Security Features

Kotak Mahindra Bank is committed to provide a safe and secure online banking experience and has exercised great diligence to ensure confidentiality and security of your accounts. At Kotak Mahindra Bank, we use the best industry standard security technologies and practices. Discover few of our initiatives taken to safeguard your online banking. Also explore your role in ensuring the safe and secure online banking.

  • Kotak Mahindra Bank Initiatives

    Unique User ID and Password
    • Each customer is provided with a unique combination of User ID and Password and customer is forced to change the password post first time login
    • Your password is generated through such a process that it is known only to you
    • For generation or regeneration of password online your personal information will be verified with our records and then part of the password will be sent to your preferred mobile number/E-mail Id updated with us
    Dynamic Access Code - To provide enhanced security and safety we have implemented Dynamic Access Code
    • To log in to Kotak Net Banking / Payment Gateway you would need to enter an additional password i.e. your 'Dynamic Access Code'
    • This Dynamic Access Code is to be generated online and will be sent instantly to your preferred Email ID and Mobile Number registered with the Bank
    • Dynamic Access Code is valid for 1 hour from the time of generation. It can be used only once.

    Virtual KeyPad - The Virtual KeyPad protects you from malicious Spyware and Trojan Programs designed to capture your keystrokes and thus reveal your secret password. Kotak Mahindra Bank provides the option of Virtual KeyPad, for inputting User ID-Password information for Net Banking. For your safety, keys of Virtual KeyPad get rearranged every time you select Virtual KeyPad.

    2048 Bit SSL Encryption - Kotak Mahindra Bank uses 2048 bit Secure Socket Layer (SSL) Encryption for information transmitted during an Internet Banking session, which is accepted as the best industry standard for encryption.

    Entrust Digital Certificate
    • Digital Certificates provide you the evidence of the servers authenticity which safeguards users from trusting unauthorized sites and allows the session to be encrypted
    • This is provided by a third party, the Certification Authority, which in this case is Entrust
    • You will see a closed lock Closed Lock icon at the bottom of the Internet Banking screen
    • Clicking on the lock will allow you to see the Entrust certificate authenticating the site

    Timed Log Out - To protect your accounts from unauthorized access, our system is designed to terminate session automatically if extended inactivity is detected.

    Auto Block Feature - In order to protect your account security, access to Net Banking will be automatically blocked once multiple attempts to log in are made with an incorrect User ID and Password.

  • Your role to ensure security

    Internet Banking Security Tips

    While we ensure to make sure your online transactions are secure, you also have a role to play to ensure online security. Here are some additional steps you can take to ensure the security of your transactions:

    • Password Protection
      • Change your password when you receive it the first time, and thereon regularly
      • Use passwords that are hard to guess. Avoid real words or those that can be easily identified, such as, name, family name, date of birth, telephone number, pet's name, parents' names, etc
      • Avoid using the same password on different websites. Always use unique passwords for each website
      • Do not give your password to or share your password with anybody, including the employees of Kotak Mahindra Bank
      • Notify the Bank immediately by writing to us at [email protected] or calling our Customer Contact Centre at 1800 102 6022 if you suspect that your password has become known to or used by someone else
      • We recommend you not to deregister Dynamic Access code, as it provides additional security on Net Banking / Payment Gateway.
    • Login/Browser Security
      • Always log on to Net Banking by entering the Banks website address www.kotak.com into the address bar. Do not access the bank website from a link provided in an email from any source
      • Look for the padlock Closed Lock symbol on the bottom bar of the browser to ensure that the site is running in secure mode before you enter sensitive information. Double clicking on the lock will verify that the digital certificate is issued to https://www.kotak.com/. Proceed only if such verification is available
      • Log off from Kotak Mahindra Bank's Net Banking after you complete your transactions every time. Do not just close your browser
      • Avoid accessing Kotak Net Banking from a public/shared computer. In case you need to do so then please use 'Virtual KeyPad' to input login credentials
      • Regularly log into your Net Banking accounts and check your bank statements to ensure that all transactions are legitimate
      • Clear your browsers cache and history after each session so that your account information is removed, especially if you are using a shared computer
      • Configure the browser not to remember passwords (disable Auto Complete function)
      • Beware of pop-up windows that ask for your account number and PIN (Personal Identification Number). Kotak Mahindra Bank Login pages are always on a web page and never in a pop-up window
    • Email Security
      • Kotak Mahindra Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking details like your PIN, password, account number etc, please do not respond
      • "Phishers" typically include upsetting or exciting (but false) statements to get people to react immediately. Avoid filling out forms in e-mail messages that ask for personal financial information. Communicate such information only via a secure website. Read more about 'Phishing Fraud' in our 'Types of Fraud' Section
      • Check the sender E-mail address to verify that it is from a valid E-mail account. Never open E-mail attachments from sources that you cannot trust
      • Always scan E-mail attachments for viruses before opening them. If you are unsure about the source of an attachment, delete it
      • Be alert for scam E-mails. These are designed to trick you into downloading a virus or jumping to a fraudulent website and disclosing sensitive information
      • Kotak Mahindra Bank will not embed hyperlinks in emails that take you to sites where you must enter your security information
    • Protect your computer
      • Make sure your computer has the most recent anti-virus software
      • Configure the anti-virus software to automatically update the virus definitions regularly and to notify you when new updates are available
      • Perform a complete scan of your computer at least once a week
      • Configure anti-virus software to scan all in-coming and out-going E-mails
      • Make sure your computers Operating System and browser software are updated with the latest security patches
      • Use Anti-Spyware software to do a full system scan to detect any ad/spyware on a regular basis. Ensure that you update your software regularly.
      • Install and activate a personal firewall.
      • Download and use programs from known and trusted suppliers only.
    • Protect your Information

