Security

Security is Important!

Methods of internet fraud change in time depending on the developing technology. Please pay attention to the following security measures in order to make your transactions securely at Bank Asya Online Banking.

Our Security Measures;

• Şifreci



Şifreci is a device which generates single use PINs providing an extra layer of security when using Bank Asya Online Banking and Alo Asya Telephone Banking.

Şifreci works with chip credit cards of Bank Asya (AsyaCard, DIT).

Why should I use Şifreci?

In order to log in to Bank Asya Online Banking and Alo Asya using Şifreci you are required to provide your chip card PIN and “Key”, which is specially generated for you during your access to Online Banking, in addition to your Customer Number and Password. This two-factor security system eliminates the risk of that others log in to the system in your name.

What is Dynamic PIN?

It is a single use PIN which is generated by Şifreci and composed of minimum 9 and maximum 12 numbers. It cannot be reused by you or another customer.

What is card dynamic PIN system?

It is a system which provides secure access to Bank Asya Online Banking and Alo Asya with your dynamic PIN generated by Şifreci and your chip credit card.

Types of Şifreci

Pratik Şifreci which is connected to a computer with a USB wire also works with chip credit cards of Bank Asya (AsyaCard, DIT). Thanks to this connection “Key” information and PIN are automatically interchanged between the computer and the device. It can be used wirelessly like Standart Şifreci. You must click the following link to download the setup file for Pratik Şifreci.

Pratik Şifreci Setup File

What are the properties of Şifreci?

• Every time it generates single use PINs special for you.
• Thanks to its single use property PIN that is generated cannot be reused by you or another person.
• It provides an extra layer of security because Şifreci, your chip credit card, card PIN and Key information are all needed at the same time to generate PIN.
• Online Banking user and card holder must be same person.
• Şifreci can be used by different users. Family members or employees in an office can share a Şifreci to access to their Bank Asya accounts using their credit cards defined to Card Dynamic PIN System.
• You can handily carry Şifreci with you.
• If you have a Şifreci, you can use services of all the banks which will support this application in future.
• Şifreci allows you to access Bank Asya Online Banking and make your transactions securely wherever you are.
• You can connect Alo Asya Telephone Banking using the PIN generated by Şifreci without an extra security inquiry and make your banking transactions instantly.

What are the advantages of Şifreci over other PIN devices?

• Şifreci is a device which generates single use PINs. It provides relatively superior security compared to other devices on the market because it generates PIN using EMV technology of chip credit cards.
• Şifreci is not a personal device, multiple people can log in to Bank Asya Online Banking using the same device on condition that they use their own credit cards.
• If Şifreci is stolen or lost, you do not need to inform Bank Asya about it; it does not cause a security gap.

How can I apply for Şifreci?

You can apply for Şifreci

• At Bank Asya Online Banking,
• At 0850 222 4 888 Alo Asya and
• At our branches.

to view the demo of Standart Şifreci. Please click.

to view the demo of Pratik Şifreci . Please click.

• Mini Şifreci



Mini Şifreci is a device which generates single use PINs providing an extra layer of security when using Bank Asya Online Banking.

What are the properties of Mini Şifreci?

• Each time it generates a single use PIN special for you.
• PIN that is generated cannot be reused by you or another person due to its single use property.
• You can handily carry Mini Şifreci with you wherever you go.
• Mini Şifreci allows you to access Bank Asya Online Banking securely and make your transactions wherever you are.
• You do not need to download any software to use Mini Şifreci.
• Both retail and corporate customers can use Mini Şifreci.

Why should I use Mini Şifreci?

In order to login to Bank Asya Online Banking using Mini Şifreci you are required to provide a PIN in addition to your user name and password. Mini Şifreci provides you a single use PIN that is necessary to login to Bank Asya Online Banking. The risk of that others login to the system in your name is eliminated because every PIN that is generated by Mini Şifreci can be used only once.

How can I apply for Mini Şifreci?

You can apply for Mini Şifreci at Bank Asya Online Banking using "Şifreci" page under "Personal Information/Security" menu. Overseas delivery is possible for the customers who live outside Turkey.

How much should I pay for Mini Şifreci?

Unless otherwise indicated, for each Mini Şifreci TL 25 is charged to your Bank Asya current account and credit card for once.

How can I activate my Mini Şifreci?

You can activate your Mini Şifreci at Bank Asya Online Banking using "Şifreci> Mini Şifreci Activation" page under "Personal Information/Security" menu.

How can I login to Bank Asya Online Banking using Mini Şifreci?

After you enter your user name and password, you must also enter the PIN generated by Mini Şifreci into "PIN (Mini Şifreci)" field to login to Bank Asya Online Banking.You have 40 seconds to enter the PIN generated by the device into "PIN (Mini Şifreci)" field. The timer at the left top of Mini Şifreci screen displays remaining time to enter your PIN. When the time is up, Mini Şifreci automatically turns off.

Although I enter the PIN generated by Mini Şifreci correctly, I always receive an error message indicating that my PIN is incorrect. What should I do?

If you generate successively 10 PINs using Mini Şifreci and do not use any of them to login to Bank Asya Online Banking, a synchronization error occurs. In such a case you always receive "incorrect PIN" message when you login to Online Banking. You can call Alo Asya on 0850 222 4 888 to remove the error. If it is an overseas call, you must dial +90 216 0850 222 4 888. When you enter the first PIN generated by Mini Şifreci after synchronization, the error message will be displayed again. You can login to Bank Asya Online Banking without any problem using the second PIN generated by Mini Şifreci after synchronization.

• Turkcell Mobile Signature



Banking transactions are now much safer with mobile signature…

You can apply for Turkcell Mobile Signature at Bank Asya Online Banking and by using your mobile signature you can log in to Online Banking, open the transaction lock and confirm your transactions.

What is Turkcell Mobile Signature?

Turkcell Mobile Signature is a service which enables you to make online transactions as if you use your handwritten signature. It allows you to use the qualified electronic certificate, which is the equivalent of wet signature (handwritten signature) in accordance with Electronic Signature Law number 5070 with your mobile phone.

Who can use Turkcell Mobile Signature?

All Turkcell customers who have SIMPlus 128 card can use Turkcell Mobile Signature with their current mobile phones.

How can I have Turkcell Mobil Signature?

You must make a pre-application and complete the post-application process for Turkcell Mobile Signature.

Pre-Application

You can make a pre-application at the "Mobile Signature Application" page on the "Mobile Signature" screen under the "Security Settings" menu at Bank Asya Online Banking.

After Pre-Application

• New SIM cards will be delivered by courier to the addresses of the customers whose cards are not corporate cards, twin cards or double cards and who reside in Adana (center), Ankara, Antalya (city centers of Antalya and Alanya), Bursa, Gaziantep (center), Istanbul, Izmir, Kocaeli, Konya (center), Mersin (center). The customers who reside in other cities must get their cards from the nearest Turkcell Extra shop.For the nearest Turkcell Extra please click.

• Few days after your visit to Turkcell Extra, Turkcell Customer Services will call you for identity authentication, inform you about "Startup Code" to launch the service and open your Turkcell Mobile Signature for use in your SIM card.
• When your mobile signature is opened for use in your SIM card, you will be requested to enter your "Startup Code" and set your PIN which you will use to make transaction.
• After you are informed that your electronic certificate is issued by Turkcell, you must open the system for use by signing the request sent to your mobile phone.

Activation

When you are informed that your Turkcell Mobile Signature is ready for use, you can activate your mobile signature at "Mobile Signature Settings" page at Bank Asya Online Banking.

How can I use Turkcell Mobile Signature?

• After you enter requested information on the pages supporting Turkcell Mobile Signature and click "OK" button, the information you enter will be summed up and sent to your mobile phone to be signed.
• When signature request is delivered to your SIM card, an explanation text about the transaction to be signed will be displayed on the screen of your phone.
• Compare the SMS delivered to your mobile phone with the text in "Signable Message" area and be sure that the two information are identical.
• When you confirm the signable message, "Fingerprint" will be delivered to your mobile phone.
• Please be sure that the fingerprint on your mobile phone is identical with the fingerprint on the screen.
• When PIN is requested by your mobile phone, enter your Turkcell Mobile Signature PIN and confirm the transaction.
• Confirm the transaction at Bank Asya Online Banking.

Charges

• There is no extra charge for Qualified Electronic Certificate when you are registered for Turkcell Mobile Signature Service.

• to see the charges for use of Turkcell Mobile Signature. Please click.

• Avea Mobile Signature



What is Avea Mobile Signature?

Avea Mobile Signature is a service which enables you to fulfill electronic signature processes indicated in Electronic Signature Law number 5070 by using only mobile phone and special SIM card.

It allows you to make transaction that is legally equivalent to wet signature by authenticating your identity.

How does Avea Mobile Signature work?

