iBank2 | internet-banking

Internet-Banking for corporate clients

Frequently asked questions

Abilities and technical requirements

What is Internet-Banking for corporate clients?

Internet-Banking is intended for granting of electronic banking service (remote banking service) to corporate clients and individual entrepreneurs.

Internet-Banking allows you to:

  • Create, sign and send to the bank financial documents.

  • Receive reports (statements and others) from the bank.

  • Monitor status of earlier sent documents.

Internet-Banking is working under any operation system Windows, Mac OS X, Linux. Any modern browser will be enough: Internet Explorer, Firefox, Opera, Safari, Chrome.

Internet-Banking provides guaranteed security level, contains data and electronic signature encryption mechanisms, supports work with hardware cryptographic service providers «iBank 2 Key», «Rutoken EDS», «JaCarta GOST», «MS_Key K», «Trustscreen v 1.0».

Internet-Banking interacts with accounting software (1C and others), supports simultaneous work of employees from different offices.

What technical requirements should match the PC for work with Internet-Banking?

  • Any modern computer with capacity of free operative memory not less than 128 Mb.

  • Any modern operating system — Windows, Mac OS X, Linux, etc.

  • Any modern web-browser with Java support — Microsoft Internet Explorer, Opera, Firefox, Safari, Chrome, etc.

  • Access to the Internet. Recommended speed of connection — 33,6 Kbit/sec and more. In case of access to the Internet by telephone switched line presence of modern modem is necessary.

  • Installed Java-engine (the latest version can be downloaded from developer’s site).

  • For data protection the system has built-in CIPF, which realizes cryptographic algorithms according to GOST 28147-89 (encryption and message authentication code), GOST Š34.10-2001 (ES on elliptic curves) and GOST Š34.11-94 (hash-function).

    For cryptoprotection is used DPPL (Data Protection Program Library) CIPF «Crypto-COM 3.3» library. Inquire library files from representative of your bank. Encryption library is installed by copying its files to the folder, available through environment variable PATH, e.g. C:\Windows or C:\Windows\System32

Can I work in Internet-Banking from different computers?

Yes, you can. For entering Internet-Banking you need computer with access to the Internet, electronic signature key and password for it. All data (documents, statements and settings) is centrally stored on the bank server and becomes available after login Internet-Banking.

Registration with Internet-Banking

How to get started with Internet-Banking?

You are to do the following:

  • Visit one of your bank's branches for signing the contract for service with using the «iBank 2» system. Get hardware cryptographic service providerfor using ES keys.

  • Carry out self-registration on your bank’s site. After registration completion, ES key and ES check key will be generated. Print out, fill in and stamp the ES check key certificate (the number of necessary copies of certificate is regulated by the bank).

  • For final registration appear in person to the bank with your identity paper and two printed, filled and certified with a stamp and signature copies of the ES check key certificate. Employee of the bank verifies the accuracy of the certificate filling and then activates the ES key. After that the client is able to work with Internet-Banking.

Nothing happens when I try to register. Java applet doesn't launch

Below are described the most common causes of inability to run the applet, and the ways of solving them.

The registration page with text «Java-applet Loading...» opens, but then happens nothing

Cause: Perhaps, Java-engine is not installed on your computer.

Solution: Install Java and go to the registration page again. The latest version of Java is available on its developer’s site

Cause: Perhaps, in your browser and/or proxy-server settings is turned on locking of Active Scripting.

Solution: Check your browser/proxy-server settings.

Internet Explorer 11.0: Run the browser, in main menu click Tools-> Internet Options, click tab Security. Select the desired Web content zone and click button Custom level. In the list Settings go to the section Scripting -> Active scripting and tick Enable.

Message «Wait, while Java-applet is downloading...» appears, but then happens nothing

Cause: Perhaps your browser settings prohibit execution of Java-scripts.

Solution: Check your browser settings.

Internet Explorer 11.0: Run the browser, in main menu click Tools-> Internet Options, click tab Security. Select the desired Web content zone and click button Custom level. In the list Settings go to the section Scripting ->Scripting of Java applets and tick Enable.

Java applet doesn't launch

Cause: Using of outdated version of Java.

Solution: Internet-Banking successfully works with Java Runtime Environment Version 7 or higher. It is recommended to turn on auto update and use the latest version of Java. The latest version of Java is available on its developer’s site

Java applet doesn’t connect to bank server

Cause: Connection problems can be caused by different reasons: from presence of local network screens (Firewall) to locking ports by your Internet-provider.

Solution: Contact your bank administrator to specify numbers of TCP-ports, which necessary to open in Firewall IP-filter.

