PNB Mobile Banking Services

 

User Guide

 

Contents

 

 

Preface                                                                                      2

Security Features                                                                        3

Safeguards                                                                                4

Steps for using Mobile Banking                                                     5

Security Tips                                                                             42

 

 

 

Dear Customer,

We welcome you to the family of Punjab National Bank’s esteemed customers. We feel privileged to extend banking through mobile channel using PNB Mobile Banking Services.

 

Our Commitment

At Punjab National Bank, we believe technology is partner of people, an efficient, honest and reliable friend. We are committed to leveraging the latest and emerging trends, to serve our customers better. We shall establish a standard in banking in out long – standing relationship, as we believe our success is based on the satisfaction of our customers.

 

Regards,

 

Chief Manager- TBD

 

 

 

 

 

 

 

 

 

 

 

 

 

Security features in Mobile Banking Services

·        Separate passwords for login and transaction

·        Password is stored in one way encrypted form in the database

·        Mandatory change of password on first login

·        Password Expiry period –System will force user to change login and transaction password mandatory after specified period

·        User Expiry period – User ID would get disabled if user does not login for a period of 180 days

·        Disabling login-Id after ‘5’ consecutive unsuccessful login attempts

Others

·        Profile based access, Audit trails & Logs

·        Periodic Audits/ Penetration Testing by External Auditors 

·        Unique session ids, Session Expiry period

·        Encrypted URLs using application key

·        Second Factor of authentication introduced for third party transfers (mPIN) as per RBI guidelines.

Remember:

 

·        You have 5 attempts to login. The password is case sensitive i.e p (small) is different from P (capital). So be careful while putting the password(s).

·        The password length for various passwords to be used for mobile banking are as follows:

o       login and transaction password : 6 characters

o       SMS password: 4 digits (numeric)

o       M PIN : 4 digits (numeric)

·        The password selected by user should contain minimum 6 characters and    maximum 28 characters.

·        At the time of first login to the services, you will be asked to change the password(s). If you have both the login and transaction passwords, you have to keep both distinct for security reasons. Once passwords are changed, the new passwords are to be keyed in.

·        The expiry periods for Login and Transaction passwords are 999 and 180 respectively. This period is from date of issue of password by the bank or change of password by the customer. If the service is not being used for the said periods, you will require new passwords to resume the same.

 

 

 

Unable to Log In:

In case your user id is disabled due to wrong/ incorrect password, then approach your branch (where you want to receive the duplicate password) and apply for a fresh password. The new password will be sent to branch after getting the same request from the branch. Submit the acknowledgement for activating your transaction password after receiving the new password. Login password will always be enabled.

Know your Mobile Banking Status/ Details:

To know your Mobile Banking status/details contact your branch, where you have forwarded the application form.

Or 24 hours help line:

          1800 180 2222 (All India Toll Free Number)

          0124-2340000 (Accessible from mobile)

Safeguard:

·        Do not reveal password(s over phone, mail etc to any person including Bank.

·        The passwords can be changed as frequently as you wish (using the facility available after logging specific flavor). Please change your password(s) before the passwords get expired or when the system prompts you to do so.

·        Do not click on website links/attachments in unknown/suspicious emails. These links may take you to replica of banks website and ask for keying in your user id and password(s).

·        Bank will never send any e-mail requesting to provide user-id/password and other sensitive information.

·        In case of doubt, reconfirm the PNBs website by double clicking the ‘padlock’ symbol/icon at the bottom right of the web page to ensure the site is running in secure mode before you input any confidential/sensitive information.

·        Clicking on the ‘padlock’ symbol/icon and server certification symbol will display details of the server certification in the favor of Punjab National Bank.

·        To ensure a safe and genuine login, always enter bank’s website through https://mobile.netpnb.com

·        In case there is any call, please confirm that the call is from the authorized person of the bank.

 

 

 

Activation of user id:

There are two cases where you should approach the branch for activating your user id.