Qualified electronic certificate is defined by being subscribed to Avea Mobile Signature service.

128K SIM cards you use with the service store the signature creation information required to authenticate the information on the certificate.

By your special PIN you can transmit your signature request to the qualified electronic certificate provider on GSM network and authenticate your identity.

Who does provide the certificate for Avea Mobile Signature service?

When your subscription to Avea Mobile Signature service is initiated, a qualified electronic certificate is defined to your name. Certificates are provided by Türktrust Bilgi, İletişim ve Bilişim Güvenliği Hizmetleri Inc., which is the authorized organization for providing qualified electronic certificate in Turkey.

Is Avea Mobile Signature service secure? Can SIM card be broken?

128K SIM cards which are delivered to you for Avea Mobile Signature service have a special software. SIM cards have EAL4+ security certification required for electronic signature process and secure transactions, and they can withstand attacks. Signature creation information cannot be copied or removed from the card.

Qualified electronic certificate information is stored in secure environments by Türktrust, the certificate provider. Türktrust complies with the standards of ISO 27001 Information Security Management System and inspected by independent organizations.

Unlike SMS messages, the service messages shuttling between the mobile phone of the subscriber and Avea network are not stored on SIM card.

How can I subscribe ?

How can I subscribe to Avea Mobile Signature?

You must firstly make a pre-registration at www.aveamobilimza.com or the web sites of the contractual organizations with your TR identity number and Avea line that you will use with the service.

As a second step Avea Customer Service (444 1 500) representatives will call you and if no problem occurs during identity authentication process, you will be directed to the nearest Avea Service Center.

After you affirm your identity documents on Avea Service Center and sign the contracts, your SIM card will be changed and 128K SIM card that you will use with the service will be delivered to you.

Avea Customer Service (444 1 500) representatives will call you and if no problem occurs during identity authentication process, your service activation procedure will be completed.

Who can use Avea Mobile Signature service?

Avea postpaid line holders whose lines are not shut down and who have a TR identity number can make a pre-registration and if no problem occurs, they can use the service .

Soon Avea pre-paid line holders will also use the service.

How many Avea Mobile Signature subscription can I buy for the same line?

You can buy only one Avea Mobile Signature subscription for the same line. If you have multiple postpaid lines in your name, you can subscribe to the service for each line.

Can I subscribe to the service without having a line?

Personal users who do not have a line can subscribe to Avea Mobile Signature service and get a certificate. However, during this process the line holder is also required to sign the service contracts and give a written approval.

Personal users who use corporate line can subscribe to Avea Mobile Signature service and get a certificate on condition that the corporation representatives also sign the service contracts and give a written approval.

How Can I use?

How can I use Avea Mobile Signature?

Indicate your request on a valid application in order to use the service. (Press SIGN button or send a request to verify with Avea Mobile Signature etc.)

The request about the documents that you are required to sign will be sent to your mobile phone on GSM network.

Read the explanation displayed on your phone and press OK if you confirm the transaction.

At this step HASH (fingerprint) will be displayed on the screens of both the application and your mobile signature. HASH may be composed of 10 groups of 4 numbers or letters. If there is no inconsistency in HASH information, press OK to proceed.

You are required to enter your 6-digit Avea Mobile Signature PIN to complete the transaction. Enter your PIN and press OK to complete the transaction.

You will have confirmed the signature request and performed the transaction by now, if no problem occurs.

PIN and Certificate Problems

How can I change my Avea Mobile Signature PIN?

You can change your 6-digit PIN that you use with the service at Avea Mobile Signature menu. Your PIN cannot be composed of consecutive (i.e: 123456) or repeating (000000) numbers.

Your PIN is special for you; don't choose an easily guessed PIN and don't write it down anywhere and don't say it anybody.

You will be blocked, If you enter the PIN incorrectly 3 successive times.

My Avea Mobile Signature PIN has been blocked. What should I do?

You can call Avea Customer Services at 444 1 500, if your 6-digit PIN is blocked.

I have forgotten my Avea Mobile Signature PIN. What should I do?

You can call Avea Customer Services at 444 1 500, if you forget your 6-digit PIN.

How long is qualified electronic certificate valid?

The qualified electronic certificate will be legally valid for 3 years from the launch of Avea Mobil Signature subscription. If you wish to extend validity of your certificate before it expires, you can call Avea Customer Services at 444 1 500 and get detailed information.

Your certificate will be legally valid, unless you cancel your Avea Mobile Signature subscription or your post-paid line.