      Your information is the most valuable asset to protect yourself from online fraud such as Identity Theft. Identity thieves try to obtain key pieces of your confidential information in order to gain access to your bank account. To protect your confidential information follow below mentioned steps

      • Safeguard your account information, just as you would do with any other sensitive personal information
      • Do not write your user ID and password anywhere
      • Always get your latest contact information updated with the bank
      • Don't carry your Cheque book around with you unnecessarily
      • Don't leave bill payments or other Cheques in your mailbox
      • Tear or shred any old Cheques or account statements before throwing them away
      • Consider online alternatives to cheque payments while making purchases or bill payments
      • Destroy or dispatch the documents containing personal information securely
      • Be wary of issuing blank cheques. They could fall into wrong hands leading to fraudulent transactions
      • Always keep blank cheques protected at your workplace/residence.
      • If any unknown person informs you of winning a reward as a result of using your debit/credit card, do not provide any information to him. It's a fraud.
    Debit/Credit Cards Security Tips
    • Do's
      • As soon as you receive the consignment carrying your card, ensure that it is in a sealed condition and not tampered with. If there is any tampering found, inform the bank immediately
      • Sign on the reverse of the card immediately on receipt
      • Always keep your Debit/Credit card in a safe and secure place. Please inform the bank immediately if your Debit/Credit card is lost or stolen, or if you suspect unauthorized use
      • Please cut the card diagonally in case it is to be disposed off at the time of renewal/upgradation/cancellation
      • Guard your Kotak Debit/Credit Card's Personal Identification Number (PIN) like you guard your cash
      • Please change your Debit/Credit card PIN immediately after overseas trip
      • Prevent others from seeing you enter your PIN at the ATM by using your body to shield their view
      • Memorize your PIN. Don't write it down anywhere, especially on your card, and never share it with anyone
      • Kotak Mahindra Bank recommends that you change your Personal Identification Number (PIN) every six months
      • Beware of advertisements and people who promise to lend you cash against the credit card. The same should be strictly refrained from
      • Please destroy and dispose of copies of receipts, airline tickets, travel itineraries and anything else that displays your card numbers
      • When selecting a Personal Identification Number (PIN) don't use any number that appears in your wallet (such as name, birth date, or phone number)
    • Don'ts
      • NEVER give a photocopy of the front and back of your card to anyone for any reason, even if it is an application for a new credit card
      • Do not hand-over your card to anyone, even if he/she claims to represent the Bank
      • Do not disclose card number, expiry date and CVV value to anyone
      • Do not use your card on websites like gaming, pornography, Lottery, gambling and unsecured payment gateways
      • Do not write the ATM PIN on the card or on a paper which you carry along with the card
      • Never sign a blank application form, to be filled in by an agent or bank representative later
    • Tips for Safe online transactions using Credit Cards
      • Please get yourself enrolled for 3D Secure (Verified by Visa (VbV)/Master Card Secure Code (MCSC)). This is now mandatory for carrying out online transactions
      • Make sure you are using a secure site while making payments through the Internet. Ensure that there is a lock icon in the status bar of your web browser. This icon indicates that the site is employing an encryption technology during the transmission of your sensitive data
      • Please keep a record of your transactions. Just as you save store receipts, you should keep records of your online purchases. Back up your transaction by saving and/or printing the order confirmation

  • Types of Frauds

    Phishing - Phishing refers to a person or a group of cyber-criminals who create a copy of an existing legitimate web page (in the name of your bank) to trick users into providing sensitive personal information. Responding to 'phishing' emails put your accounts at risk.

    To carry out this trick, the phishing scammers send fraudulent email disguised as an official request for information from the bank. Generally, they also create a look-a-like website that is designed to closely resemble the target company's official site. The fake website may appear almost identical to the official site.

    Recipients of the scam mail are requested/ lured to click on a link, which will cause fake website to open in the user's browser. The recipient will be asked to enter the user ID and Password of Net Banking. The scammers then use this information to their advantage. Very often such phishing emails may contain various spelling mistakes. Even the links to fraudulent website may contain URLs with spelling mistakes.