·        When you receive a fresh password from the bank, you have to approach any branch to get transaction facility activated, as new transaction password comes in disable mode by default for security reasons.

·        Your user id gets disabled if you exceed more than 5 attempts with wrong passwords. In this case you have to approach your branch to get it activated.

Disable user id:

If you have lost your user id and password and you want to block the access to your Mobile Banking account then you may follow the following procedures to disable your Mobile Banking access.

·        Try to login with your user id and wrong passwords for more than 5 times, as you know user id gets disabled if you exceed more than 5 attempts with wrong passwords.

·        Approach your branch to get it disabled

Steps for using Mobile Banking Services

Registration

A user has to subscribe for Mobile Banking Services through branches and fill application form no. PNB 1167.

The passwords will be delivered at branches and user shall collect them from the branches where the application form was submitted.

For other functionalities like reset password, change of security questions answers, change of mobile number, disabling of facility all requests have to be submitted in the branch only.

Mobile Banking is available through different types of flavors:

·        Manual SMS

·        Thin client GPRS

·        Thick client SMS

·        Thick client GPRS

 

 

 

Manual SMS (SMS Banking)

All users having any basic handset can avail this facility.

Functionalities available through Manual SMS

The user enters SMS message on any facility to be availed by him and send the same to fixed number- 5607040.

Various SMS messages which can be sent

1.     Balance Inquiry

KEYWORD and ACCOUNT NUMBER

 e.g. BAL 015300XXXXXXXXXX

    2.   Mini Statement Inquiry

KEYWORD and ACCOUNT NUMBER

 e.g. MINSTMT 015300XXXXXXXXXX

3.     Account Statement Request

 

KEYWORD MONTH, ACCOUNT NUMBER

 E.g. STMT JAN 015300XXXXXXXXXX

4.     Self Transfer of funds

 

KEYWORD, FROM ACCOUNT NUMBER, TO ACCOUNT NUMBER, AMOUNT

 E.g. SLFTRF 015300YYYYYYYYYY 015300XXXXXXXXXX 100

5.     Stop cheque

 

KEYWORD, CHEQUE NUMBER, ACCOUNT NUMBER

 E.g. STPCHQ 981 015300XXXXXXXXXX

6.     Cheque Status Inquiry

 

KEYWORD, CHEQUE NUMBER, ACCOUNT NUMBER

 E.g. CHQINQ 981 015300XXXXXXXXXX

7.     Cheque book request

 

KEYWORD, ACCOUNT NUMBER, MBANKING USERID, NUMBER OF LEAVES FOR CHEQUE BOOK

 E.g. CHKBK 015300XXXXXXXXXX SAREEN 20

8.     Mail to Relationship Manager

 

KEYWORD, MESSAGE

 E.g. MSG Unlockmyd

Requirements for Thin Client GPRS and Thick Client GPRS

·        The handset should be GPRS enabled.

·        The GRPS connectivity has to be enabled from the service providers whose connection is being used by the customer.

·        For enabling GPRS customer need to contact the service provider on their customer care number and get the GPRS enabled.

·        To check whether GPRS has been enabled, try opening any website through the mobile browser. E.g.(www.google.com)

 

Using Thin Client GPRS

·        After activation of the passwords the user accesses the mobile banking website https://mobile.netpnb.com

·        User has to choose Registration option(at the time of first login)

·        All the flavors are displayed and user selects the desired flavors to subscribe.

·        Registration is complete and user logs out.

·        User opens the website https://mobile.netpnb.com

·        In case of thin client services, the concerned link is clicked and he/she enters his/her details of user id and login password. User id will be informed by the branch concerned where application form was submitted by user.

·        The user has to accept the terms and conditions and forced to change his/her login password (first time login). If user has availed for Transaction facility then user will be forced to change his transaction password (first time login).

·        Then the user can start using thin client GRPS for accessing Mobile Banking.

Enters user id and login password

 

 

Selects the mobile banking flavors. The customer can choose all the flavors based on his requirements by check marking the box.

