Phishers tell recipients of the spoofed mails that they need to “update” or
“validate” their billing information to keep their accounts active, and then direct
them to a web site that looks like that of the legitimate business. The
unsuspecting consumers submit their financial authentication information to
what they believe to be their legitimate business contact, but in fact it is going
to the scammers who use it to order goods, services, and obtain credit leading
to identity theft.

How to Avoid Becoming a Phishing Victim:

If you receive an e-mail that warns you, with little or no notice, that an account
of yours will be shut down unless you reconfirm your billing information, do
not reply or click on the link in the e-mail. Instead, contact the Bank using a
telephone number or Web site address that you know to be genuine.

Never download software or files from an unknown source; they might contain
phishing Trojans.

 Don't trust suspicious e-mail headers and avoid filling out forms in e-mail
messages.
 Verify the legitimacy of a web address with the Bank directly before
submitting any personal information.
 Don't click on a link in an e-mail message from a company until you
ensure the legitimacy of the company.
 Protect yourself through education and thorough evaluation. Don't trust
everything you read.
 Verify the legitimacy of the company first before acting. Make a phone call
to your branch if you smell anything fishy.
 Be alert to phishing messages.
 We do not contact our customers via e-mail to request that they update
their files or to verify an account or security setting.
 We would never ask to provide your username, password, credit card
number, full name, bank account number etc by mail.
 If you do go to a link offered in an unsolicited e-mail, check to see if
there are two things at the site:
an https—with an "s" after the http in the address
a lock at the bottom of the screen

If you see both, then proceed with the transactions you intend to do.
  Ensure that the emails would not contain any embedded links or ask the
users to fill information in forms.
 Email from the bank would never ask the users to download software
program from other sites or ask them to go to other sites apart from
known banking sites.
 Always visit the web site by directly typing in the address in the browser
and to look for secure website indications (https connection and lock
icon) when submitting username, password, credit card number or other
sensitive information via the Web browser.
 Users should always be suspicious of any email with urgent requests for
personal information.
 Keep your browser up to date with all the security patches applied.
 Have well configured personal anti-spam and anti-virus software on the
computers.
 Use a simple pop-up blocker to help in stopping automatic execution of
malicious code.
 Use anti-spyware tools occasionally to remove any lurking Spywares
from the computer.

CHECKLIST:

Here are some helpful tips to improve internet security:

Keep your User-id and passwords secret.

Select password which is difficult to guess.

Do not write or disclose your passwords even to officials of DBGB

Destroy the password mailer after changing the passwords

Change passwords periodically.

Use virtual keyboard shown on the screen, to enter passwords.

Avoid accessing DBGB’s Internet Banking from Cyber-cafes or shared networks.

Protect your computer with adequate anti-virus solutions.