Tips on security measures when using the NLB service Click "E-BANKING"

In order to use the Internet safely, it is important to take the following measures:

1. Protection of personal data such as (Username, Password, Code on the TOKEN device and Code on the mToken application) 

• Remember the Username and Password, change the latter often, and make sure they are not easily divulged, e.g. do not use words found in dictionaries, city names, family members' names or birth dates.     
• Remember your Password, instead of writing it down and keeping it on a piece of paper.     
• If you choose to store your written Password, then this sensitive information should be stored in a secure location.     
• As sensitive information such as: Username and Password do not share with anyone.

2. Protection against potential fraud 

• Banks and financial institutions are sometimes prey to the so-called "PHISHING" fraud, which means fraud attempts, but customers are the most frequent target of such fraud attempts. This is a form of online fraud where customers are tricked into disclosing CONFIDENTIAL information to a fraudulent WEBSITE to fraudulent users. Example: when someone poses as a bank representative, who sends electronic orders or calls customers asking for information such as: User, Password or Code presented on the TOKEN Device and Code presented by the mToken Application. We assure you that the Bank's representatives will never ask for such information via e-mail or phone, so be careful and never share your information with anyone who may appear on behalf of the bank via phone or email.
• Another case of PHISHING fraud is when a fraudulent user designs a WEBSITE that resembles the WEBSITE of https://nlb.banka-ks.com/Account/Login. To avoid such a risk, you should take care that you are using the WEBSITE provided by NLB Banka Sh.A. When you enter the NLB Klik site, in the online banking system, before entering your data, make sure that you are starting a secure session (SSL encrypted) which presents the padlock as in Fig. 1. Then you need to enter the secure site and verify the security certificate. To ensure that you are communicating with the banking system of NLB Banka Sh.A, you must click on the padlock shown in Fig. 1, the information presented will serve you to verify the security certificate given to you by The company, in our case, is currently (2048 bit – Secure Certification Authority) and carefully look at the validity of the certificate, as in Fig. 2. Checking the URL address in Internet Explorer, Internet Edge, Google Chrome and Mozilla Firefox browsers which is:
  https://nlb.banka-ks.com/Account/Login

Fig. 1

Internet Explorer

Internet Edge

Google Chrome

Mozilla Firefox

Fig. 1/1

By clicking on Certificate (Valid), from Fig. 1/1, the page will open as in Fig. 2, which allows you to check the details of the certificate, which are listed below:

Issued by: banka-ks.com

Issued by: “Cloudflare Inc ECC CA-3”

Valid from: 03/07/2020 until 03/07/2021  (certificate dates are automatically refreshed and may be different from the dates shown in the picture) 

Fig 2

3. Computer protection and security tips 

• Once you have access to the Internet connection, it is important to protect your computer from access by unauthorized persons or from dangerous programs.     
• Suspicious WEBSITES, suspicious pictures, viruses, e-mails and others – On your computer it is important to have ANTI-VIRUS, FIREWALL and ANTI SPYWARE programs installed that may come with your computer or provided by the service provider of the Internet. The FIREWALL program protects the computer from malicious attacks from the outside, and is similar to the ANTI-VIRUS program. SPYWARE is a program that is installed on your computer without your knowledge and it keeps track of your actions (passwords, codes, etc.) while using the computer and the Internet. Therefore, an ANTI-SPYWARE program is necessary to protect the computer from these attacks. Make sure these programs are updated regularly.     
• Using the banking system on a public computer is not advised, as it is difficult to know how secure these computers are.     
• Preferably use the latest version of the web browser, which includes all the latest security information. With your network provider, regularly check browsers for any new security information available.     
• Check with your operating system provider regularly to see if security information has been released in use.     
• Do not perform financial transactions on e-Klik from devices that are not yours, as they may be insecure.     
• If you believe or suspect that your username, password, PIN, or any other form of access to your account is known to another person or that someone may attempt to use e-Klik without your prior consent, you you must necessarily inform the Bank and make sure that you have received the confirmation of blocking access.

 You can contact the bank by phone 0800 50444 (free), 038 744 100 (paid) or via e-mail sherbimiperkliente@nlb- kos.com.

4. Information to consider about the physical TOKEN 

• TOKEN is a security device used to generate One-Time Password OTP. The code is presented by pressing the button found on the TOKEN device thus presenting the security algorithm of 8 numbers.     
• Through the combination of the device TOKEN, user ID and password, the customer is identified in the NLB e-Klik system.     
• The code presented in the TOKEN device automatically disappears after 20 seconds and for the next connection to NLB e-Klik the user must press the code generation button again.     
• You should be careful as generating the code on the TOKEN device 10 times in a row, without using it to connect to the NLB e-Klik website, will cause the TOKEN device to be blocked.     
• If you made a mistake 5 times in a row in entering the code presented by the TOKEN device to connect to NLB e-Klik, then the TOKEN device goes out of synchronization. In this case you need to contact the bank to enable synchronization of the TOKEN device and its further use.

5. Information to consider about the M-TOKEN application 

• mToken is a mobile application used to identify users and confirm the transaction made through the e-Klik banking service.    
• mToken performs the same function as the physical token, the difference is that the token application is installed on the mobile phone, which makes it more convenient and easy to use.     
• When you start the registration to use mToken on your mobile, it is necessary to type the activation code. After that, you will be offered the opportunity to select and confirm the PIN that you will use every time you access the mToken mobile application.     Internet access is only required when downloading the application, for activation (initial initialization of the application), and when changing the PIN. After downloading and activating mToken, internet access is no longer required, which makes the mToken app available both domestically and abroad. This way you don't have to worry about the cost and quality of the internet service.     
• mToken can be used in three languages: Albanian, English, Serbian.     
• mToken offers the same level of security as a physical token and is also protected by a PIN that only you know. You can change your mToken PIN at any time.     Important: You should install mToken app on your phone only from official platforms.

Apple AppStore (for Apple phones and iOS operating system)

Application address : https://apps.apple.com/us/app/nlb-token-kosova/id976570083

Application view:

Google Play Store (for phone models using the Android operating system)

Application address: https://play.google.com/store/apps/details?id=hr.asseco.android.mtoken.nlb.ks

Application view:

6. Protection from suspicious emails 

• If you have received an international money transfer email, we advise you to first verify the accuracy of your business partner's receiving account information. You can do such verification through alternative ways such as: Phone, SMS, etc.     
• You should make international transfers with e-Klik only from devices that you consider to be safe and uninfected with viruses or other harmful programs.     
• The sender (you) is fully responsible for the data submitted to the bank: the beneficiary, the partner, the IBAN, the beneficiary bank and the destination of the transfer.