Retail Banking


Today, it is possible to carry out all bankin transactions including account information, money transfer, utility payments and opening new accounts via Internet Banking.

Points to Consider For Your Security
Security Sub Structure

We would like to help you to safely take advantage of the Internet banking services that we provide and explain the measures that our bank has taken to protect you from the risk of identity theft.

Albaraka Türk has taken every possible measure to ensure your security. The security of your personal information and money is very important to us. Please click on the following link for more information.

  • Points to Consider For Your Security

  • E-mail Security

  • PC Security

  • Wireless Network Security

  • Internet Branch Security

  • Online Fraud Techniques

  • Security Announcements

  • Our Security Infrastructure

  • Internet Branch Security Definitions

  • Virtual Keyboard

  • Automatic Timeout System

  • Secure Exit

  • IP Settings

  • ISS Settings

  • Foreign Restrictions

  • Time Restrictions

  • Account Restrictions

  • Transaction Authorization /Limit Restrictions

  • Our New Security Application

  • ŞifreAL Applications

  • ŞifreAL Device

  • ŞifreAL Cepte

E-mail Security

Recently fraudulent e-mails have begun to circulate on the Internet claiming that they urgently need bank customers to provide their private information.
Our bank sends e-mails for only informational purposes. E-mails regarding your credit card number, accounts, personal information, customer number, password, user code, PIN number or e-mails that request such information are not sent by our bank. You should never click on the links in these e-mails or provide the requested information.
Our customers who click on may have clicked on links sent by these e-mails should inform our Internet Banking Support Line via our call center at 444 5 666.
Never open e-mails sent by names you don't recognize. Take particular care not to open files or links with .ini or .exe extentions sent via channels such as IRC or e-mail for any reason. While downloading programs from the Internet, do not install anything before carefully reading the user agreement. Free software often contains spyware programs too. Run a virus scan before you initiate installation after you have downloaded the program or file.

PC Security

Anti-virus and anti-spyware software protects your system from known viruses including Trojan programs that record your keystrokes and transmit this information to third parties. For this reason, it is best to regularly scan your system by installing the necessary software. However, do not forget that anti-virus and anti-spyware software can only find known viruses; they might not recognize new ones. Therefore, you need to update your anti-virus software regularly.

Anti-Virus Program Recommendations: Among the most widely used anti-virus programs are McAfee, Symantec (Norton) Anti-Virus, Panda Platinum 2005, F-Prot for Windows, Kaspersky Anti-Virus Personal and Sophos.

Anti-Spyware Program Recommendations: Among the most widely used anti-spyware programs are Microsoft Anti-Spyware, AdAware 6.0, and Spybot Search and Destroy.

A personal firewall program should be installed on your computer. This program prevents access to files or information on your computer by third parties and protects your computer from being remotely accessed or hacked. Zone Alarm, McAfee , CA Anti-Virus, and Symantec (Norton) Anti-Virus are among the globally accepted personal firewall programs.

For the security of your computer, you should download and install the "patch" and "service pack" security programs announced by official sites. These programs can generally be downloaded for free. Hackers closely follow these announced security programs and write programs to hack computers on which these programs have not been installed. Installing the service pack programs as soon as they have been announced on Microsoft’s site will increase your security level. You can install the updates and patches for your operating system regarding the security of your computer from the following link:

It is recommended that you use the latest operating system. (For instance, operating systems such as Windows 95 and Windows 98, known to have too many security gaps, are not recommended.)

When you need to share a file on your computer with another person, you should only grant sharing rights to the person concerned and revoke this access once you have completed the transaction. If you allow sharing with everyone instead of individual persons sharing, anyone will be able to access your computer.
(*) Make sure that the firm providing your computer hardware/software is dependable. Before you give your computer to a company for maintenance, we recommend that you request a written document ensuring that your personal information, software, and hardware will be protected.