Logs out to complete registration

 

On first login user is asked to change sign on password. Remember & character is not allowed in passwords. The new password has to be alphanumeric with one special character like @, # etc. Minimum length of the password is six characters.

 

Functionalities available:

·        Account Details

·        Account Statement

·        Offline Request (FD Opening, NEFT, RTGS)

·        Activity Inquiry

·        View Balance- online

·        Online Mini Statement (last 10 transactions)

·        Self transfer of funds

·        Online stop payment of cheque

·        Cheque Status inquiry

·        Mail to Relationship Manager

·        Changing Login and Transaction Password

 

 

 

 

 

Select type of Account :

 

 

 

Account Balance Details

 

 

Account Statement: Can be taken for date wise, amount wise etc.

Transfer of funds: Select the accounts, enter amount and press transfer

 

Using Thick Client GPRS

·        After completing the registration, user opens https://mobile.netpnb.com again through his mobile handset.

·        Logs in and chooses the downloading client option

·        Two links will be shown, Thick client GPRS and Thick client SMS.

·        Based on the handset user selects Thick Client GPRS

·        The client is downloaded on the handset

·        Now invoke the downloaded client.

·        Enter the user credentials.

·        mPIN has to be entered by the user himself and these details are entered by the user on every login

·        The user can start using thick client GPRS.

 

Functionalities available in Thick GPRS Client

·        Third Party Transfer of funds ( within PNB branches)

·        View Balance

·        Account Details

·        Nominee Details

·        Account Statement

·        Online Mini Statement

·        Self transfer of funds

·        Online stop payment of cheque

·        Cheque Status inquiry

·        Mail to Relationship Manager

·        Changing Login and Transaction Password

·        Offline Request (FD Opening, NEFT, RTGS)

This is the first login screen. User enters his user id, SMS password and m Pin and press Login. User id will be informed by the concerned branch where application form was submitted.

 

 

 

 

 

 

 

 

 

 

 

 

 

Press Yes

 

 

 

 

 

 

 

 

 

Connection with Banks mobile banking server will be established

 

 

 

 

 

 

 

 

 

 

 

 

 

Options Available

 

 

 

 

 

 

 

 

 

Account Balance Inquiry: Select the required account and press Go.

 

 

 

 

 

 

Account Balance Screen: Closing , Available and Effective Available Balances will be displayed.

 

 

 

 

 

 

 

 

 

 

Account Details Inquiry

 

 

 

 

 

 

 

 

 

 

 

 

Account Details Status: Account open date and account status is displayed.

 

 

 

 

 

 

 

 

View last 10 transactions

 

 

 

 

 

 

 

 

 

 

Transfer to own Accounts: Select required accounts, enter amount and transaction password and press Go.

 


 

 

Transfer to other accounts : Enter From and To accounts, Brach Id, Amount and transaction password and press Options. User can check account name if required and then press Go.

 

 


Mail to Relationship Manager: Any message can be sent to relationship manager of the branch by the user.

 

 

 

 

 

 

 

 

 

Cheque Status Inquiry: Enter the account number and cheque number and press Go.

 

 

 

 

 

 

 

 

 

Cheque Status: Status of the cheque will be displayed

 

 

 

 

 

 

 

 

Request Cheque Book: Enter account number, number of leaves, addresse name and transaction password and press Go.

 

 

 

 

 

 

 

 

FD Account Opening Request: It is an offline request which is forwarded to branch’s Relationship Manager.

 

 

 

 

 

 

 

 

 

Required details like amount, time period, account number, PAN , auto renewal option , transaction password and press Go.

 

 

 

 

 

 

 

 

Transaction password is entered

 

 

 

 

 

 

 

 

 

Reference number is generated and users request gets submitted.

 

 

 

 

 

 

 

 

 

 

NEFT Offline Request: It is an offline request which is forwarded to branch’s Relationship Manager.

 

 

 

 

 

 

Required details like, account number, IFSC code, beneficiary account name and number, beneficiary bank and branch name, amount and transaction password are entered

 

 

 

 

 

 

 

Transaction password is entered and then press Go.

 

 

 

 

 

 

 

Reference number id is generated and users request is submitted.

 

 

 

 

 

 

 

RTGS Offline Request: It is an offline request which is forwarded to branch’s Relationship Manager.

 

 

 

 

 

 

 

Required details like account number, IFSC code, beneficiary account name and number, beneficiary bank and branch name, amount and transaction password are entered

 

 

 

 

 

 

 

Transaction password is entered and then press Go.

 

 

 

 

 

 

 

 

Reference number is generated and users request is submitted.

 

Synchronise data:

This option is used to synchronise account related information between clients application stored on handset and Banks mobile banking server.

Thick SMS Client

Thick SMS will have all the functionalities extended through thick GPRS client except, Nominee details and offline requests (FD opening, NEFT request and RTGS request). The screen shots will be similar to thick GPRS client.


 

 

Issuance of duplicate/fresh password

Approach your branch for issuance of duplicate/fresh password. The password will be sent to same branch.

Adding more accounts to existing user id:

If you want to attach more accounts to your existing user id, then contact your branch. Submit the request for adding new accounts to the Relationship Manager (RM) at branch. Only accounts with same capacity can be added to existing user id.

Change of Mobile Number

If you want to change your mobile number for using Mobile Banking, contact your branch. Submit the request for changing your mobile number.

Changing your Security Questions

If you want to change your security questions ie, Date of Birth, Mother’s Maiden Name, Pin Code contact your branch. Submit the request for changing security questions.

Security Tips

Handset/ Mobile Browser Settings

·     Install anti-virus software on your mobile handset to protect against viruses. If already installed, then ensure its updation on a timely manner.

·     Download and run security updates and patches on your mobile browser. This helps in protection from known possible security problems.

·     Install a firewall on your mobile handset or enable the same if your handset comes with a firewall.

·     Remove all the temporary internet files after using mobile banking services.

·     Delete the browsing history of your mobile browser on a regular basis.

Emails/ Data/ Links/SMS from Unknown Sources

·     Do not open attachments or links from unknown sources. This helps in protection from viruses or other unwanted problems.

·     Type in the URL for mobile banking in the mobile browser, instead of clicking on any link. This will ensure access of the authentic website of the bank.

·     Act with caution while installing any third party software on your mobile handset to avoid spyware. Do not install pirated software or software from unknown sources.

·     Delete spam messages.

·     Be aware of the potential for fraudulent SMS messages. The Bank will never request or invite customers to logon to its mobile banking service via a SMS message.

·     Check that the security padlock on your internet browser is “locked” to ensure the connection is secure and protected by SSL. You should also check that the URL starts from ‘https’ and not ‘http’.

SSL MBS.bmp

‘https’ : SSL enabled

 

Pad lock symbol

 

Unauthorized Access

·     Do not share your mobile banking credentials (user ID, passwords) with anyone.

·     Do not share your mobile handset with untrustworthy people, to restrict unauthorized access.

·     Do not leave your mobile phone unattended during an open mobile banking session.

·     Always disconnect from the Internet when you have finished your mobile banking session.

·     Avoid performing transactions or applications in public places. This helps in minimizing the risk of security threats such as "shoulder surfing" of mobile banking credentials.

·     Ensure all other Internet sessions are closed before you logon to mobile banking session. Do not open other Internet browser sessions and access other sites, while accessing your mobile banking application. This can help to ensure your financial information remains confidential and guard against unauthorized access via other websites.

·     Always remember to log off properly using the "Logoff" button when you have finished your mobile banking session.

·     Do not save your mobile banking credentials user IS, passwords in the phone’s T9 dictionary. This helps to reduce the risk arising in case your mobile phone is lost or stolen.

·     Keep your mobile handset in an auto lock mode to provide additional protection.

