Punjab National Bank – Mobile Banking

Mobile banking (also known as M-Banking, SMS Banking etc.) is a term used for performing balance checks, account transactions, payments etc. via a mobile device such as a mobile /cell phone. Punjab National Banking Mobile Banking Services are available to all the customers of Bank. To access PNB Mobile Banking, you need to have account with the Bank, a valid mobile connection and handset supporting the services. You can register for the Mobile Banking Services by submitting request on the required application form at any Bank branch.

Security features in Mobile Banking Services

  • Separate passwords for login and transaction
  • Password is stored in one way encrypted form in the database
  • Mandatory change of password on first login
  • Password Expiry period –System will force user to change login and transaction password mandatory after specified period
  • User Expiry period – User ID would get disabled if user does not login for a period of 180 days
  • Disabling login-Id after ‘5’ consecutive unsuccessful login attempts

Others

  • Profile based access, Audit trails & Logs
  • Periodic Audits/ Penetration Testing by External Auditors
  • Unique session ids, Session Expiry period
  • Encrypted URLs using application key
  • Second Factor of authentication introduced for third party transfers (mPIN) as per RBI guidelines.

Registration (One time activity) – Only through Internet (via PC/Mobile)

a.Click ‘Retail User Registration in website ‘https://mobile.netpnb.com/mbanking.html’

b.At the time of first login please enter your User Id and Login Password from the secured envelope sent by the bank.

c.System will ask you to change the password(s). After the successful change of passwords, the system will show the next screen for registration.

d.Click the link at the ‘Mobile Banking Services’ in the Home Page and select ‘Manual SMS’ under the Mobile Banking Flavors for Pull SMS facility.

e.Log out from the page by click the ‘Log Out’ option at the top – right corner of the screen.

f.Your Mobile Handset is now ready for sending SMS for balance inquiry, Mini Statement and Cheque status inquiry.

[advt]For receiving Balance Information through SMS

Send SMS message in the following format to 5607040

BAL<space>XXXX<space>YYYYYYYYYYYYYYYY

Where XXXX refers your SMS password as printed in mailer and YYYYYYYYYYYYYYYY refers your 16 digit Account Number. For example the SMS would be like ‘BAL 1111 0123456789012345 ‘, where 1111 is your SMS password and 0123456789012345 is your 16 digit account number.

For receiving Mini Statement through SMS

Send SMS message in the following format to 5607040

MINSTMT <space>XXXX<space>YYYYYYYYYYYYYYYY

Where XXXX refers your SMS password as printed in mailer and YYYYYYYYYYYYYYYY refers your 16 digit Account Number. For example the SMS would be like ‘MINSTMT 1111 0123456789012345 ‘, where 1111 is your SMS password and 0123456789012345 is your 16 digit account number.

For Inquiry of Cheque Status through SMS

Send SMS message in the following format to 5607040

CHQINQ<space>XXXX<space>AAAAA<space>YYYYYYYYYYYYYYYY

Where XXXX refers your SMS password as printed in mailer, AAAAAA refers to the cheque number and YYYYYYYYYYYYYYYY refers your 16 digit Account Number. For example the SMS would be like ‘CHQINQ 1111 99999 0123456789012345 ‘, where 1111 is your SMS password, 99999 is the cheque number and 0123456789012345 is your 16 digit account number.

Remember:

  • You have 5 attempts to login. The password is case sensitive i.e p (small) is different from P (capital). So be careful while putting the password(s).
  • The password length for various passwords to be used for mobile banking are as follows:
  • login and transaction password : 6 characters
  • SMS password: 4 digits (numeric)
  • M PIN : 4 digits (numeric)
  • The password selected by user should contain minimum 6 characters and    maximum 28 characters.
  • At the time of first login to the services, you will be asked to change the password(s). If you have both the login and transaction passwords, you have to keep both distinct for security reasons. Once passwords are changed, the new passwords are to be keyed in.
  • The expiry periods for Login and Transaction passwords are 999 and 180 respectively. This period is from date of issue of password by the bank or change of password by the customer. If the service is not being used for the said periods, you will require new passwords to resume the same.