Security for Wireless Network


Lately wireless Internet access has become widespread. While benefiting from the ease provided by such systems, it is important to pay attention to the security of your wireless connection. A wireless modem may broadcast your information to a neighbouring building or even the next street. For this reason, an unsecured modem might allow access to your computer by malicious people and your passwords can be stolen. Thus, we recommend the following security measures:

Change the user name and password of your modem. Some modems only allow you to change the administrator password, while others allow you to change both the password and the user code. Changing your password and administrator user name as much as your modem allows and, at the absolute minimum, setting a password if no password has been assigned should be your top priority. It is important that the password you choose is not easy to guess.

Change your modem’s SSID network name . It is advisable to change the network name of your device if you can. This will provide extra security since anyone who attempts to use your modem without permission will need to know this information in addition to the password. Change your modem's SSID broadcast to "shutdown" status and this will make your Internet access safer. You can do this with the "disable SSID" option under your modem’s settings.

You may also shutdown automatic IP address disclosure to restrict access to your modem. You can do this by disabling " DHCP" on the settings menu and making some adjustments on your computer.

Every computer has a hardware address called a “MAC Address.” Your modem may allow you to link your MAC Address to your modem and enable filtering options from the settings menu.

Enable encryption options. Many wireless modems can encrypt the communications between your modem and your computer. Thanks to this encription, communication between your computer and your modem will become more secure. To enable encryption you need to adjust your computer and modem settings. Keep your modem turned off if you are not going to use it for a long time.

Internet Branch Security


Only conduct your online banking transactions on your personal computer and your computer at work. Do not access Internet banking on someone else's computer or a public computers. This is very important to protection against hacking and to ensure that your password and other information cannot be accessed by other people. If you have to make a transaction on a public computer or a computer that belongs to someone else, you should delete all temporary internet files and browser history after you have exited our Internet branch.

How to delete browser history:
Open an Internet Explorer page.
From the main menu, open Tools/Internet Options and then "Temporary Internet Files." Click the "Delete Files" button and select "Delete All Offline Content." Then delete all history.
Also, select the “Delete Identification Information" button and delete all identification history.
Delete history files by selecting the "Delete History" option from the "History" tab.
You can use the following link to add extra security to your browser:

Access Albaraka Türk’s Internet Branch only via or the Access Internet Branch link on the main menu at
Do not write your Internet password or code anywhere and do not share your password with anyone. You will never be asked your password by alBaraka employees in person or at our call center, even if your password is blocked or you are requesting a new password.
While entering your password and code in the relevant fields, make sure that the numbers and figures appear as asterisks (*).
Make sure to use our virtual keyboard to enter passwords and codes. The virtual keyboard has been provided for the protection of your password and information against keylogger programs. Since keylogger programs are able to save all the keys you have pressed on your keyboard, typing your password on a regular keyboard would enable them to save this information. The virtual keyboard allows you to enter your password and code using your mouse only, without using the keys on your keyboard.
You will be able to see the last date and time you logged in to our Internet branch. With this information, you will be able to understand whether third parties have accessed your account recently.
Change your passwords and codes periodically. While setting passwords and codes, do not use an easily guessable combination such as your birthday, wedding anniversary, or repetitive or successive. Use a different password for each bank or site. Create your passwords from a mix of letters and numbers; not only numbers or letters. Do not save your password or code anywhere. Make sure you use the "Secure Exit" button while leaving our Internet branch.

Online Fraud Techniques


Phishing is a kind of online crime that involves stealing personal or financial information used for shopping online.

Phishing is generaly carried out with forged emails or Web sites made to resemble those of legitimate banks or businesses.

Credit, debit, and ATM card numbers, PIN codes, account numbers, user IDs, and online banking passwords that are used for access to Internet banking sites are requested through these forged emails or sites.

Our bank only uses email to send you information. We will never send any email that requests your bank account number, credit card PIN code, customer number, user password, etc. If you receive an email requesting such information, do not click on any links within it and do not enter the information requested. Please call us at 444 5 666 to report these kinds emails.

