SECURITY MEASURES FOR EXECUTING PAYMENT TRANSACTIONS

ССВ ONLINE

  • Identification of the users in the system is done with a user name, a password and a Qualified Certificate for a Qualified Electronic Signature;
  • If you enter a wrong user name and / or password, you need to feel in the four numbered key which is generated from our website;
  • Account locked for one astronomical hour in case of five consecutive login attempts with wrong password and/or certificate with wrong data (ID number, UIC);
  • Additional protection with SMS authorisation upon the performance of a transfer to a new counterparty;
  • Session duration – 5 (five) minutes;
  • Use of the service is not allowed when using an internet connection with a dynamic IP address.

ССВ ONLINE LITE

  • Identification of the users in the system is done with a user name and a password;
  • Additional protection with SMS authorisation during transfers;
  • Account locked for one astronomical hour after entering a wrong password for five consecutive login attempts;
  • Session duration – 5 (five) minutes;
  • Use of the service is not allowed when using an internet connection with a dynamic IP address;
  • Maximum daily limit for transfers and purchase or sale of currency between own accounts up to the amount of the BGN equivalent of EUR 15 000 (fifteen thousand) (BGN 29 333.45 according to the exchange rate of BNB);
  • Maximum limit for transfers to pre-set counterparties and payments of utility bills – BGN 6 000 (six thousand) per 24 hours;
  • Maximum limit for transfers to random recipients – BGN 1 000 (one thousand) per 24 hours.

 ССВ MOBILE

  • Encryption is provided of the information submitted from the mobile phone application to the Bank's servers by using an https (ssl) protocol;
  • The identification of the user is made by a combination of the registered mobile device, associated with a user name, a password and personal user PIN code;
  • The application is blocked temporarily for one astronomical hour when entering three consecutive wrong PIN codes;
  • The application is deactivated after entering six consecutive wrong PIN codes;
  • Transaction-level authorisation is made for each transaction using built-in cryptographic methods that provide the highest level of security from both external and internal threats;
  • The system infrastructure uses hardware security mechanisms (HSM), which guarantee the security of the performed encryption calculations;
  • Ample opportunities have been provided for setting rights, limits and management of the mobile banking system via the online banking system ССВ Online;
  • Every transfer ordered via CCB Mobile is confirmed by entering a PIN code or by using Face ID / Touch ID (Fingerprint);
  • The daily limit of all transactions effected via the ССВ Mobile service is in the amount of the BGN equivalent of EUR 15 000 (fifteen thousand) (BGN 29 337.45 according to the exchange rate of the BNB);
  • The maximum limit for transfers to pre-set counterparties, payment of utility bills and payments to the state is BGN 20 000 (twenty thousand) per 24 hours;
  • The maximum limit for transfers to random recipients is BGN 8 000 (eight thousand) per 24 hours;
  • 24-hour hotline *5050 for blocking a device in case of loss or theft.

BANK CARD PROTECTION OFFERED BY CCB PLC

  • The bank cards of CCB Plc. are equipped with chip technology guaranteeing a high level of security of payments made at merchants’ locations and cash withdrawals;
  • When paying at a commercial site using a POS terminal and when making a cash withdrawal from an ATM, a PIN code is entered to confirm the payment. In order to ensure safe and secure contactless transactions with your card issued by CCB Plc., we inform you that according to the Second European Payment Services Directive (PSD2), entering a PIN code for contactless card payment will be necessary after five consecutive contactless transactions without a PIN – on the sixth transaction, you will be required to enter your PIN code or to perform the transaction by putting the card though a chip reader;
  • When making online payments with a bank card, confirmation of payment is made using the CVC / CVV code printed on the back of the card. When payment is made to merchants registered for the additional protection programs Mastercard Identity Check and Visa Secure, payment confirmation is made with additional passwords through the CCB Plc. E-Secure service;
  • CCB Plc. provides you with additional protection for the cards, such as the opportunity to block your card and unblock it immediately before making a payment or cash withdrawal via the mobile application CCB Mobile;
  • The Bank monitors the transactions made with the CCB PLC. cards and in case of suspected abuse blocks the use of your card;
  • There is a 24-hour hotline which you can call to block your card in case of loss, theft or suspected misuse;
  • Via an additional SMS service of the Bank you can receive SMS notifications both for each authorisation made with the card and for checking your balance;
  • In the “Cards” menu of CCB Mobile, you can use the “Show amount” button to check the amount available on your card at any time;
  • In the “Cards” menu of CCB Mobile and CCB Online Lite, clients can use the “Show amount” button to check the amount available on their card at any time.