·     Do not logon to the mobile banking application from a mobile handset that is shared with other people, as it may be difficult to ensure the handset is free of hacker or spyware.

Monitoring

·     Monitor your account regularly and always keep a record of your transactions.

Wireless Access

·     While using Wi-Fi access, ensure that adequate security measures have been implemented on your mobile handset to protect your mobile handset against virus and attacks from other Wi-Fi users.

·     Switch off the blue tooth function of your handset when not in use. This protects from virus attacks.

Other Security Features in-built in PNB Mobile Banking Services

·     128 bit encryption:

§         Security padlock on the mobile browser proves that it is secure and protected by SSL.

§         Mobile Banking URL starts from ‘https’ and not http.

Copy of SSL MBS.bmp

 

·     Webserver certification by Verisign:

 

verisign certified.bmp

 

·      Dual authentication: A user is provided with separate passwords for both login and transaction in case of thick and thin client application.

·      Session Time out: If you leave your mobile handset idle for a certain period of time during a mobile banking session, the session will automatically be terminated to help prevent unauthorized access.

Phishing

Phishing is a form of social engineering attack used by cyber criminals to steal sensitive information. Customers of leading Banks throughout the world have been a target of Phishing. Phishing uses Spam mails to deceive consumers to disclose their credit card numbers, bank account information, passwords, and other sensitive information. Phishing attacks involve the mass distribution of spoofed e-mail messages with return addresses, links, and branding that appear to come from legitimate businesses the potential victims deal with—for example, banks, insurance agencies, retailers, credit card companies, or Internet service providers (ISP).

The Phishers tell recipients of the spoofed mails that they need to “update” or “validate” their billing information to keep their accounts active, and then direct them to a web site that looks like that of the legitimate business. The unsuspecting consumers submit their financial authentication information to what they believe to be their legitimate business contact, but in fact it is going to the scammers who use it to order goods, services, and obtain credit leading to identity theft.

How to Avoid Becoming a Phishing Victim

If you receive an e-mail that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the e-mail. Instead, contact the Bank using a telephone number or Web site address that you know to be genuine.

Never download software or files from an unknown source; they might contain phishing Trojans.

·  Don't trust suspicious e-mail headers and avoid filling out forms in e-mail messages.

·  Verify the legitimacy of a web address with the Bank directly before submitting any personal information.

·  Don't click on a link in an e-mail message from a company until you ensure the legitimacy of the company.

·  Protect yourself through education and thorough evaluation. Don't trust everything you read.

·  Verify the legitimacy of the company first before acting. Make a phone call to your branch if you smell any thing fishy

·  Be alert to phishing messages.

·  We do not contact our customers via e-mail to request that they update their files or to verify an account or security setting.

·  We would never ask to provide your username, password, credit card number, full name, bank account number etc by mail.

·  If you do go to a link offered in an unsolicited e-mail, check to see if there are two things at the site:
         an https—with an "s" after the http in the address
         a lock at the bottom of the screen

If you see both, then proceed with the transactions you intend to do.

·        Ensure that the emails would not contain any embedded links or ask the users to fill information in forms.

·        Email from the bank would never ask the users to download software program from other sites or ask them to go to other sites apart from known banking sites.

·        Always visit the web site by directly typing in the address in the browser and to look for secure website indications (https connection and lock icon) when submitting username, password, credit card number or other sensitive information via the Web browser.

·        Users should always be suspicious of any email with urgent requests for personal information.

·        Keep your browser up to date with all the security patches applied.

·        Have well configured personal anti-spam and anti-virus software on the computers.

·        Use a simple pop-up blocker to help in stopping automatic execution of malicious code.

·        Use anti-spyware tools occasionally to remove any lurking Spywares from the computer.

CHECKLIST

Here are some helpful tips to improve internet security:

 

To know your Mobile Banking details,

 

Contact your branch or 24 hours Help Line:

 

·        1800 180 2222 (All India Toll Free Number)

·        0124 234000 (Accessible from Mobile also)*