Nigerian e-mail scam -- False promises of profit
This is a common form of spam email in which you are promised high profits for helping somone transfer funds to your bank account. These are often messaages that inform you that you have won a lottery prize. The aim is to obtain personal information, back account numbers, and passport numbers for further fradulent use online. They request your bank account number and they check to see if the information you have provided is valid by transfering a small amount of money to your account.

Trojan, key-logger, and screen-logger programs

A “trojan horse” virus enables hackers to control your computer and steal your information.

You should scan your computer with an anti-virus program regularly to protect yourself from these malicious files.

A key-logger program transfers records of the keystrokes you have made to hackers, who then use the information to get personal information you have typed.

A screen-logger program is similar to a key-logger but transmits images from your computer screen.

If you install anti-virus and anti-spyware programs on your computer and use and update them regularly, you can protect yourself from these kinds of dangers.


Spyware is another means of stealing your personal information. These programs track the online actitivites of affected computers and transmit personal information back to hackers.

Below are some tips for understanding if spyware has been loaded on your computer:

  • There is an increase in pop-up windows on your screen

  • Your web browser sends you to sites you did not request

  • Changes to your browser’s home page

  • Keyboard or mouse not functioning correctlly

  • Slower downloads or uploads

Security Announcements

November 5, 2007 Public Report on Fraudulent Acts Against Personal Information of Internet Banking Users

Public Report on Fraudulent Acts Against Personal Information of Internet Banking Users

5 November 2007

In accordance with the 40th article of Banking Law No. 4389 dated 10/18/07, titled “insurance,” bank accounts are to be insured free of charge by banks on demand and customers will be compensated in the event of any problems hereafter. The notice “Please choose your bank and fill in the form and fill in the insurance form by visiting the head office of your bank” is given to customers along with a request for the necessary information. Customers are then given forms prepared separately for every bank.

The Internet site is known to have been designed for the theft of customer information and bears no relationship to any bank or the Banks Association of Turkey.

It is of great importance that bank customers avoid opening links to false Internet sites. They should not provide the requested information under any circumstances. They should consult with their banks if there is any doubt in order to avoid becoming victims of fraud.

For the consideration of public opinion.
Yours sincerely,
The Banks Association of Turkey

October 9, 2006 Public Report on Transactions Performed by Some Real and Artificial People Using the Facilities of Internet Branches without the Knowledge of Banks

Public Report on Transactions Performed Using the Facilities of Internet Branches without the Knowledge of Banks

9 October 2006

It has been learned that an organization known as the "Bill Payment Centre” performed transactions such as electronic fund transfers (EFT), money transfers, account payments, remittance of funds, and bill payments on behalf of others through the facilities provided by internet banking branches for commercial purposes without the knowledge of banks and based on no specific agreement with any bank. It has been determined that the following matters should be announced to the public in relation to the potential dangers of transactions performed by such establishments.

Banks do not bear any responsibility for potential damage or risk due to transactions performed by these establishments based on no specific agreement and without their knowledge.

To avoid potential problems, it is of the utmost importance that transactions such as EFT, money transfers, account payments, remittance of funds, and bill payments that are performed through the facilities provided by internet banking branches are conducted through banks and other authorized establishments.

For the consideration of public opinion.
Yours sincerely,
The Banks Association of Turkey

25 Temmuz 2006 Türkiye Cumhuriyet Merkez Bankası Basın duyurusu


In our former announcements about an attempt for a fraudulent act via e-mail using the name of our bank, it was presented to the public that we did not have practices such as performing transactions or gathering information via e-mail.
Now, again with the same method and also using the logo of our bank this time, it is requested that “confirmation operations of the customer accounts in deposit banks to be performed by the Central Bank of the Republic of Turkey” and canalization to an internet address that bears no relation to our bank took place.
We would like to remind you once again that forms that are directed to internet sites via e-mail and that requires your personal information should never be filled in.

For the consideration of public opinion.