We recommend using the additional services that we offer for greater protection of your card:

  • ССВ Mobile – using the CCB Plc. mobile application, you can receive current information on your balance and movements performed with your bank cards, as well as perform activities related to the management of the cards – block/unblock cards registered in your profile;
  • The SMS Detective service provides you with protection against fraud and misuse of your card. You receive an SMS immediately after using your card, at the time of payment at a commercial site, on the internet or upon a cash withdrawal. If you receive an SMS for a transaction that was not performed by you, immediately call the 24-hour hotlines of the Bank to have your card blocked, or block your card from the “Cards” menu of CCB Mobile;
  • You receive extra protection via CCB Plc. E-Secure service when you make online purchases using your card. The registration and use of E-Secure is completely free. The E-Secure service is operated jointly with the Visa and Mastercard card organisations, and the service is titled differently by the two organisations: Mastercard Identity Check/Mastercard SecureCode by Mastercard; Visa Secure/Verified by Visa or VbV by Visa;
  • The service uses the 3-D Secure protocol, providing an additional level of security for online credit and debit card transactions;
  • The E-Secure service includes a two-factor model for cardholder authentication by combining two separate components, a dynamic password and a static password for online payments, which are entered by the authorised user to confirm bank card payment transactions;
  • Mobile authentication (authentication through biometric characteristics) via integration of Mastercard Identity Check Mobile (IDCM) in the mobile banking of CCB Plc. CCB Mobile is in the pipeline. Depending on the device you use CCB Mobile on when making transactions on the internet, you will be allowed to confirm the payments by facial recognition (Face ID), fingerprint (Fingerprint) or Touch ID.

Information about the amount availability on your card and the operations performed with it can be obtained via:

  • CCB Online – internet banking with QCQES of CCB Plc., which you can use to safely and quickly perform payments in BGN and foreign currency in the country and abroad, as well as order transfers or mass payments. You can get information on movements and balances on your accounts and cards in the Bank, negotiate exchange rates for the purchase and sale of currency, receive information on the status of your credit products and pay utility bills;
  • ССВ Online Lite – mobile banking for your smartphone, tablet or computer, which you can use to monitor the movement of your accounts at any time and check free of charge your card balances and all transactions made with them;
  • CCB Mobile – CCB Plc. application for mobile banking, which you can use to safely and quickly make payments in BGN and foreign currency in the country and abroad, as well as order budget transfers. You can get information on movements and balances on your accounts and cards in the Bank, manage your bank cards, negotiate exchange rates for the purchase and sale of currency, receive information on the status of your credit products and pay utility bills;
  • SMS amount availability – you can check any time and anywhere how much you have on your card. You can receive the information via SMS on your mobile phone.

ССВ ONLINE

  • Access the CCB Online service directly by dialling the address https://www.ccbank.bg/bg/ccb-online-login or from the official website of CCB PLC. https://www.ccbank.bg;
  • Remove your QCQES from the computer after you finish using the CCB Online service;
  • Avoid using public computers (internet halls, libraries, etc.) to access the CCB Online service;
  • Avoid using public wireless networks (WiFi) in order to limit the risk of access by malicious persons to the information entered on the internet, including user name and password;
  • Access the CCB Online service directly by dialling the web address of the portal for access to the service from the official website of the Bank. Avoid using features to auto-complete web addresses;
  • Check the authenticity of the web page and the security of communication with it by clicking on the padlock icon in the address bar of the browser;
  • Use the “Exit” button and close the browser after you finish working in the CCB Online service;
  • Use passwords for access with a length of at least 6 (six) characters, which must contain upper- and lower-case Latin letters, digits and special characters;
  • Periodically change your password for access to the CCB Online service and the PIN code of the electronic signature;
  • Do not save your user name and password in the memory of the browser or the computer you are using;
  • Avoid using the names of family members or company names, dates of birth or telephone numbers for the password to log in to CCB Online;
  • Use internet browsers that support 256-bit encryption – versions of Internet Explorer, Mozilla Firefox, Safari, Opera, Google Chrome, which receive regular updates and are not supported by their developers;
  • For optimum performance and maximum security use the following browsers – Internet Explorer ver. 11, Mozilla Firefox ver.27, Google Chrome ver.38 or later, Microsoft Edge, Safari ver.7 or later, Opera ver.17 or later;
  • Enable automatic browser updates, including browser phishing filters;
  • Avoid installing additional toolbars (ASK toolbar, Google toolbar, etc.) in the browser – such browser add-ons are often used to distribute malware;
  • Promptly notify the Bank in case of change of mobile phone number for receiving SMS-codes for confirmation of payment transactions and change of rights and limits.

ССВ ONLINE LITE

  • Access the CCI Online Lite service directly by entering the address https://www.ccbank.bg/bg/ccb-online-lite-login or from the official website of CCB PLC. https://www.ccbank.bg;
  • Avoid using public computers (internet halls, libraries, etc.) to access the CCB Online Lite service;
  • Avoid the use of public wireless networks (WiFi), in order to limit the risk of access of malicious persons to the information entered on the internet, including user names and passwords;
  • Access the CER Online Lite service directly by entering the web address of the portal for login in the service from the official website of the Bank;
  • Avoid using features to auto-complete web addresses;
  • Check the authenticity of the web page and the security of communication with it by clicking on the padlock icon in the address bar of the browser;
  • Use the “Exit” button and close the browser after you finish working in the CCB Online Lite service;
  • Use passwords for access with a length of at least 6 (six) characters, which must contain upper- and lower-case Latin letters, digits and special characters;
  • Periodically change your password for access to the CCB Online Lite service;
  • Avoid saving your user name and password in your computer's browser;»Avoid using the names of family members or company names, dates of birth or telephone numbers for the password to log in to CCB Online Lite;
  • Use internet browsers that support 256-bit encryption – versions of Internet Explorer, Mozilla Firefox, Safari, Opera, Google Chrome, which receive regular updates and are not supported by their developers;
  • For optimum performance and maximum security use the following browsers – Internet Explorer ver. 11, Mozilla Firefox ver.27, Google Chrome ver.38 or later, Microsoft Edge, Safari ver.7 or later, Opera ver.17 or later; Enable automatic browser updates, including browser phishing filters;
  • Avoid installing additional toolbars (ASK toolbar, Google toolbar, etc.) in the browser – such browser add-ons are often used to distribute malware;
  • Promptly notify the Bank in case of change of the mobile number for receiving SMS-codes for confirmation of payment transactions and change of rights and limits.

ССВ MOBILE

  • Protect and store the mobile device and the PIN code for logging in the mobile application in safe and inaccessible to third parties places;
  • Use the standard security mechanisms of the operating system of the mobile device – use a code to access the mobile device, different from the selected PIN code for logging in to the mobile application;
  • Maintain the operating system of the mobile device secure by installing the latest updates;
  • Avoid using “jailbroken” and “rooted” devices on which the security mechanisms of the operating system are destroyed;
  • Install antivirus software on your mobile phone and update it regularly;
  • Avoid using suspicious mobile applications that can compromise the security of the mobile device;
  • Protect your mobile device with a password and set an automatic screen lock when you are not using the mobile device;
  • Install applications only from official mobile application stores – the App Store, Google Play and the Huawei App Gallery;
  • Use the “Exit” button when exiting the mobile application;
  • Avoid using public wireless networks (WiFi) in order to limit the risk of access by malicious persons to the information entered on the internet, including user name and password;
  • Periodically change your PIN code for accessing the mobile application;
  • In case of loss or theft of your mobile device with access to the online banking system, contact the Customer Service Centre at the 24-hour hotline *5050 or visit an office of the Bank.

CARD SECURITY AND PIN CODE

  • Never write down your PIN on the card or near it;
  • Destroy the envelope with the PIN code as soon as you learn it;
  • We recommend that you change the received PIN code as soon as you receive it. You can change your PIN code at any ATM in Bulgaria. It is not advisable to use sequential numbers, birth dates or phone numbers. Periodically change your PIN code;
  • If upon receipt of the envelope with the PIN code you notice that it is not sealed, call the Bank immediately;
  • Your PIN is known only to you. Never disclose your PIN to anyone, including a Bank employee;
  • Do not assign, transfer or make available the card to third parties, including members of your family;
  • Upon receipt of the card from the Bank, immediately place your signature on its back, in the place designated for your signature;
  • Protect your card from being damaged.