Can I allow others use my qualified electronic certificate?

The legal liability of any transaction that you electronically sign by using Avea Mobil Signature service belongs to the qualified electronic certificate holder, that is, you.

Therefore, if the service is used by others, you will be liable for the legal consequences of any transaction signed.

Can I use Avea Mobile Signature abroad?

You can use the service with the operators which Avea has a roaming agreement with but you may be required to pay for the messaging to the operator of the country in which you are.

My Avea Mobile Signature service does not work. What should I do?

If a problem occurs about your Avea subscription or the place where you use the service is out of the GSM network coverage, your access to the service may be disconnected.

Please call Avea Customer Services at 444 1 500 in case of such a problem.

Telephone Problems

Which telephones support Avea Mobile Signature service?

128K SIM card used with the service, and the special softwares in the card do not run on some telephone models in the market. It is recommended to subscribe to the service with the following phones.

Blackberry 7290; Nokia 5110 ve Nokia 6110; Sony Ericsson P800, P900 ve P910i; Samsung i600, i750, N500, N620 ve R220; Several BenQ models (M300, M305, M350, P50 ve P51); Several Asus models (P525 ve P535); General Mobile phones (DST01, DST11, FB1907); Several Motorola models (F3, MPX220) and some other mobile phones.

Please call Avea Customer Services at 444 1 500, if you think that your telephone does not support the service.

What should I do if my mobile phone is stolen or lost?

You can temporarily close your Avea Mobile Signature service subscription for use. Please call Avea Customer Services at 444 1 500 to complete the transaction.

Charges

How much do I need to pay for Avea Mobile Signature service?

You are charged monthly TL 4,85 for unlimited use of service including all the taxes. There is no extra charge except monthly subscription fee.

• Account Authorizations



You can close your supplementary accounts for use of Online Banking and Alo Asya or use it only for viewing purposes by blocking transactions.

In order to open your accounts that you have closed for use of Online Banking and Alo Asya or to open your accounts to make transactions;

Individual customers can call Alo Asya 0850 222 4 888 ,

Corporate customers can apply to their branch.

• SMS Verification



“SMS Verification” , is a step to get confirmation via SMS for online banking transactions.

How do I verify transactions via SMS?

After selecting the transaction that you want to perform, you will be redirected to the SMS verification page to open transaction lock.

You must select the mobile phone number that you will use for SMS verification at this page.

Your 6-digit PIN to be used for verification will be sent to the mobile phone number you select.

You can open transaction lock via SMS by entering the 6-digit PIN sent to your mobile phone into Single Use PIN area and confirm the transaction.

After confirmation you can continue your transaction.

You can perform multiple transactions after you open the transaction lock once.

In order to use SMS verification service;

• Your mobile phone number must be recorded in our system.
• If your mobile phone number is not recorded in our system, you can register your mobile phone number with our branches.

The customers who use ŞİFRECİ , the device generating single use PINs, must open transaction lock when logging in to Online Banking.

The messages sent for verification are free of charge.

• Access Settings (IP Restriction)



Internet Protocol (IP) address is a special number which is provided by your Internet Service Provider and you use for access to internet. It is composed of four groups of number ranging from 0 to 255 and divided by dots.

You can define your IP number at Access Setting page under Personal Information / Security menu and restrict access to Bank Asya Online Banking to the IP address or IP range you define.

With IP restriction you can prevent others from access to Bank Asya Online Banking from the IP address or IP range excluding the ones you specify.

You can automatically activate your access settings using Activation/Deactivation screen at Online Banking.

• Limit Authorizations



You can restrict your daily transaction limit using Limit Authorizations screen under Personal Information/Security menu at Online Banking.

Thus, you can make transaction within your daily limits or use your standard transaction limits.

• Transaction Authorizations



You can restrict online transactions at Transaction Authorizations page under Personal Information / Security menu at Online Banking.

You can determine which transactions you can perform at Bank Asya Online Banking by making restriction on your Transaction Authorizations. Unless you restrict the transactions, you can perform all the transactions online

• Security Question



You can set your security question at Security Question screen under Personal Information / Security menu at Online Banking.

Don't share your security question with anybody including Bank Asya Customer Services representatives or don't save it on your computer or browser, and don't write it down anywhere.

Change your Security question at regular intervals after the first login.

Don't choose easily guessed information for your Security Question, such as consecutive or repeating numbers, date of birth or marriage, and installation numbers on your bills.