February 15, 2006 Fraudulent Act Warning Announced by the Governorship of Istanbul

Fraudulent Act Warning Announced by the Governorship of Istanbul

It is stated by the Head Office of Ministry of the Interior and Citizenship Affairs that an article reverted to the Ministry of the Interior and titled “Ankara Central Census Bureau System (MERNİS) and Tax Number System are to conjoin as of 2006” and a survey sheet which requires the citizens to fill in the personal information mentioned on the sheet and send to the Head Office of Ministry of the Interior and Citizenship Affairs İsmet İnönü Bulvarı No:102/54 Ulus ANKARA Mail Box: 409/03 until 6/1/06 at the latest,

was sent to the addresses of our citizens and that the Head Office of Ministry of the Interior and Citizenship Affairs neither had any operational studies nor designed a survey sheet concerning MERNİS Project.

For the consideration of public opinion.
Governorship of Istanbul of the Republic of Turkey
İl Basın ve Halkla İlişkiler Müdürlüğü
Tel: (0212) 528 39 32 Faks: (0212) 526 08 81

February 10, 2006 Public Report on Virus Attempts to Attain Personal Information of Internet Banking Users


Public Report on Virus Attempting to Attain Personal Information of Internet Banking Users

(February 10, 2006)

Recently a particularly dangerous computer virus (derivative of torpig) attempting to obtain user codes, keywords, passwords, and security questions from internet banking users has been discovered. If this virus is installed onto the computers customers use to access internet banking, information belonging to them will be stolen. It is very important for customers to take notice of the following matters in order to avoid these viruses:
Customers should contact their bank before conducting any transactions if a different screen than the one they saw on former connections appears.
Customers should not enter unsafe internet sites or download files from these sites.
E-mails sent from unknown addresses should be deleted without opening them. If possible, measures for blocking these e-mails should be taken.
Security updates for software used in your computer should be downloaded regularly.
Anti-virus software should be used and updated regularly.
Anti-spyware software should be used to protect against spies attempting to obtain your personal information. It is recommended that you read the security advice on the internet site of your bank to find out how to secure your keywords and computer.

For the consideration of public opinion.
Yours sincerely,
The Banks Association of Turkey

11 April 2005 Announcement of Turkish Banks Union about e-mail massages for fraud that are sent to Bank Customers


(APRIL 11, 2005)

Recently it has been learned that there has been an increase in fraudulent e-mail messages sent to bank customers using the logos and names of real banks and credit card institutions. The following announcement is required to protect bank customers against such fraud:

Banks do not request any kind of information from their customers via e-mail.

Secret customer information such as personal information, credit card information, internet/telephone banking passwords is requested in these fraudulent e-mail messages. It is very important that you do not open any of the links that in these fake e-mails and that you do not provide the information requested. If you receive such a message, inform the relevant bank as soon as possible.

It is recommended to read security explanations in web sites of banks and apply them carefully.

Presented for public awareness
Kind regards,
Turkish Bank Union

Security Sub Structure


Our Internet branch is a secure site registered by VeriSign.When you click on the lock symbol that appears at the end of the homepage of the Internet branch, you will see our certificate indicating that the site belongs to alBaraka and is approved by VeriSign.

The information contained in this certificate is unique to alBaraka. It cannot be copied or used by others.

While conducting transactions on our Internet branch, you make sure that you are using SSL technology by noting whether there is a () sign for Internet Explorer on the right side of your browser, or a () sign for Netscape.This sign allows alBaraka’s Internet branch to identify itself and ensure you that your transactions are safe with SSL technology.
If you click on this sign twice, the identification of the page will be displayed as follows:

"Provided :" and
"Provider : Ref.LIABILITY LTD.(c)97 VeriSign".

While making transactions on our Internet branch, the letters and numbers in your password will be displayed as "*" signs instead of normal characters so that they cannot be read by others. All transactions carried out on alBaraka’s Internet branch are done with the SSL 3.0 128-bit encyription system.

Internet Branch Security Information

We would like to present to you our new additional security settings that will make our Internet branch more secure. These include the virtual keyboard, the automatic time-out system, and secure exit. By using our security settings menu you will have the chance to set up your own security settings and you will be able to control your transactions. You may also find the country you are connecting to the Internet from, your Internet service provider, or the IP addresses of the PC’s you have connected to the internet with and control which computers can access our system. You may also restrict ISPs and PCs that you do not want to reach your Internet banking system from countries you have not defined.

You may use the ŞifreAL device that generates single-use passwords for extra security in Internet banking as well as the ŞifreAL Cepte application that allows these single-use passwords to be sent to your mobile phone.

You may personalize your security settings from the “Security Settings” menu or by calling the alBaraka call center at 444 5 666.

Virtual Keyboard


The virtual keyboard is offered for your security. For detailed information, please click on the following links.

What is the virtual keyboard?

The virtual keyboard was developed to protect users against virus programs (such as key loggers) that may be installed on a computer without the user's knowledge. These prorams are designed to remember the keys you have pressed on your keyboard. Using your password on computers in which these programs are installed might endanger your security. Public computers such as those at Internet cafes are particularly at risk of having these programs installed. Pressing the keys that appear on the virtual keyboard by using your mouse will eliminate the risks posed by such programs.

How can I use the virtual keyboard ?

You can enter the numbers and characters of your password on the virtual keyboard. The virtual keyboard does not prevent the use of a normal keyboard. If you would like to, you may choose to continue to use the virtual keyboard together with your normal keyboard. You can drag the Virtual Keyboard from the top of the page to anywhere on the page for your convenience.

What are the features of the virtual keyboard?

To enter the lower case letters for your password and codes, you will press the "Lower Case" button, and for the upper cases, you will press the "Upper Case" button. If you want, you may press the "Mixed" button and change the arrangement of the characters of the Virtual Keyboard or press on the "Adjust" button to restore it. You can use the "Back" button to delete characters you have entered incorrectly . After you have entered your code and password you may enter the Internet branch by clicking on the "login" or "enter" button.

What are the advantages of the virtual keyboard?

The virtual keyboard protects your passwords from being stolen by key logger programs, especially in public places such as Internet cafes.

Automatic Timeout System


If you wait beyond a set period of time between the transactions you make on our Internet branch, your system connection will be automatically logged out for your security. If you wish to continue, tou will need to login to the Internet branch again.

Secure Exit

While leaving the Internet branch, please use the "Secure Exit" button.

IP Settings

By applying IP restrictions, you can make sure that no IP address logs in to your online banking account other than the IP numbers you have defined.

What is an IP Address ?

Your IP address is the set of numbers assigned to computer specifically by your service provider whenever you connect to the Internet. The IP address consists of 4 parts divided by dots in an a.b.c.d. format. The value of each section varies between 0-255. (E.g. :

How can I restrict the IP ?

You can restrict the IP addresses that access your Internet branch through the site’s "Security settings" menu or by calling our call center at 444 5 666.
WARNING !!! If you try to access our Internet branch through an IP address that has been restricted, you will not be able to enter.
If you try to need to access our Internet branch through an IP address not within the IP address range you defined, you can adjust your current restrictions by logging in to the Internet branch through a computer in the IP range you defined using the "Security adjustments" menu or by calling 444 5 666.

Many of our customers are likely to have dynamic IP addresses. This means that a new IP address is assigned by your Internet service provider whenever you go online. Therefore, with each new connection, the last digit of your IP address changes. You can learn about your IP address ranges by contacting your service provider. You can also ask for a static IP.

At your work or institution, administrators may assign a unique IP address to each computer or use a range of variable IP addresses. You can ask your network administrator about your computer’s IP address or address range.

If you can't acquire this information through your service provider or institution, we suggest you to not use this restriction.

ISS Settings

By applying ISS restrictions, you can make sure that no other ISS or ISS address logs in to your account with our online banking system.

What is an ISS address?

An ISS consists of the first letters of the name of your Internet service provider and identifies the institution that provides your Internet access.

How can I configure ISS settings?

