Nova KBM

Security of online business | NKBM

We are aware of the importance of security, so in electronic banking we use state-of-the-art forms of secure online operations.


We are aware of the importance of security and therefore use the latest online banking technologies to make sure you are safe online.


How to make sure you are logging into our Bank@Net online banking site?

The identity of Nova KBM's banking server is ensured by a verified digital certificate. You can check the identity of the certificate:

1. By checking the settings in your web browser, or

2. By clicking the padlock icon located in the address bar of your web browser.


What is strong user authentication ?

Strong user authentication is a procedure that uses two or more elements described below:

  1. Something only the user knows, for example: a static password, code, personal identification number;
  2. Something only the user owns, for example: a smart card, mobile phone;
  3. Something the user is, for example: biometric characteristics such as a fingerprint.

The selected authentication elements need to be mutually independent, meaning that if one is breached, the other is not affected.

Basic rules for secure online banking:

General rules:

  • Turn off the computer you use for online banking when you are not using it (when you're away from the office or on vacation).
  • Do not open emails or email attachments sent by unknown senders; we also advise to exercise care when opening emails and attachments received from known senders, as computer viruses commonly spread that way as well.
  • Do not install any software from unknown sources on your computer.
  • Never visit any websites by clicking a link in the email; always type the website URL into the address bar in your browser.
  • Choose passwords that are difficult to guess, and never share your password with anyone. Keep your passwords at a safe location or remember them, and make sure to change them regularly.
  • Make sure that the latest security patches, firewalls and anti-virus software is installed on your computer and run regular anti-virus scans.
  • Use the latest version of your preferred web browser and operating system and update both regularly.

Rules for online banking

  • If you don't know the person who introduces himself/herself as the client support officer, or if his/her identity is not made known otherwise, make sure to ask about his/her identity.
  • The Bank will never request of you to allow remote access to your computer.
  • Never send any sensitive data (username, password, etc.) by email.
  • Communicate with the Bank only through the Messages feature in your online banking profile.
  • Regularly check your account balance and turnover.
  • Remember your username and password and do not write them down.
  • If you receive an email from the Bank requesting sensitive data, call or visit the Bank to check whether the message is authentic.


What does the new legislation mean for you?

The new Payment Services, Services of Issuing Electronic Money and Payment Systems Act('ZPlaSSIED') came into force on 22 February 2018. The law transposes into Slovenian national law the European Payment Services Directive ('PSD2'). According to the new law:

  • Users get a one-stop-shop solution (online portal, single online bank and application)to manage transaction accounts they keep with different Slovenian banks and savings banks;
  • You can check all your accounts and make payments from a single location;
  • With certain service providers you can also make a payment directly from your account instead of using your credit or debit card, cash on delivery, or other means of payment;
  • You can give registered users your explicit permit and consent to use or submit to them your personal authentication elements for online and mobile banking (username, PIN, SecurID one-time password, (SMS) one-time password for additional verification of payments):
  • When using these services, be especially cautious when submitting your authentication elements to a payment service provider other than a bank. It is very important to check whether the service provider is registered before you submit your data. The list of registered payment service providers will be published on the Bank of Slovenia website.


Don't miss
Nova KBM

The Bank will never use email to send confidential data, notify you on software upgrades or send password change requests. The Bank notifies online banking users only by sending direct messages to the online bank Inbox.

We advise all online banking users to use and store their authentication elements with utmost care. If your one-time password generator is lost or stolen, or if you change your mobile phone, please contact our 24/7 Call Centre at 080 27 67.

What is phishing and what you should never do
What is phishing and what you should never do

How to prevent phishing?

Phishing is a form fraud in which attackers steal for data and use it to access online services in your name and, in certain cases, even to steal your money. The most common scenario is when you receive an email from an attacker to visit a fake bank or online banking website, often under a false pretence of having to check your data or scoring additional benefits. The email will request of you to log in and 'check your data'. After you enter your data into this fake, phishing website, they are transferred to the attacker.

How to avoid fraud?

  • Never reply to emails requesting of you to provide personal and financial data. Never click on links to these types of websites. No company will ever send this kind of request by email or over the internet.
  • When visiting websites that have anything to do with money or finance, always type the URL directly into the address bar.
  • Never send personal or financial data by email, as this type of communication is never completely secure.
  • Regularly check your account statements and turnover, and check the transactions made with your cards.
  • Always install the latest patches and updates (npr. windows update) and keep your anti-virus software up to date..

If you suspect any fraud, please contact the online and mobile banking administrators. The administrators are available Monday through Friday from 7.00 until 20.00.

Watch the clip
How to protect oneself against phishing?
How to recognize phishing?

How does the Bank make sure you are who you say you are?

We use two types of authentication to identify our users:

We identify online banking users who use Bank@Net only to check their transactions(for example, check their account balance and turnover) with username and password authentication.
Nova KBM
We identify full-feature online banking users (users who make payments and transfer money between accounts) with strong authentication that features the SecureID one-time password token solution (either physical, hard token, or soft token as a mobile phone app) or with SMS tokens:
Nova KBM

If you lose your authentication element, please call our 24/7 Call Centre at 080 27 67.

SMS token authentication

An SMS token (one-time password) is a technological solution used to create a one-time password that is sent to the user's verified mobile phone number. The solution is also known as Two Factor Authentication.


  1. The user enters his/her username and password he/she had selected himself/herself.
  2. The Bank's back office system checks whether the username and the password match.
  3. If the username and password match, the user receives an SMS containing the one-time password (SMS token).
  4. The one-time password is a randomly generated sequence of numbers created by the Bank's security system using a mathematical algorithm. The SMS token is valid only for a few minutes or until first used.

The elements selected must be mutually independent, which means that the violation of one does not affect the remaining elements.



If you suspect your online banking profile has been abused in any way, please: contact the online and mobile banking administrators. The administrators are available Monday through Friday from 7.00 until 20.00 at:

telephone number: 02 229 2760,
email or
Skype: NovaKBM.Bankanet.

If your one-time password generator is lost or stolen, or if you change your mobile phone, please contact our 24/7 Call Centre at 080 27 67.




The URL starts with https: //

The SSL Certificate Green Bar also shows that your connection is secure.

You can check whether your web browser (Internet Explorer, Chrome) is running in secure mode by looking at the upper left corner - you should see a closed padlock or key icon.

Nova KBM

If the URL shown in the address bar differs in any way from the above, do not log into the online bank, as the website is definitely fake. If you suspect any abuse, please contact the online and mobile banking administrators.


Aside from online banking server authentication, this means that the encryption system that is used to protect the confidentiality of data transferred online between the user and the online banking server is functioning properly.

This means that any data transferred from you to the Bank’s server and vice-versa is encrypted and protected from any unauthorised access on the internet. If the locked padlock icon is not shown, it may be a sign of attempted fraud.




Your card is just as valuable as cash and should be treated with the same attention to safety.



The Bank is paying increasing attention to identifying and preventing unauthorized actions. In order to justify the trust of customers, business partners and employees, the integrity and transparency of business are the most important.



Everything You Need to Know About Online Security - In One Place! Read tips on safe online banking, shopping, and more.

Nova KBM Nova KBMNova KBM
Legal notices Privacy Policy Sitemap
Nova KBM Nova KBMNova KBMNova KBM