Unable to Log In:

In case your user id is disabled due to wrong/ incorrect password, then approach your branch (where you want to receive the duplicate password) and apply for a fresh password. The new password will be sent to branch after getting the same request from the branch. Submit the acknowledgement for activating your transaction password after receiving the new password. Login password will always be enabled.

Know your Mobile Banking Status/ Details: To know your Mobile Banking status/details contact your branch, where you have forwarded the application form.

Or 24 hours help line:  1800 180 2222 (All India Toll Free Number)

0124-2340000 (Accessible from mobile)

Safeguard:

  • Do not reveal password(s over phone, mail etc to any person including Bank.
  • The passwords can be changed as frequently as you wish (using the facility available after logging specific flavor). Please change your password(s) before the passwords get expired or when the system prompts you to do so.
  • Do not click on website links/attachments in unknown/suspicious emails. These links may take you to replica of banks website and ask for keying in your user id and password(s).
  • Bank will never send any e-mail requesting to provide user-id/password and other sensitive information.
  • In case of doubt, reconfirm the PNBs website by double clicking the ‘padlock’ symbol/icon at the bottom right of the web page to ensure the site is running in secure mode before you input any confidential/sensitive information.
  • Clicking on the ‘padlock’ symbol/icon and server certification symbol will display details of the server certification in the favor of Punjab National Bank.
  • To ensure a safe and genuine login, always enter bank’s website through https://mobile.netpnb.com
  • In case there is any call, please confirm that the call is from the authorized person of the bank.

Activation of user id:

There are two cases where you should approach the branch for activating your user id.

  • When you receive a fresh password from the bank, you have to approach any branch to get transaction facility activated, as new transaction password comes in disable mode by default for security reasons.
  • Your user id gets disabled if you exceed more than 5 attempts with wrong passwords. In this case you have to approach your branch to get it activated.

Disable user id:

If you have lost your user id and password and you want to block the access to your Mobile Banking account then you may follow the following procedures to disable your Mobile Banking access.

  • Try to login with your user id and wrong passwords for more than 5 times, as you know user id gets disabled if you exceed more than 5 attempts with wrong passwords.
  • Approach your branch to get it disabled

Steps for using Mobile Banking Services

Registration

A user has to subscribe for Mobile Banking Services through branches and fill application form no. PNB 1167.

The passwords will be delivered at branches and user shall collect them from the branches where the application form was submitted.

For other functionalities like reset password, change of security questions answers, change of mobile number, disabling of facility all requests have to be submitted in the branch only.

Mobile Banking is available through different types of flavors:

  • Manual SMS
  • Thin client GPRS
  • Thick client SMS
  • Thick client GPRS

Pre- requisites for the different flavors?

  • Thin client GPRS – Requires a mobile with support for mini browser and a data plan that supports GPRS
  • Thick client GPRS – Requires a mobile with Java capabilities (MIDP 2.0 and CLDC 1.1). This also requires a data plan that supports GPRS
  • Thick client SMS – Requires a mobile with Java capabilities (MIDP 2.0 and CLDC 1.1).
  • Manual SMS – Any mobile with SMS capabilities

Manual SMS (SMS Banking)

All users having any basic handset can avail this facility.

Functionalities available through Manual SMS

The user enters SMS message on any facility to be availed by him and send the same to fixed number- 5607040.

Various SMS messages which can be sent

  1. Balance Inquiry
  2. KEYWORD, SMS PASSWORD and ACCOUNT NUMBER
    e.g. BAL 5122 015300XXXXXXXXXX

  3. Mini Statement Inquiry
  4. KEYWORD, SMS PASSWORD and ACCOUNT NUMBER
    e.g. MINSTMT 5122 015300XXXXXXXXXX

  5. Account Statement Request
  6. KEYWORD, SMS PASSWORD, MONTH, ACCOUNT NUMBER
    E.g. STMT 2222 JAN 015300XXXXXXXXXX

  7. Self Transfer of funds
  8. KEYWORD, SMS PASSWORD, FROM ACCOUNT NUMBER, TO ACCOUNT NUMBER, AMOUNT
    E.g. SLFTRF 2222 015300YYYYYYYYYY 015300XXXXXXXXXX 100

  9. Stop cheque
  10. KEYWORD, SMS PASSWORD, CHEQUE NUMBER, ACCOUNT NUMBER
    E.g. STPCHQ 2222 981 015300XXXXXXXXXX

  11. Cheque Status Inquiry
  12. KEYWORD, SMS PASSWORD, CHEQUE NUMBER, ACCOUNT NUMBER
    E.g. CHQINQ 2222 981 015300XXXXXXXXXX

  13. Cheque book request
  14. KEYWORD, SMS PASSWORD, ACCOUNT NUMBER, MBANKING USERID, NUMBER OF LEAVES FOR CHEQUE BOOK
    E.g. CHKBK 2222 015300XXXXXXXXXX SAREEN 20

  15. Mail to Relationship Manager
  16. KEYWORD, SMS PASSWORD, MESSAGE

    E.g. MSG 2222 Unlockmyd

  17. Change SMS Password
  18. KEYWORD, SMS PASSWORD, NEW SMS PASSWORD
    E.g. CHNGPWD 2222 2525

Requirements for Thin Client GPRS and Thick Client GPRS

  • The handset should be GPRS enabled.
  • The GRPS connectivity has to be enabled from the service providers whose connection is being used by the customer.
  • For enabling GPRS customer need to contact the service provider on their customer care number and get the GPRS enabled.
  • To check whether GPRS has been enabled, try opening any website through the mobile browser. E.g.(www.google.com)

Using Thin Client GPRS

  • After activation of the passwords the user accesses the mobile banking website https://mobile.netpnb.com
  • User has to choose Registration option(at the time of first login)
  • All the flavors are displayed and user selects the desired flavors to subscribe.
  • Registration is complete and user logs out.
  • User opens the website https://mobile.netpnb.com
  • In case of thin client services, the concerned link is clicked and he/she enters his/her details of user id and login password. User id will be informed by the branch concerned where application form was submitted by user.
  • The user has to accept the terms and conditions and forced to change his/her login password (first time login). If user has availed for Transaction facility then user will be forced to change his transaction password (first time login).
  • Then the user can start using thin client GRPS for accessing Mobile Banking.

Steps:

  1. Enters user id and login password
  2. Selects the mobile banking flavors. The customer can choose all the flavors based on his requirements by check marking the box.
  3. Logs out to complete registration
  4. On first login user is asked to change sign on password. Remember & character is not allowed in passwords. The new password has to be alphanumeric with one special character like @, # etc. Minimum length of the password is six characters.

Functionalities available:

  • Account Details
  • Account Statement
  • Offline Request (FD Opening, NEFT, RTGS)
  • Activity Inquiry
  • View Balance- online
  • Online Mini Statement (last 10 transactions)
  • Self transfer of funds
  • Online stop payment of cheque
  • Cheque Status inquiry
  • Mail to Relationship Manager
  • Changing Login and Transaction Password

Using Thick Client GPRS

  • After completing the registration, user opens https://mobile.netpnb.com again through his mobile handset.
  • Logs in and chooses the downloading client option
  • Two links will be shown, Thick client GPRS and Thick client SMS.
  • Based on the handset user selects Thick Client GPRS
  • The client is downloaded on the handset
  • Now invoke the downloaded client.
  • Enter the user credentials.
  • mPIN has to be entered by the user himself and these details are entered by the user on every login
  • The user can start using thick client GPRS.

