Scribd
Upload
137 views5 pages

TCIB-MB User Security Policies v1

This document outlines several user security policies for Khushhali Microfinance Bank's internet banking (IB) and mobile banking (MB), including: 1. Users' accounts will be locked after 5 incorrect login attempts, and they will receive an SMS notification. Call centers or users themselves can unlock accounts. 2. Users must create passwords meeting various complexity criteria when setting them for the first time or resetting. 3. User sessions will timeout after 8 hours of inactivity or 5 minutes of idle time, and users can only have one session active at a time. 4. Users will receive password expiration warnings starting 60 days before their 180-day expiration, and must reset expired passwords by logging

Uploaded by

Rana Abdul Rehman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
137 views5 pages

TCIB-MB User Security Policies v1

This document outlines several user security policies for Khushhali Microfinance Bank's internet banking (IB) and mobile banking (MB), including: 1. Users' accounts will be locked after 5 incorrect login attempts, and they will receive an SMS notification. Call centers or users themselves can unlock accounts. 2. Users must create passwords meeting various complexity criteria when setting them for the first time or resetting. 3. User sessions will timeout after 8 hours of inactivity or 5 minutes of idle time, and users can only have one session active at a time. 4. Users will receive password expiration warnings starting 60 days before their 180-day expiration, and must reset expired passwords by logging

Uploaded by

Rana Abdul Rehman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

TCIB/MB User Security Policies

Khushhali Microfinance Bank Limited

Page |1
Amendment History

Version Date Author / Changed By Status Reviewed By

V.01 23-Sep-20 Abdul Rehman Initial Shahid Hussain

Page |2
TCIB/MB User Security Policies
1. User Locking Policy on Wrong credentials Attempts:
 Users account will be locked permanently after consecutive 5- wrong credentials
attempts in IB/MB.
 Within 5 minutes, respective end user will get an SMS Notification of Account lock.
 Call Center Team can check users account status from Self Service Identity Portal
and can unlock the user account/Reset the Password on the customer request.
 User can also unlock himself his/her account on Internet Banking user login page
after entering username with Forget/Reset Password option available and answering
the correct security question/answers. This functionality not available on Mobile
Banking.
 Below error message will prompt to user on internet banking after user account
locked due to 5-wrong password attempts.
“Invalid user name or password. Please Note, User ID may be blocked after multiple
failed login attempts.”
 Below error message will prompt to user on Mobile Banking after user account
locked due to 5-wrong password attempts.
“ User account is locked ”

2. User Valid Password Criteria Policy:


 User will receive a system-generated default one time Password on his/her
registered email, upon users account registration time or Password Reset Request
time. User need to set his/her valid password using that OTP by following below
mention Password Criteria Policy.

1. Password must not match or contain first name


2. Password must not match or contain last name
3. Password must contain at least 3 alphabetic character(s)
4. Password must at least 10 long character(s)
5. Password must contain at least 2 lowercase letter(s)
6. Password must contain at least 1 numerical character (s)
7. Password must contain at least 1 Uppercase Letter (s)
8. Password must not match or contain User ID
9. Password not be one of 5 pervious passwords

Page |3
3. Users Sessions Timeout Policy:

 This policy is applicable when user successfully logged in TCIB/MB, a user


session will established. Below are session timeout Policies.
 Session Life Time: user can work continuously for (8 Hours/480mins) after
that time session will be killed and user logged out automatically. User need to
re-login if wants to continue working.
 Idle Timeout: If user session is in idle state for 5mins, i.e no input/action
performed then, user session will be killed and user will be logged out.
 Maximum Session Per user: User can only have one session at one certain
time, User previous session will be terminated if user login to another session
either from IB/MB.

4. Password Expiration/Warning Policy:

 User password will expired after 180 days and user will receive warning
notifications on his/her registered email with below mention days before
password expiry.
1. User Password Expiry warning Notification 60 days before Expire
2. User Password Expiry warning Notification 45 days before Expire
3. User Password Expiry warning Notification 30 days before Expire
4. User Password Expiry warning Notification 15 days before Expire
5. User Password Expiry warning Notification 90 days before Expire
6. User Password Expiry warning Notification 01 day(s) before Expire.

 User will receive Password Expired Notification on password Expiry day.


 Below error message will prompt to user on internet banking after user account
password expired.
“Invalid user name or password. Please Note, User ID may be blocked after
multiple failed login attempts.”
 User can login again on Internet Banking on user login page after entering
username with Forget/Reset Password option available and answering the correct
security question/answers. This functionality not available on Mobile Banking.
 Below error message will prompt to user on Mobile Banking after user account
password expired.
“Your Password has expired. Login from Internet Banking to set a new
password”

Page |4
5. User Security Profile Reset Policy:

 Users set security profile at the time of registration by entering default password
on Internet banking and selecting image and setting three different
Questions/answers.
 Login with default password and Security profile creation functionality not
available on Mobile Banking.
 User can request Security Profile Reset to call centre team in-case end user forget
their security Question/answers.
 Call Center Team will reset security profile of user on user request from
provided Profile Reset Portal.

Page |5

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy