Instructions for Browsing Through your Leumi Account
The Internet provides diverse services but also bears many risks. We therefore consider it very important to follow some basic rules for secure browsing.
Protecting your identification details:
Your Leumi identification information are private and confidential. Identification information also includes email addresses, identification numbers, credit card numbers, etc. Do not share them with any other person, or keep them in a way which can be found and used .
When identifying yourself to the system, make sure that there are no unauthorized people around you.
Never give your personal password to anyone, even if they identify themselves as Bank Leumi or with the Bank. If you are asked to divulge your personal password, do not do so! Report this immediately to the supervisor of the Leumi support center.
Do not keep your identification details on your computer for fear of exposure to Trojan Horses or file-sharing software (such as e-Mule), which enable access to files on your computer.
When registering for other websites, do not use the same identification information (username and password) used for your Leumi account.
Accessing the system:
It is recommended to avoid browsing your account on computers with unknown security levels.
When you connect to the system, avoid opening windows to other websites at the same time.
When accessing the bank’s web site, type in the URL, www.leumi.co.il, manually.
When accessing your account, verify the authenticity of the site using the following characteristics:
When using Internet Explorer 8, Mozilla Firefox 3.5, Safari 3.2, Opera 9.5 and Google Chrome, or more advanced version of these browsers, the URL appears on a green background, and displays the name of Bank Leumi le site-Israel LTD. Pressing the name of the site will display the message (see example). This is a sure indication that this is the bank's website.
When Using Internet Explorer:
When browsing your account, make sure that the identification page URL begins with https://hb2.bankleumi.co.il, which is proof of the real web address for browsing your online account.
Browsing your account is executed in a secured environment. Make sure that the letters https appear at the beginning of the URL, which indicates an encoded communication, compared with http, which indicates a regular communication.
At the time of identification on the system and while working regularly on the system, make sure that the website pages are coded (SSL coding). When communication via the bank is encoded, a closed, golden lock icon will appear at the bottom of the screen in Internet Explorer 6 (see example below). In Internet Explorer 7 the icon will appear in the ruler at the top section of the screen (see example below).
The Internet Explorer 6 security icon:
The Internet Explorer 7 security icon:
Working on the System:
When accessing your account, the date and time of your last communication with the system will appear. Please check that the data that appears is correct.
If you are accessing the system, take care to prevent others from looking at or taking down your personal information.
When exporting data and saving files on your computer, you should encrypt the files using an encryption tool. Under no circumstances should you save data files on a public computer.
Verifying the Leumi website on the internet:
At the beginning of your visit to the Leumi website, ensure that the site’s general form and external appearance are familiar to you.
When browsing your account, make sure that you have reached the Bank’s secured website (direct browsing / Leumi Premium), by viewing the VeriSign confirmation. In order to view this confirmation, click on the orange VeriSign icon, located on the axis screen in your account (see example). You will then receive a page presenting the confirmation.
Example of the VeriSign icon:
Alternatively, you can double-click on the yellow lock and a certificate issued by VeriSign will be presented, which includes the validity date of the certificate. If you do not receive a notice certifying Leumi’s identity, notify the support center immediately and work according to their instructions.
Sample of confirmation certificate:
Exiting the system:
After 20 idle minutes on the system, your connection will be terminated automatically. However, do not wait for automatic disconnection and execute an initiated disconnection using the "logout" button.
When terminating use of the system, especially on an unknown computer, you must close the browser. After exiting the system, accessing the system will only be possible by means of re-identification.
Treatment of passwords:
Choosing a password – When first accessing the system, you have to type in the initial user/password information that you received, then immediately replace it with your own personal password. It is important that the password is random, difficult to guess and easy for you to remember. The password should include at least six characters that include letters and numerals.
Changing the password –Your personal password can be changed at any time and it is recommended to change it whenever there is a fear of disclosure. In order to change the password, click on the “Setting” option in the upper menu. In the window that opens, select the “change password” option.
Towards the end of 180 days from the first time that your password was changed, the system will present you with a warning notice to change the password. If the password is not changed at the end of 180 days, it will be blocked from the system.
A blocked password – The password will be blocked from the system after five unsuccessful typing attempts.
Clearing the password – In order to clear a blocked password, contact the Leumi support center via telephone or email.
Working withremovable media (CD ROM/floppy disk/USB flash drive) while executing transactions:
Removable is intended to reinforce the identity of the transaction executor.
Using removable media at the time of executing the transaction is executed in cases in which the work is defined in this configuration. The default is executing a transaction without examining the removable media.
There is a unique key in the removable media. When executing transactions, the system examines and verifies the existence of the unique key. If the examination is in order, the system allows work to continue and replaces the key with a new key. Alternatively, a message that the removable media has not been identified and that the transaction will not be executed is displayed.
Working with cookies:
Cookies are encrypted at a high level
Cookies do not include your personal information
For additional expanded information click on the links: