FAQs for Two Factor Authentication in Internet Banking

Authentication refers to establishing the identity of the customer (typically user from Internet Banking perspective). There are various ways to establish the identity of the user, first there should be something unique to the customer (say User-id). However, Userid can easily be tracked. Hence for establishing the identity of the user, user needs to key-in something which he knows (Eg: Password). Two factor Authentication is a combination of two different modes of authentication:

 
  • What the user knows : Passwords, TPIN etc
  • What the Users have: OTP over Phone, Digital Signature Certificate etc.

LVB offers two different types of Second Factor Authentication. They are as follows:

 
  • OTP (One Time Password) over Mobile for all Retails IB Users.
  • Digital Signatures Certificate Token for our Corporate IB users. Retail IB users can also opt for Digital Signature Certificate Tokens.

No, second factor authentication is mandatory for carrying out financial transaction (except transaction to his own accounts, deposit opening or loan repayment) and certain non-financial transactions such as Stop Payment, Beneficiary Addition etc.

No, Second Factor Authentication is not necessary for Own Account Transfers.

OTP Stands for One Time Password. For certain Financial and Non-Financial transactions, customer will have to authenticate using one time password received over his Mobile Phone, in addition to the Transaction Pin being used.
Customer has to key in the One-time password along with the T-Pin for completing the transaction successfully. In case, if the user doesn’t receive the OTP, OTP can be regenerated using the ‘Regenerate OTP’ button in respective screen.

As mentioned earlier, OTP provides second factor of Security and control for the transaction initiated. This prevents others from misusing your Online Banking account.

Yes, second factor authentication is mandatory for carrying out financial transaction (except transaction to his own accounts, deposit opening or loan repayment) and certain non-financial transactions such as Stop Payment, Beneficiary Addition etc.

No, System will enable OTP for the registered mobile numbers by default, for all the Internet Banking users from 1st March, 2015 onwards.

It is free of charge. When your mobile number is on international roaming, corresponding SMS charges may be applied by your network provider.

No, OTP will be sent to the registered mobile number only. Hence, it is necessary for the user to keep the Registered Mobile Phone while doing transaction.

No, every 8 digit OTP sent will be transaction specific and hence it is valid only for that particular transaction and cannot be used for any other transaction.

Every OTP generated will be valid for 10 Mins and can be used for one transaction/request only.

OTP can be sent through either of these two different Channels.

 
  • Registered Mobile Number in the form of SMS
  • Registered EMAIL id.
 

By default, OTP will be enabled in the SMS Channel. For NRI customers, E-Mail id will be delivery mode for OTP.

OTP will be sent only for the domestic (Indian) operator Numbers, In case of Foreign Operators, Customer can opt for Email as the mode of OTP delivery. We also recommend the user to secure their mail from unauthorized usage/viewing.

OTP will be sent only to the registered mobile number, if the registered Mobile number is enabled for International Roaming, OTP will be delivered. However, subscriber charges for International roaming will apply. The OTP delivery will depend on the Telecom Service Provider arrangements with TSP at respective places.

Yes, you need to request for changing the Mode of OTP Delivery as ‘E-MAIL’ by submitting a request, and receive OTP via Email.

You cannot complete the transaction if wrong OTP is keyed in. For security reasons, OTP will be disabled, if incorrect OTP is keyed in continuously.

You can visit your Home Branch and submit a request letter for change of Mobile number. Mobile Number will be changed in 2-3 working Days.

Either you are entering an incorrect OTP or you had regenerated OTP multiple times. Always the last generated OTP will be active. In such case, you may close the transaction and reinitiate it.

  • Yes, if you have active Savings/Current Account with Netbanking Facility, you can open Online Term Deposit accounts.
  • Update your mobile number/E-Mail id with your base branch at the earliest possible, in case of change in Mobile number/E-Mail id.
  • Ensure that sufficient space is available in the Inbox of the Mobile device
  • Ensure that message with sender-id as ‘LVBANK’ is not screened/blocked or marked as SPAM.

There are various reasons for the non-delivery of OTP. Some of them may be as follows:

 
  • Change in the Mobile number and is not registered with the Bank.
  • Message with sender-id as ‘LVBANK’ has been marked as ‘SPAM’ or blocked in the mobile device.
  • Customer Mobile is not having enough Storage Space for receiving Messages, device or messaging service of Phone is not working- Mobile phone memory to be checked.
  • Mobile accounts if in roaming plan or if barred from receiving text messages , SMS might not be allowed/delivered
  • Mobile network related problems, where there is a technical issue like Busy SMS center in the Service operator side due to which SMS is not being delivered.

If all the above conditions are checked but still the OTP are not getting delivered, customers are requested to contact the base branch for more information.
Digital Signature Certificate

Digital Signature Certificates (DSC) are the digital equivalent (that is electronic format) of physical or paper certificates. Examples of physical certificates are drivers' licenses, passports or membership cards. Certificates serve as proof of identity of an individual for a certain purpose; for example, a driver's license identifies someone who can legally drive in a particular country. Likewise, a digital certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally.

 

Digital Signatures are legally admissible in a Court of Law, as provided under the provisions of IT Act 2000 and its subsequent amendments.

 

A valid digital signature instill confidence in the recipient to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity).

Advantages of Digital Signature Certificate:

 
  • It helps in ensuring the integrity of the transactions, any changes in the amount or other details can be easily detected and frauds prevented.
  • It establishes your identity easily, it won’t be possible to spoof your identify.
  • It is legally valid in India and recognized by the IT Act 2000.
  • You can reset your Login Password and Transaction Password online . only when
  • you opt for a Digital Signature Certificate The same can be used for signing other purposes such as filing MCA21 returns, signing documents/mail digitally, for e-filing of Income tax returns etc.

The Certifying Authority Issues the Digital Signature Certificates. Certifying authority is licensed under the Ministry of Information Technology, Government of India to issue Digital Signature Certificates to customers. There are different classes of Digital signature certificates.

You need a Class3 Digital Signature with a validity of 2 years or more and a USB crypto token for storing the same.

Bank has entered into tie-up with Certifying authority, so as to enable our customers to buy Class 3 Digital Signature Certificates and USB crypto tokens at very attractive rates.

No, we allow Class 3 Digital Signature Certificates only.

Yes, you can use your existing DSC, if it is issued by a Certifying Authority in India. However, it should be a Class 3 certificate for doing transaction in LVB Internet Banking.

DSC is issued for individual users and hence it need to be procured for each and every user. If there are more than 1 authorized user for the Internet Banking account, then each user need to purchase separate DSC.

USB Crypto Token is a USB device which is portable in nature and holds the Digital Signature Certificate in it. The private key, which is used for signing the transaction, is protected using a PIN. The device will be pre-loaded with requisite drivers and software’s required. On plugging the token, the drivers and software will be automatically installed. For completing Transactions in Internet Banking, system will prompt you to enter the PIN.

After Applying for DSC and making the requisite payment, USB Crypto Token will be mailed to your address mentioned in online form. Once the KYC check and Processing of Application is completed, a mail will be sent with credentials for downloading the certificate. You have to plug in your USB crypto token and download the certificate to your Token. Detailed procedure is provided in bottom of this document. Please refer the
Question No 38 for more details.

The class3 Digital Signature Certificate (DSC) is valid for 2 years. You need to renew the DSC before expiry of the same.

Yes, there will be a charge for renewal. Alert will be sent 30 days prior to the expiry of the DSC reminding you to renew the Digital Signature Certificate.

No, DSC registered in other person’s name cannot be used by you.

You need to inform the Bank team /E-Mudhra certifying authority at the below mentioned numbers for blocking the Registered DSC and also for revoking the certificate.