What does the message: «Encryption items are not installed on your computer» mean?

For data protection the system has built-in CIPF, which realizes cryptographic algorithms according to GOST. For using CIPF get necessary encryption libraries from representative of your bank and install them on your computer.

What do the web-browser security warnings mean

Appearing of Certificate Error messages mean, that visited site have some problems with certificates (certificate has expired, certificate of this site was got from unreliable source, etc.). Certificates are used to establish the identity of the parties and establish trust relationship for secure data exchange. When the error warnings appear on the site, which you have successfully visited before, contact the bank employees to report about the problem and clarify your further actions.

ES keys and ES check key certificates

Where to save the ES key at registration?

For secure key storing is recommended to use hardware cryptographic service providers «iBank 2 Key», «Rutoken EDS», «JaCarta GOST», «MS_Key K», «Trustscreen v 1.0» — devices with unextractable ES keys.

What rules should be followed when choosing password for ES key?

  • Password must contain at least 6 different symbols.

  • Password should consist of letters in different registers, numbers and special symbols.

  • Password should not consist only from digits (it makes easy to peep password from behind), be too short or consist from symbols standing in one line on keyboard.

  • Password shouldn’t be a meaningful word (your name, date of birth, mother's maiden name, etc.), which can be easily picked or guessed.

How to print out the ES check key certificate, if I have not succeeded from the first?

Go to Internet-Banking login page and click button New Client again. In the next window select ES keys administrating. Select the desired ES key repository, requested key, and click button Print. Enter the password to access the key: opens the standard document print window.

What to do if ES key is suspected to be compromised?

Possible cases of compromise:

  • Theft of ES keys storage device (hardware cryptographic service provider, USB-drive, etc.).

  • Detection of unauthorized access to the «iBank 2» system.

  • Dismissal of an employee, who had access to the ES keys.

If there is any suspicion of compromise, immediately stop using the ES key, inform the bank and lock the key. Next, you will be offered to create a new ES key.

What to do if one of the keys owners is going on vacations and won't be able to sign documents?

Formalize the ES keys in the name of substitute employee and provide the bank with the necessary documents, confirming employee’s liabilities and their duration. It is recommended to contact the bank for more detailed information.

What does the message «Before expiration date of your ES key n days left» mean and what to do if it appears?

After n days pass, you won’t be able to login and work with Internet-Banking with this ES key. Create new ES key, print out and stamp ES check key certificate and contact the bank for registration and further usage of new ES key.

Hardware cryptographic service providers «iBank 2 Key», «Rutoken EDS», «JaCarta GOST», «MS_Key K», «Trustscreen v 1.0»

What are hardware cryptographic service providers?

Hardware cryptographic service providers are devices with unextractable ES keys. ES key generated inside the device, never leaves it and can’t be copied. At generation ES key under electronic document, the document is input at the device, and output signed with ES.

Memory of «iBank 2 Key» and «Trustscreen v. 1.0» can contain up to 64 client's ES keys. The keys can be owned by responsible employees of different corporate clients, serviced by different banks with different copies of the «iBank 2» system.

«MS_Key K» memory can contain up to 51 ES keys, including deleted. Warning about token's memory overflow is shown at creating the last possible key. In case of exhausting token's memory, contact the bank for token reinitialization. All keys stored on the token will be deleted.

Simultaneous work with some connected hardware cryptographic service providers is supported.

For using hardware cryptographic service providers you might need to install on your computer the driver, compatible with your OS:

 — Driver distribution files for work with «iBank 2 Key», «MS_Key K» are available at  ibank2.ru

 — Driver distribution files for work with «Rutoken EDS» are available at  rutoken.ru

 — Driver distribution files for work with «JaCarta GOST» are available at  aladdin-rd.ru

Contact the bank to get user guides for driver installation and hardware cryptographic service providers using.

Where will hardware cryptographic service providers be displayed after connection?

Hardware cryptographic service provider is not a flash-drive, so it won’t be displayed at the list of PC disks. It is displayed only at «Device manager» as «Smart Card reader»-«USB Token Device».

I can't choose Keystore type «Hardware device» at login to Internet-Banking

IMPORTANT! Firstly you should install the driver, and only then plug hardware cryptographic service provider! If you’ve done it in other order, unplug the hardware cryptographic service provider. At Device manager find «Smart card reader» and delete all its components. Install the driver again. Restart the PC. Only after that you can plug «iBank 2 Key», «Rutoken EDS», «JaCarta GOST», «MS_Key K» or «Trustscreen v 1.0».

I use Windows Vista and can’t install driver for USB-token

For USB-token driver installation are necessary administrator’s rights, i.e. you should run executable files as Administrator.

Security issues

Data protection mechanisms in the «iBank 2» system

«iBank 2» refers to class of secure electronic document flow systems.

For providing authenticity (proof of authorship) and document integrity is used ES mechanism for documents.

For providing privacy is used data encryption mechanism. At Internet interaction is made encryption and integrity control of transmitted data, conducted a cryptographic authentication of the parties. In system are realized Russian cryptographic algorithms according to GOST 28147-89 (encryption and message authentication code), GOST Š34.10-2001 (ES on elliptic curves) and GOST Š34.11-94 (hash-function).

For using cryptoprotection function system has built-in support of following multi-platform cryptolibrary CIPF «Crypto-COM 3.3» of «Signal-COM» company (Code certificates Federal Security Service of Russia ¹ ŃŌ/124-2061 from February 1, 2013, ¹ ŃŌ/124-2062 from February 1, 2013).

The «iBank 2» system keeps control archives that store all electronic documents with ES for solving conflict situations. The system keeps document history — by whom and when the document was created, edited, signed, executed or rejected.

Additional data protection mechanisms for corporate clients

  • Customer SMS-informing about logging in, incoming bank payment documents or flow of funds on customer's accounts.

  • Extended multifactor authentication at login system, using validation code.

  • Mechanism of additional payment order confirmation with validation code (in addition to the ES).

  • «Trusted Beneficiaries» reference book is a list of counteragents, the benefit of which payments are made regularly. Client can specify individual limits for payment order sum for each trusted beneficiary. Payments made under the individual limit in favor of such recipients won't require additional verification.

As source of validation codes in the «iBank 2» system are used SMS-messages, OTP-tokens, MAC-tokens (ActivIdentity Token V2 č ActivIdentity Pocket Token) č AGSES-cards.

Precautions for secure work with Internet-Banking

Precautions for secure work with ES:

  • To protect ES keys against theft by malware it is recommended to use hardware cryptographic service providers «iBank 2 Key», «Rutoken EDS», «JaCarta GOST», «MS_Key K» or «Trustscreen v 1.0».

  • If there are no hardware cryptographic service providers, save file-key repository on a removable media (USB-drive). Never keep it in a place where someone else except you has an access. Removable media with key repository must be carefully protected from unauthorized access.

  • Only you, as the owner, have a right to know ES key access password.

  • Do not allow permanent and uncontrolled hardware cryptographic service providers connection to computer.

  • Do not give hardware cryptographic service providers with ES keys to anybody.

  • Do not work with Internet-Banking from Internet café or places, where you are not sure about PC security.

  • At dismissal of responsible employee, who had access to ES key, it is necessary to notify the bank and to lock the key.

  • If there is any suspicion of ES key or execution environment (presence malware on PC) compromise, it is necessary to notify the bank and to lock the key.

Protection measures for PC, which used for work with Internet-Banking:

  • Follow the regulations of limited physical access to the computer. There must be a list of employees, including responsible employees and technical staff, who have access to PCs intended for work with Internet-Banking.

  • It is recommended to use a separate computer exclusively for work with Internet-Banking. Any other actions (work with other programs, email, visiting web sites) shouldn’t be carried out from this PC.

  • Use only licensed software. Do not download and install software received from unreliable sources.

  • Try to use up-to-date operational systems (OS). In comparison with older, frequently outdated, versions, they are more secure. Timely install OS updates and patches. Turn on autoupdate, it will install the latest patches, thereby eliminating the vulnerability OS.

  • Use the system and application software from trusted sources, which guarantee the absence of malware. It is necessary to ensure the integrity of updates received on media or downloaded from the Internet.

  • Use and timely update special data protection software – antivirus software, personal network firewall, protection against unauthorized access and others.

  • Do not connect to the PC removable media, unchecked for presence of malware.

  • Regularly, at least once a week, scan your computer for viruses.

Precautions for work in the Internet:

  • Do not click pop-up windows with advertisement. It is recommended to turn on locking of pop-up windows in browser settings.

  • Do not visit unchecked and unsecure sites. You can involuntarily download viruses and spy software on your PC.

  • Do not read suspicious emails from unknown senders, they can contain viruses. Carefully read themes of messages, if you are not sure, that email came from reliable source, do not open it. Do not trust friendly tone or urgency of request contained in such messages. Do not follow the links contained in suspicious email. Do not open attached files, especially if the sender insists on urgency of request and asks you to open attached file with extension «exe».

  • Reduce as more as possible using of Internet-messengers (such as ICQ).

  • Pay more attention to strange or unclear browser error messages. In case of any suspicions, scan your computer for viruses or spy software.