    Tips to protect you from Phishing
    • Never respond to any mails asking for your confidential information such as User ID, Password etc. Please note that Kotak Mahindra Bank will never ask for your password
    • Visit the bank website by always typing our URL www.kotak.com in your browser window. Never click on a link that takes you to bank's website
    • Always look for the padlock symbol on the bottom bar of the browser to ensure that site is running in a secure mode before entering sensitive information
    • Check your previous login date and time post logging into Net Banking
    • Avoid access of Net Banking from Cyber cafe or shared computer. However, if you happen to do so, please use Virtual KeyPad for enhance security
    • In case you feel you have divulged any sensitive information to fraudsters, please change your password immediately and inform us by contacting our Customer Contact Centre or write to us at [email protected]

    Vishing - Vishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VoIP) technology wherein fraudsters feigning to represent real companies such as banks attempt to trick customers into providing their personal and financial details over the phone.

    In this trick, fraudsters call up customers through an automated dialer through a computer-modem. Once the phone is answered, an automated recording is played to inform customer that customer's bank account had an illegal activity and customer should call the recorded phone number immediately.

    Once the customer calls up the recorded number, he is asked to enter his confidential information such as Account No, User Id, Password, Date of birth etc on phone keypad. Once customer enters the required details the fraudsters have all the confidential information required to carry out transactions in customer account.

    Vishers generally do not have any actual information regarding customer and would address customer as 'Sir' or 'Madam' and not by actual name.

    Tips to protect you from Vishing
    • Do not call and leave any personal or account information on any telephone system that you are asked to through any telephonic message, SMS or E-mail, especially if it is regarding possible security issues regarding your bank account.
    • Your bank would have knowledge of some of your personal details such as your first/last name. Beware of calls claiming to be from your bank's customer service centre.
    • In case you happen to receive such a message or email, inform us by calling our Customer Contact Centre or write to us at [email protected]

    Identity Theft - Identity theft is a crime in which fraudsters try to obtain key pieces of your personal information such as date of birth, mother's maiden name, passport number etc in order to gain access to your bank account, make online purchases or illegally apply for New Account /Credit Card. Fraudulent Web-sites/E-mails, misplaced account statements or personal documents, impersonation as bank staff are some of the tools used by fraudsters to gain access to customer's personal information. Revealing personal information to unknown entities puts your account at risk.

    By using gathered personal information, fraudsters carry out transactions through banking channels such as Phone Banking, Internet Banking to their benefit. In a worst case scenario, they can also transfer funds from your account.

    Tips to protect you from Identity Theft
    • Never respond to mails asking for your personal information such as Date of Birth, Mother's maiden Name, user ID etc. Please note that Kotak Mahindra Bank will never ask for such information
    • Inform us immediately in case your mobile number is de-activated without your consent. Also get your correspondence address updated with us, in case it has changed
    • Verify the identity of the Bank's representative visiting you
    • Consider shredding rather than thrashing unused copies of documents such as PAN Card, Ration Card, Bank Statements etc which contains your personal information
    • Beware of unsolicited phone calls claiming to be from Bank's Customer Service Centre and asking for confidential personal information

    Nigerian Fraud (419 Scam) - Nigerian fraud refers to fraudulent schemes which starts with bulk mailing/e-mailing of offers asking the recipients to enter into a business or to extend help in getting money transferred in return for huge commission. The scam is referred to as '419 Scam' after the section 419 of Nigerian Penal Code.

    The Nigerian fraud emails commonly have proposals such as transfer of funds, generous reward for helping to move large balance of funds or offer of disbursement of money from 'Will'.

    Such mails would generally display a sense of urgency and ask for bank account and other details. These mails may also ask the recipient of the letter or email message to pay something like a fee / tax / bribe to complete the deal - this is the Advance Fee. Such advance fee is always lost.

  • Up-Gradation of Browser (SSL 3.0 Poodle vulnerability)

    Background Information
    Vulnerability has been identified in old Internet Explorer browser using SSL 3.0 with version 7 and below which may lead to confidential data leakage over Internet. These are old and non-supported browsers and communicate over a weak encryption because of which it is vulnerable to man in middle. Although the vulnerability is somewhat difficult to exploit, considering the impact, you are requested to update your browser to latest version.

    What action do I need to take? - Update
    In order for seamless access to Kotak Mahindra Bank, customers must ensure their browsers and integrations; use Transport Layer Security (TLS) encryption, version 1.0 or higher.

    What if I still face issue post up-gradation to latest version?
    Please refer the below screenshot on how to enable TLS 1.0 or higher. In case you still face issue, please contact to our customer care at http://www.kotak.com/call-us.html


    Internet Explorer: How to Enable the TLS Protocol
    Although these instructions and screenshots are for Internet Explorer (IE) 10, they will work for other versions of IE.

    Open IE.

    In IE, click the Tools symbol (gear) and then, click Internet Options.

    Closed Lock

    In the Internet Options window on the Advanced tab, under Settings, scroll down to the Security section.

    Closed Lock

    In the Security section, locate the Use SSL and Use TLS options and uncheck Use SSL 3.0 and Use SSL 2.0.


    Closed Lock

    If they are not already selected, check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.

    Note: If not all the TLS options are available, just check the ones that are. For example, in IE6, the Use TLS 1.0 may be the only available TLS option.

    Next, click Apply and then, click OK.

    You have successfully disabled the SSL 3.0 protocol in your IE browser and enabled TLS protocol in the browser.