No, if the device is damaged or lost, then the token and the digital certificate need to be re-procured freshly. If the device is formatted , then the digital certificate need to be re-procured freshly. The Digital signature certificate should be revoked in both the cases by informing the certifying authority or the Bank at following numbers:
 
Bank 1800 425 2233
eMudhra Certifying Authority 080-43360000

Procedure for Applying for Digital Signature Certificate:

 
  • Visit the URLhttps://www.e-mudhra.com/lvb for applying for Digital Signature Certificate
  • Agree to the terms and conditions and then fill in the details required for registering for certificate.
  • On successfully furnishing the details, you will have to make payment for the Digital Signature certificate and the Tokens.
  • On successful payment, you will receive a reference number.
  • Take a print out of the application, sign the same and keep it ready along with supporting documents.
  • E-Mudhra Certifying Authority representative will reach you in person for doing the KYC check and will collect the application form and other supporting documents.
  • USB crypto token for downloading the Digital signature certificate will be mailed to your address mentioned in the KYC form.
  • If KYC is successful, an e-mail will be sent with credentials for downloading the certificate.
  • The e-mail will contain the procedure for downloading the certificate into the USB Crypto token. Download the Certificate and you are ready to enroll your certificate in Internet

Following are the steps to download DSC


Step-1:
To download your Digital signature Certificate refer to your mail containing Subject line “e-Mudhra - Your digital signature application is approved” . This mail contains your Application Number and Challenge Code. Using this details, you have to login eMudhra website to download the Digital signature certificate.

Email:


Step-2:
Select the “Click Here” Option in the Mail to login into eMudhra website for downloading the certificate. Once it is logged in you have to enter the application ID no, challenge code and date of birth as per the approval mail received

 


Step-3:
Once you click on Submit button the page will be redirected to the - details confirmation page, where in you have to confirm all the details are correct as per your supporting documents and application form provided to eMudhra.
Note: If there is any mismatch in the - details, mark that - as ‘No’ and enter the rejection reason, further click on reject button and contact to the eMudhra help desk (080- 43360000) or info@e-mudhra.com for rectification.
Select Yes button if the details are correct.

 


Step-4:



Once you click on Agree and download, it will prompt you to enter the token password. Please enter the token password which you had set.


Step-5:
After entering the token password the key pairs will start generating. During this process, don’t click on refresh or back or interrupt the IE.

 



Click on OK button after entering the token password. The below POP UP message will be displayed on the same page, click on yes to get your key generated.


Step-6:
Click on OK button to get your certificate imported to the hard token.

 


Plug out the token by using the safe remove option and plug-in once to get your certificate reflected in the hard token.
After the successful download of the certificate in the hard token, do not Re-initialize the hard token, the digital signature certificate will get deleted from the token. The only solution is to reapply for the certificate again. If you are facing problem with the token please contact to the eMudhra help desk (080- 43360000) or info@e-mudhra.com for rectification.

You need to enroll the Digital Signature Certificate in Internet Banking, before using the same for initiating the transaction.

 

Steps for Enrolling are as follows:

 
  • Login into Internet Banking
  • Plug in your USB crypto token with Digital Signature Certificate.
  • Choose the Enrollment Menu.
  • A screen will be displayed with your user-id, click on the Enroll button below.
  • A New screen will be displayed with Certificate Details and an option to print.
  • Click on the Print button, take a printout of the PDF document, sign the same and send it to the Bank’s Team for further processing.
Following are the Sample steps in Third Party Transfer Transaction:
  1. Customer initiated the Funds Transfer by entering the necessary details.
     

  2. Customer verifies and confirms the details entered for the Funds Transfer
     

  3. On Clicking the Confirm button, System will display the Digital Signature certificates which are stored in the hard token. Customer should select the appropriate Certificate and click on Sign Button.
     

  4. System will prompt the user to enter the Password
     

  5. Enter the PIN and click on the OK button. On successful validation of Digital Signature Certificate, system will process the transaction and successfully complete the Funds transfer.