CASH WITHDRAWAL AT ATMS

  1. Prepare your card in advance, look around or wait for the customer in front of you, leaving a reasonable distance. If you are abroad, check in advance whether the ATM has the logo of the card organisation which is printed on your card;
  2. When entering the PIN, hide the keyboard with your hand and make sure that you are not seen by anyone close to you;
  3. Do not count the money in front of the ATM – do so in another safe place;
  4. In case of a transaction problem, never trust a person standing nearby who offers you help;
  5. If you think something is wrong, cancel the operation and use another ATM;
  6. Always take your receipt and if you are worried about the balance, you can contact the Bank;
  7. Before using an ATM, always look at the card slot for anything suspicious;
  8. Make sure that the ATM is marked with the logo of the respective type of card;
  9. When using an ATM, stand in front of the screen and the keypad so that your operation and PIN remain hidden. Follow the on-screen instructions. If you are unsure about the operation you are performing, we recommend that you press the “Cancel” button;
  10. Don't forget to take the money, the card and the receipt for the transaction. Keep in mind that the receipt contains some information about your card, so destroy it before discarding it;
  11. If the ATM retains your card, notify the Bank immediately and block the card. We recommend that you apply for a new card with a new number.

CARD PAYMENTS VIA POS TERMINALS AT A COMMERCIAL SITE

  • Make sure that the merchant is authorised to accept card payments;
  • Do not give your card to others. If you need to pay with it at a commercial site, do not allow the card to be operated without your supervision;
  • Never leave your card unattended until the operation is completed. If possible, pass the card through the POS terminal card reader yourself. If your card is contactless and the merchant accepts contactless payments, ask to perform the transaction yourself by bringing the card to the POS device without providing it to an employee of the merchant;
  • When you are paying by card at a commercial site, verify the accuracy of the amount written on the receipt from the POS device;
  • When entering the PIN code, close the keypad by hand and make sure that you are not being watched by anyone standing close to you.

ONLINE CARD PAYMENTS

  • Always provide an up-to-date mobile phone number to the Bank so that we can contact you;
  • When https:// is written in the URL field at the front, the “s” means that the site is using an encrypted, secure client-server connection. If the site does not use a secure connection (starting with http://), someone can track or change the information you send or receive through it;
  • Watch for a padlock icon in the browser's address bar. The padlock indicates that the page is using a certificate to encrypt the communication. It is issued individually for each website. You can always see what the real address of the site is. To check whether the certificate was actually issued to the retailer from whose website you want to make a card payment, click on the lock icon. Also, be sure to pay attention to the validity of the certificate;
  • If you see a red warning label on the page or the address bar lights up in red, the site is marked as dangerous. Using it will put your information at risk;
  • For online purchases, use the websites of well-known retailers or established brands. Track if the trader has provided his contact information – email, phone, address. If such information is missing, this may be an indication that you have come across the website of a fraudulent merchant who is interested only in your financial data. To be safe, also check the conditions for delivery and return of goods. If there is no “About Us” / “Contacts” section or contact details of the team, your trust in the website in question should be very low;
  • Pay more attention to the offers you receive. Unrealistically low prices of attractive goods can be a signal both for counterfeit goods and for an attempt to defraud and collect data – email addresses, passwords, bank card details;
  • Make sure the web page name is spelled correctly. Some fake websites use names close to popular domains, changing only some letters. Their aim is to deceive users into providing personal information;
  • Be careful when opening short (short links), as it is not clear what website they lead to. To check this, hold the mouse cursor over the link, but without clicking on it. This will allow you to see the actual address to which the link leads;
  • Choose websites that are included in the programs for secure payments with Visa and Mastercard bank cards – Visa Secure and Mastercard Identity Check. If the website does not support them, check if it is secure – look for a key or padlock icon (in the name of the link) or at the bottom of your browser. Enter your card details only on secure websites. Before making a payment, we recommend that you check for reviews and opinions about the site of other users;
  • Keep your e-payment receipt, e-mails or other correspondence with the merchant. They may be useful to you if the payment is disputed;
  • Under no circumstances should you enter your PIN on the internet or specify it in e-mail. The PIN code is used only to confirm operations at ATMs and POS devices;
  • If the trader does not send you or does not provide the goods or service in their appropriate form, you need to contact them and clarify the issue. In case of a dispute, ask the Bank for assistance;
  • Avoid entering your bank card data on computers and other devices with internet access that are used by more people;
  • When making purchases or reservations online, before making the payment, make sure that you are familiar with all the conditions related to it – General Terms of the merchant, delivery times and return policy, cancellation of reservations and disputes, etc. Be careful and make sure that you give the trader permission to debit your account only with the amount of the specific purchase;
  • In case of a lost or stolen card, unauthorised payment or suspected misuse, it is important to immediately call the 24-hour hotlines *5050, 02/92 66 500 or 0889 934 694 to block your card. You can also block it via the mobile application of CCB PLC. – CCB Mobile.

ADDITIONAL PROTECTIVE MEASURES

  • Take advantage of the services which the Bank offers for your security and comfort;
  • Review the amount available on your card on a daily basis, as well as the operations performed with it, and if necessary, contact the Bank for assistance;
  • Use antivirus protection – viruses can damage your computer, destroy data or send personal information and passwords to unauthorised persons;
  • Use a secure password – a combination of letters, numbers and special characters such as “!” and more. Change your password frequently;
  • It is important that you change your passwords frequently. It is recommended to change the password every 3 months, this also applies to the PIN code. Do not use the same password to access different e-banking accounts, emails and others;
  • Be vigilant – do not leave your personal mobile phone unattended to make sure it is not used by another without your knowledge;
  • Do not leave your QES unattended – always disconnect your Qualified Electronic Signature (QES) from the computer and never leave it unattended;
  • Logout – after using CCB Online Lite and CCC Online, end the session by clicking the “Logout” button, not just by closing the browser window.

ADDITIONAL PROTECTIVE MEASURES

  • Take advantage of the services which the Bank offers for your security and comfort;
  • Review the amount available on your card on a daily basis, as well as the operations performed with it, and if necessary, contact the Bank for assistance;
  • Use antivirus protection – viruses can damage your computer, destroy data or send personal information and passwords to unauthorised persons;
  • Use a secure password – a combination of letters, numbers and special characters such as “!” and more. Change your password frequently;
  • It is important that you change your passwords frequently. It is recommended to change the password every 3 months, this also applies to the PIN code. Do not use the same password to access different e-banking accounts, emails and others;
  • Be vigilant – do not leave your personal mobile phone unattended to make sure it is not used by another without your knowledge;
  • Do not leave your QES unattended – always disconnect your Qualified Electronic Signature (QES) from the computer and never leave it unattended;
  • Logout – after using CCB Online Lite and CCC Online, end the session by clicking the “Logout” button, not just by closing the browser window.

PHISHING AND EMAIL NOTIFICATIONS

  • Central Cooperative Bank does not send electronic messages (e-mail) to its clients requiring them to enter personal information or data on a website specified in the e-mail. Never provide your personal data and information relating to your access to online banking, your bank account, card data and others. Access passwords are personal and it is your duty and responsibility to keep them known only to you. Phishing is a scam that encourages users of computers and other devices connected to the internet to disclose their personal or financial information in an e-mail message or on a website. The user is directed to a fraudulent website and required to provide personal and financial data. This website looks authentic, but is actually a fake copy. The information entered is then used for identity theft or unauthorised access to internet banking.
  • Some internet browsers have built-in filters to prevent phishing, and others provide this opportunity through further additions (add-ons), which carry out this filtration;
  • CCB PLC. does not send e-mail messages inviting you to provide data about your password, user name, bank account number, bank cards or other details. CCB PLC. does not exchange this type of information by e-mail;
  • Check what the e-mail address is, not just the sender's name. The name the sender wants you to see when you receive an email from them is usually in the “From” field;
  • Do not open links or attachments when receiving suspicious e-mail and do not install unknown applications on your computer before checking their origin;
  • Do not open (click on) links in emails, messages, web pages or pop-ups from websites or senders you do not trust;
  • Always check the authenticity of the messages you receive in your e-mail. The bank communicates with its clients with official e-mail addresses with the domain: @ccbank.bg.

IN SUCH CASES, WE RECOMMEND THAT YOU TAKE THE FOLLOWING ACTION:

  • Scan the computer device with licensed antivirus software;
  • Perform regular updating of the system used, use only licensed and purchased software;
  • Change the password for access to e-mail with a complex password (upper- and lower-case letters, numbers and special characters, with no less than 10 characters).
  • If you doubt the authenticity of a message, do not hesitate to contact us.
  • *5050 (Call charges are based on the tariffs and policies of the mobile operator used by the client. Calls to a short number might not be included in the package of free minutes, for which CCB PLC. is not responsible);
  • 02/9266 500;
  • 0889 934 694.