To ensure that access your Bank Accounts using the Mobile Banking Service, you must adopt and maintain the following security procedures and such other guidelines all the times as may be provided in this regard by the Bank.

Habib Metropolitan Bank Limited, referred to as “Bank”, has a heavy reliance on the Information Technology Infrastructure and electronic information. Facilities and information resources are required by the employees to expand on the knowledge and analyze the information. This also provides the means to interact with customers and other people. The open access to the information is needed for conducting the business of the company effectively and for well-informed business management; this, however, brings the risk of accidental or deliberate actions that can damage the Bank and its customers.

• Fraudsters have kept on creating, convey more modern, viable, and malignant techniques to trade off security, and increase unapproved access to online records.
• Rapidly developing sorted out criminal gatherings have turned out to be more spent significant time in monetary extortion, and have been effective in trading off an expanding cluster of controls.
• The Bank’s objective in giving this program to our customers is to help ensure your online record and exchange data from malicious sorts of occurrences. The Bank is focused on securing your own data. A few distinct strategies to ensure the protection of your data. Notwithstanding the security highlights set up by the Bank, here are a few stages you can take to keep your own data secure

• Register your Mobile Handsets using Device Management feature in Web Banking Application. For security reasons, you need to register your Handsets using your Handset’s International Mobile Equipment Identity (IMEI) Number, to ensure that your account can only be accessed through your registered Handset.
• HABIBMETRO mobile application supports multiple authentication mechanism such as fingerprint scanner login and PIN etc. We recommend to opting for fingerprint scanner if your device supports fingerprint scanning, to enhance the level of security.
• Never give your Handset to anyone for using the Mobile Banking Services. In case of any breach due to this act, the Bank shall not be liable for any loss and/or damage which may consequently occur.
• Never leave the Handset unattended while you are using Mobile Banking Service.
• Never download mobile banking application from any third party websites; this may pose a serious threat to your mobile banking account.
• Never click on malicious URL on mobile phones to avoid malware infection.

• Always set strong passwords that may include alphanumeric, special, and upper / lower case characters.
• Always change your Login Passwords regularly and shall do so whenever the Bank requires you to do so.
• Always use passwords different from your previous passwords at the time of password change.
• Never store your user password on your mobile handset for the automatic login of Mobile Banking Application
• Never reveal your password/PIN on the phone call, we never urge any phone-banking agent to ask such information.
• User ID/ Password should be the preferred choice for logging in to the application.

Note: Finger Print option relies on the functionality of an individual’s cell phone; therefore, any inherent risk associated with this option shall be owned by the respective user. If you notice that your Login Password or any part of them are known to someone else, you must immediately change the Login Password or you must notify the Bank immediately by calling on our 24/7 call centre: 0800-42242 (HABIB)/ (+9221) 111 142 242.

• Identity theft includes the unlawful procurement and utilization of somebody’s distinguishing data, for example, (name, address, date of birth, social security number, mother’s maiden name, driver’s license, and bank or visa account numbers. Criminals at that point utilize the data to more than once carry out extortion in an endeavour to copy your personality which may incorporate opening new records, obtaining vehicles, applying for advances, Visas, and government managed savings benefits and setting up administrations with utility and phone organizations. It can negatively affect your credit and make a genuine money related issue for you.
• Report lost or stolen mobile devices or user id/passwords.
• Never give out any individual data to anybody whose personality you cannot confirm by any means.
• Shred any archives you need not bother with any more that contain individual data, similar to a bank.
• Do not give any of your own data to any sites that do not utilize encryption or other secure techniques to ensure it.

Phishing

• “Phishing” is an apparatus or technique utilized for data fraud. It is when fraudsters go about as though they are speaking to an association and attempt to guide the purchaser into giving individual or money related data. Once the customer is snared, the hoodlums can do enduring harm to a purchaser’s money related records. They can trap clients into giving their Identity Card Numbers, Mobile Banking / Internet Banking Credentials, monetary record numbers, and other individual data.

Vishing – “Phishing through Voice”

• A branch of conventional phishing strategies, “vishing” leading to phishing attempts utilizing telephone calls or phone messages. For this situation, customers get a pre-recorded call distinguishing particular neighbourhood money related foundation. The message educates the buyer that his or her financial balances have been freeze. The message encourages the buyer to promptly include their ATM or charge card number, lapse date, furthermore, PIN to reactivate the influenced accounts. The data got by the automated call will be utilized for unapproved transactions.

Smishing – "Phishing through SMS"

• You do not need to utilize a PC to be defenseless against online fraudsters. Progressively, mobile phone and other cell phone clients are being focused with portable spam that endeavours to deceive them into uncovering individual data. Known as “smishing,” these instant messages may approach a beneficiary to enlist for an online administration – then attempt to sneak an infection onto the clients’ gadget / mobile devices. Notwithstanding infection like “worms,” which can spread through and disturb a system, different tricks are surfacing a site that at that point concentrates such charge card numbers and other private information. “Smishing” is gotten from the recognizable “phishing, it originates from SMS, the convention used to transmit instant messages by means of mobile gadgets.

To avoid the social engineering techniques following steps shall be taken:

• Be cautious while answering to a phone call asking your bank’s information or any personal details.
• Do not open emails in the spam folder or emails whose recipients you do not know.
• Do not open attachments in emails of unknown origin.
• Avoid filling out forms in email messages that ask for personal information.
• Never purchase anything advertised through an unsolicited email.
• Be cautious when the job advertisement email claims “no experience necessary”.
• Be cautious when dealing with individuals offering business opportunity outside of your own country.
• Monitor your mobile-banking and other system activities regularly.
• Never download a software program from any website/link claiming to give a full/pirated version
• Do not fall for a lottery claiming, “You win” when you did not participate to it.

In case of any suspicious activity related to mobile banking application notify the bank immediately on our 24/7 call centre: 0800-42242 (HABIB) / (+9221) 111 142 242

Security is a Shared Responsibility, only together we can achieve it.

HABIBMETRO Mobile Banking App Registration Procedure

Customers enrolled through HABIBMETRO Mobile Banking Services will also be entitled to use HABIBMETRO Web Banking Services with the same Mobile Banking Username & Password Following are few easy steps to enroll through Mobile Banking Platform:

Step # 1     Download the App from Google Play (For Android Phones) or App Store (For iPhones) After Account Opening

Step # 2    Sign up to use your HABIBMETRO mobile app, anytime and anywhere

Step # 3    Enter your CNIC, Account Number, Registered Mobile Number and Email Address with the bank.

Step # 4    Enter OTP (One Time PIN) received on both Mobile Phone and registered Email Address (Split OTP)

Step # 5   Complete Registration by setting up a User name, Password and Secret Question & Answer's

Note: HABIBMETRO customers, who will enrol through Mobile Banking Platform, i.e. Self Service Registration can also log in on Web Banking Platform using the same username and password. User Name initially created through any of these channels will work on both web & mobile platforms.