Security

One of the vital aspects of Siddhartha Bank Smart is to provide the best security possible by modern technology, thus making the application safe, secure and reliable. Siddhartha Bank Smart consists of the following security features that make it a safe and a secure way to bank through your mobile.

• Two Factor Authentication (GPRS Channel)

Bank Smart registers the device ID when you log into the system for the first time for securing connections while using the GPRS channel. The system then checks the device ID as well as the username and password for you on every login attempt. This allows you to log into the system using your device as a part of account security. Only requests originating from your registered device with the correct username and password are processed. If you change the mobile set or upgrade the version you need to contact nearest Siddhartha Bank service network to reset your device ID so as to start using the app again.

• Two Factor Authentication (SMS Channel)

The first level of security is your own mobile number itself. You need to register your mobile number with us in our systems to access your accounts through your mobile phones using the SMS channel. In addition, all requests are identified by a MPIN number. Only requests originating from your registered mobile numbers with the correct MPIN are entertained and processed by the system.

• Password Policies

Bank Smart uses different password policies as follows to enhance and ensure that security standards are met from your end as well.

• Forced Password Change

Upon first login and upon password age expiry; the password expires every 90 days.

• Password Format

A combination of alphabets, numbers and symbols

• Password History

Bank Smart also restricts you to use the same password until a certain number of different passwords are used.

• Encryption & Masking

All SMS originating from your mobile are encrypted while in public network and are only decrypted by the Bank Smart server before the execution of the request. Besides this, critical data like MPIN which may be compromised through human tampering are stored in an encrypted format using Standard Encryption Mechanism. Sensitive information like your Account Number and Card Numbers are masked in the SMS text received by the customer with only a few characters visible.

• Service Block

Bank Smart system automatically and immediately blocks the service for:

• Maximum number of incorrect login attempts (username/password); and
• Maximum number of incorrect MPIN attempts