If you are suspicious that your security question is known by others, call our call center at 0850 222 4 888 and get help.

• Keypad



Keypad application is put into use to protect your PIN against Keylogger programs, which log the keys struck on a keyboard).

Keypad enables you to enter your Online Banking PIN and password by using your mouse on the screen without striking the keys on the keyboard of your computer. Using Keypad during login process provides protection against several keylogger programs which break security by logging your password and PIN struck on the keyboard. If the computer has such a program, typing your password and PIN by using the keyboard may be risky. Using your mouse and the buttons on keypad to enter your password and PIN eliminates the risk arising from such programs.

About Safe Access to Bank Asya Online Banking

• Security Advices for Wireless Network used at Home and Office


Recently, wireless modems have become widespread. While we benefit from the facilities provided by these modems, we must pay attention to the security settings. A wireless modem can broadcast signal to the next building, even to the street and accordingly security gains importance. An unprotected modem may cause a malicious person to infiltrate your computer and steal your PIN. Therefore, we advise you to take following measures and consult the place you have bought your modem for the ones that you do not know about. If you use wireless modem at home or the office;
1. Change username and password of your modem.
While some modems allow to change only admin password, both password and username can be changed in some others. You must primarily change your admin password and username as much as possible. If no password is assigned, you must set a password. It is important that your password is not easily guessed.
2. Change network name (SSID) of your modem
It is recommendable to change the network name of your device, if it is possible. Since the person who wants to use your modem without permission has to know this value in addition to the password, it provides superior security. Disabling SSID broadcast of your modem makes your access to internet much safer.
3. Place your modem properly and turn it off, when you do not use.
If you do not use your modem for a long time, it is advisable to turn it off. Also it is more appropriate to place it close to the center of the house rather than the window.
4. Encrypt the connection.
Many wireless modems can encrypt their connection with computer. Thanks to this encryption the connection of the modem with your computer will be much safer. You must adjust the settings of both your modem and computer. It is recommendable to use your own keyword for encryption.
You can implement the following tips for improved security settings.
• If you want to make further restrictions on the access to your modem, you can disable automatic IP address assignment to each computer connected. Just disable DHCP in the settings of your modem. You must make an adjustment also in your computer for this restriction.
• Every device has a hardware address (MAC Address). If your modem supports, define MAC address of your computer to the modem and activate MAC infiltration.
• How can I distinguish fraud spams?


• Bank Asya sends e-mails only for information purposes. Customers are never asked for their account, credit card, PIN and identity information by e-mail. There is not a link to enter your information in the e-mails we have sent.
• If the e-mail you received is different from the e-mail layout sent by Bank Asya or fonts is different, there are spelling mistakes, the language is informal or threatening (i.e: Your account will be closed, if you do not send us your credit card number), it is definitely a suspicious situation.
• If you are redirected to another website by a link, compare the URL typed into the address bar of your browser with the company’s official URL which you intend to visit. If they do not match, it is certainly a fake e-mail. In such a case immediately close your browser and delete the e-mail.
• Another way of checking the authenticity of the website that you are redirected from the e-mail is looking for the yellow padlock icon at the lower right of the browser. When you double click on this icon, "Certificate” window must be opened. The information across the “Issued to” label must match with the company name or the official web site you intend to visit.
• The Security Points That You Should Pay Attention When Logging into Online Banking


• Bank Asya never asks the brand or model of your mobile phone, your T.R. identity number and mother’s maiden name in full when logging into Online Banking. If a screen requesting such information is opened during your connection, please do not continue your transaction and call Alo Asya on 0850 222 4 888 without entering any information.
• General Information



Login to Online Banking

• Always visit Bank Asya Online Banking by typing www.bankasya.com.tr into the address bar of your browser and clicking Online Banking button
  () at our homepage. Never use the links (URL) sent by e-mail or in other websites, including the ones in search engines.
• Look for the icons which verify that data security is provided by SSL encryption. These icons which are () for Internet Explorer, () for Netscape
  and () for Firefox are displayed at the lower right corner of the transaction and PIN pages and indicate that the page is encrypted by SSL and the website really belongs to Bank Asya.