Functionalities available in Thick GPRS Client

  • Third Party Transfer of funds ( within PNB branches)
  • View Balance
  • Account Details
  • Nominee Details
  • Account Statement
  • Online Mini Statement
  • Self transfer of funds
  • Online stop payment of cheque
  • Cheque Status inquiry
  • Mail to Relationship Manager
  • Changing Login and Transaction Password
  • Offline Request (FD Opening, NEFT, RTGS)

Synchronise data

This option is used to synchronise account related information between clients application stored on handset and Banks mobile banking server.

Thick SMS Client

Thick SMS will have all the functionalities extended through thick GPRS client except, Nominee details and offline requests (FD opening, NEFT request and RTGS request). The screen shots will be similar to thick GPRS client.

Issuance of duplicate/fresh password

Approach your branch for issuance of duplicate/fresh password. The password will be sent to same branch.

Adding more accounts to existing user id:

If you want to attach more accounts to your existing user id, then contact your branch. Submit the request for adding new accounts to the Relationship Manager (RM) at branch. Only accounts with same capacity can be added to existing user id.

Change of Mobile Number

If you want to change your mobile number for using Mobile Banking, contact your branch. Submit the request for changing your mobile number.

Changing your Security Questions

If you want to change your security questions ie, Date of Birth, Mother’s Maiden Name, Pin Code contact your branch. Submit the request for changing security questions.

Security Tips

Handset/ Mobile Browser Settings

  • Install anti-virus software on your mobile handset to protect against viruses. If already installed, then ensure its updation on a timely manner.
  • Download and run security updates and patches on your mobile browser. This helps in protection from known possible security problems.
  • Install a firewall on your mobile handset or enable the same if your handset comes with a firewall.
  • Remove all the temporary internet files after using mobile banking services.
  • Delete the browsing history of your mobile browser on a regular basis.

Emails/ Data/ Links/SMS from Unknown Sources

  • Do not open attachments or links from unknown sources. This helps in protection from viruses or other unwanted problems.
  • Type in the URL for mobile banking in the mobile browser, instead of clicking on any link. This will ensure access of the authentic website of the bank.
  • Act with caution while installing any third party software on your mobile handset to avoid spyware. Do not install pirated software or software from unknown sources.
  • Delete spam messages.
  • Be aware of the potential for fraudulent SMS messages. The Bank will never request or invite customers to logon to its mobile banking service via a SMS message.
  • Check that the security padlock on your internet browser is “locked” to ensure the connection is secure and protected by SSL. You should also check that the URL starts from ‘https’ and not ‘http’.

Unauthorized Access

  • Do not share your mobile banking credentials (user ID, passwords) with anyone.
  • Do not share your mobile handset with untrustworthy people, to restrict unauthorized access.
  • Do not leave your mobile phone unattended during an open mobile banking session.
  • Always disconnect from the Internet when you have finished your mobile banking session.
  • Avoid performing transactions or applications in public places. This helps in minimizing the risk of security threats such as “shoulder surfing” of mobile banking credentials.
  • Ensure all other Internet sessions are closed before you logon to mobile banking session. Do not open other Internet browser sessions and access other sites, while accessing your mobile banking application. This can help to ensure your financial information remains confidential and guard against unauthorized access via other websites.
  • Always remember to log off properly using the “Logoff” button when you have finished your mobile banking session.
  • Do not save your mobile banking credentials user IS, passwords in the phone’s T9 dictionary. This helps to reduce the risk arising in case your mobile phone is lost or stolen.
  • Keep your mobile handset in an auto lock mode to provide additional protection.
  • Do not logon to the mobile banking application from a mobile handset that is shared with other people, as it may be difficult to ensure the handset is free of hacker or spyware.

Monitoring

  • Monitor your account regularly and always keep a record of your transactions.

Wireless Access

  • While using Wi-Fi access, ensure that adequate security measures have been implemented on your mobile handset to protect your mobile handset against virus and attacks from other Wi-Fi users.
  • Switch off the blue tooth function of your handset when not in use. This protects from virus attacks.

Other Security Features in-built in PNB Mobile Banking Services

  • 128 bit encryption: Security padlock on the mobile browser proves that it is secure and protected by SSL.

Mobile Banking URL starts from ‘https’ and not http.

  • Webserver certification by Verisign:
  • Dual authentication: A user is provided with separate passwords for both login and transaction in case of thick and thin client application.
  • Session Time out: If you leave your mobile handset idle for a certain period of time during a mobile banking session, the session will automatically be terminated to help prevent unauthorized access.

Phishing

Phishing is a form of social engineering attack used by cyber criminals to steal sensitive information. Customers of leading Banks throughout the world have been a target of Phishing. Phishing uses Spam mails to deceive consumers to disclose their credit card numbers, bank account information, passwords, and other sensitive information. Phishing attacks involve the mass distribution of spoofed e-mail messages with return addresses, links, and branding that appear to come from legitimate businesses the potential victims deal with—for example, banks, insurance agencies, retailers, credit card companies, or Internet service providers (ISP).

The Phishers tell recipients of the spoofed mails that they need to “update” or “validate” their billing information to keep their accounts active, and then direct them to a web site that looks like that of the legitimate business. The unsuspecting consumers submit their financial authentication information to what they believe to be their legitimate business contact, but in fact it is going to the scammers who use it to order goods, services, and obtain credit leading to identity theft.

How to Avoid Becoming a Phishing Victim

If you receive an e-mail that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the e-mail. Instead, contact the Bank using a telephone number or Web site address that you know to be genuine.

Never download software or files from an unknown source; they might contain phishing Trojans.

  • Don’t trust suspicious e-mail headers and avoid filling out forms in e-mail messages.
  • Verify the legitimacy of a web address with the Bank directly before submitting any personal information.
  • Don’t click on a link in an e-mail message from a company until you ensure the legitimacy of the company.
  • Protect yourself through education and thorough evaluation. Don’t trust everything you read.
  • Verify the legitimacy of the company first before acting. Make a phone call to your branch if you smell any thing fishy
  • Be alert to phishing messages.
  • We do not contact our customers via e-mail to request that they update their files or to verify an account or security setting.
  • We would never ask to provide your username, password, credit card number, full name, bank account number etc by mail.
  • If you do go to a link offered in an unsolicited e-mail, check to see if there are two things at the site:
    an https—with an “s” after the http in the address and a lock at the bottom of the screenIf you see both, then proceed with the transactions you intend to do. 

    • Ensure that the emails would not contain any embedded links or ask the users to fill information in forms.
    • Email from the bank would never ask the users to download software program from other sites or ask them to go to other sites apart from known banking sites.
    • Always visit the web site by directly typing in the address in the browser and to look for secure website indications (https connection and lock icon) when submitting username, password, credit card number or other sensitive information via the Web browser.
    • Users should always be suspicious of any email with urgent requests for personal information.
    • Keep your browser up to date with all the security patches applied.
    • Have well configured personal anti-spam and anti-virus software on the computers.
    • Use a simple pop-up blocker to help in stopping automatic execution of malicious code.
    • Use anti-spyware tools occasionally to remove any lurking Spywares from the computer.

CHECKLIST

Here are some helpful tips to improve internet security:

  • Keep your User-id and passwords secret.
  • Select password which is difficult to guess.
  • Do not write or disclose your passwords even to officials of PNB
  • Destroy the password mailer after changing the passwords
  • Change passwords periodically.
  • Use virtual keyboard shown on the screen, to enter passwords.
  • Avoid accessing PNB’s Internet Banking from Cyber-cafes or shared networks
  • Protect your computer with adequate anti-virus solutions[source]

Be the first to comment

Leave a Reply