User Name, PIN and Password

• Never save your user name on your computer or browser and don't write it down anywhere. Change your user name at regular intervals.
• Don't share your PIN and password with anybody including Bank Asya Customer Services representatives, don't save them to your computer or browser, and don't write them down anywhere.
• Don't choose consecutive or repeating numbers or easily guessed numbers as your PIN and password, such as date of birth or marriage, and installation numbers on your bills.
• Use different PINs for your accounts in different banks.
• Please don't make any banking transaction in public places such as internet cafes. If you have to make transaction in public places, don't allow (Auto Complete) computer programs or the web sites you visit automatically remind you of your PINs or credit card numbers.
• If you are suspicious of that somebody has obtained your PIN or password, change your PIN or password immediately at Bank Asya Online Banking or by calling our call center on 0850 222 4 888.

Logout of Online Banking

Use "Logout" button after you complete your transactions at Bank Asya Online Banking.

Follow-up and Check

• Check your last login date and hour at your every visit to Online Banking to view if there is any login or use apart from yours.
• Check your account transactions and statements regularly. If you discover a transaction which is not performed by you, immediately call Alo Asya at 0850 222 4 888.

Computer Security

• Install regularly security patches issued by the producing company to your operating system in order to improve the security of your computer.
  If you use Windows Operating Systems, you can click following link to install new security patches to your system; http://v4.windowsupdate.microsoft.com/tr/
• Scan your computer regularly with new anti-virus softwares for viruses.
• Don’t accept the agreement without reading when you download a program.
• You must set up several utility programs in your system in order to close the security gaps and protect your computer against potential attacks. You can download new security patches for Microsoft Windows Operating Systems from the following link;
  
  http://www.microsoft.com/downloads/
• Free softwares may carry small spywares, use anti-spyware softwares in order to be protected from such programs. You can click following link in order to set up related software issued by Microsoft in your computer;
  
  http://www.microsoft.com/downloads/Browse.aspx?displaylang=tr&categoryid=7
• Set up a personal firewall in your computer to be protected from cyber attacks and prevent partially the suspicious communication conducted by your computer.
• If you use file sharing programs, activate automatic start of such programs and don’t login to Online Banking when these programs run.
• Prefer authorized companies for repair of your computer.
• When using Bank Asya Online Banking, use a secure browser which supports 128-bit encryption for the security of your transaction and account information.

What is SSL?

SSL (Secure Sockets Layer) protocol is used to protect the confidentiality and integrity of online data traffic between the user and the bank by encryption. SSL protocol is supported by all common web servers and browsers. SSL enables that the data that is sent is deciphered definitely and only by the correct address. Before data is sent, it is automatically encrypted and deciphered only by the correct address. Data is mutually verified, and confidentiality and integrity of the transaction and the information are protected. The power of the encryption method used for data flow depends upon the length of the key. The length of the key is extremely important. 40 bit and 128 bit encryption methods are used in SSL protocol. 128 bit encryption method has 2128 different combinations of the key.

If the browser you use does not support 128-bit encryption, you can use the following links to update your browser for 128-bit encryption.

Internet Explorer 7.0 | Firefox 3.0 |

What is secure data flow and how is it provided?

The definition of security and secure data flow must be firstly known in order to understand if secure data flow is provided or not. The conditions below must be provided for a secure connection:

• Identity must be checked.
• Data must be encrypted.
• It must be assured that data is not changed.
• Access must be provided within authorization limits.
• All the transactions must be encoded to be proved later.

SSL enables the user who uses a standard web browser to verify the address of the server to which he is connected. In another words the user asks and confirms the identity, before he conveys information / identity to the browser.

On the other hand SSL launches an encrypted session and carries it to a level that others cannot watch it. In this secure connection SSL checks if the data is changed or not, in addition to encryption.

The working method of SSL is based on certificates. When the user connects to a secure site with a web browser, the steps proceed as follows:

• The browser firstly asks for identity,
• The web server program conveys its certificate to the browser,
• The browser checks out the identity information and certificate. (Check-out method can be described as the comparison of signature of the organization providing the certificate in the identity with the signature of certificate organization within the browser.)
• The browser checks automatically if the address to which it is connected and the address on the certificate are identical.
• If the identity is verified, the process of detecting a key for encrypted communication by mutual messaging starts.
• The browser and the web server choose the single-use session key after a series of messages.
• Key is indeed a PIN and it enables the whole communication by using the same PIN.
• SSL will check if the data that is mutually sent is changed.

The widely known terms, such as 40-bit or 128-bit, can be defined as the length of the security key (PIN). The longer the PIN is the harder to break it. Because nowadays 40-bit PINs can be broken by enhanced systems, SSL systems allowing 128-bit encryption are much more secure.

For your questions about our security measures you can call Alo Asya at 0850 222 4 888.