You can make ISS restrictions through our Internet branch "Security settings" menu or call 444 5 666.

WARNING !!! If you try to access our Internet branch through an ISS other than the one you have defined, you will not be able to conduct any transactions.

If you need to access our Internet branch through an ISS that is not within the range you defined, you can remove your current restrictions by logging into our Internet branch through the ISS you defined and using the "Security adjustments" menu or by calling 444 5 666.

If you always log in to our Internet branch using the same ISS, we suggest you take advantage of this restriction.

Foreign restrictions

By applying foreign restrictions, you can make sure that there is no other possibility of accessing your account from countries other than those you have defined.

How can I set foreign restrictions?

You can set your foreign restrictions through the "Security settings" menu at our Internet branch or by calling 444 5 666.

WARNING !!! If you try to access our site from a country other than those you have defined, you will not be able to conduct any transactions.

If you need to access our Internet branch from a country other than those you have defined, you can remove your current restrictions by logging in to our Internet branch from a country you have defined and using the "Security adjustments" menu or by calling 444 5 666.

Time Restriction

By applying a time restriction, you can adjust the days and times of the personal transactions you make through our call centers. You can block access for personal transactions on your online banking account and call centers by setting a date range of your choosing.
(*)After having set a time restriction, if you are not within the given dates, you can call our call center and we can provide you with the necessary information.
(**)You can set time restrictions by using the "Security settings" menu on your online account or by calling 444 5 666.

How can I set time restrictions?

You can set time restrictions by using the "Security settings" menu on your online account or by calling 444 5 666.

WARNING !!! You will not be able to access our Internet branch or call center shall on days or times other those you have determined. You can change these restrictions using your Internet branch "Security settings" menu or by calling 444 5 666.

Account Restriction

By applying an account restriction , you can define the accounts you dont want to be accessed or altered through our online banking system or call center.
How can I set account restrictions?

You can set your account restrictions using your Internet branch "Security settings" menu or by calling 444 5 666.

WARNING !!! You will not be able to access accounts subject to account restrictions online. If you need to change your restriction setttings, you can do so by calling 444 5 666.

Transaction authorization / Limit restriction

By applying a transaction authorization/limit restriction, you can close your accounts to monetary transactions or set limits on the amounts that may be used.

How can I configure my transaction authorization/limit restrictions?

You can set your transaction authorization/limit restrictions through our Internet branch "security settings" menu or by calling 444 5 666.

WARNING !!! You will not be able to conduct transactions on the accounts you have restricted. If you need to access the accounts you have restricted, you change your current restrictions by calling 444 5 666.

Our New Security System

For your protection, in order to access our Internet branch, you will need to use either the ŞifreAL system or the ŞifreAL GSM system. If you do not want to use either of these systems for Internet banking, you will only be able to view your account information through our Internet branch.

If you decide to cancel your use of the security system you have chosen, you will only be able to view information through our Internet branch. If a customer using ŞifreAL GSM cancels his use of this system and applies for ŞifreAL, he or she will only be able to use the Internet branch for viewing account information until the ŞifreAL generator is activated. Our customers who have decided to stop using the ŞifreAL system can choose instead to use ŞifreAL GSM.

ŞifreAL Applications

ŞifreAL at your service... Single serving password is in your mobile at any time...

SifreAL, your money transfers and security settings you shall make through Internet branch. This is our service using the single serving pasword technology, which provides the "SifreAl gsm" to send you your password via SMS, and which shall be generated by SifreAL generator for the approval of your transactions. The "always changing password generating technology" of SifreAL,hinders money transactions from your accounts without your knowledge, even if your Internet branch access information is hacked.

The technology generating a different password at all times. For acquiring information concerning the SifreAL applications, please click on the SifreAL demo.

What is a ŞifreAL generator?

A different password each time... ŞifreAL at your service!
ŞifreAL is our service for generating "single-use passwords" and thus providing you with extra security for your alBaraka Internet branch transactions. The "ŞifreAL password" created by the ŞifreAL generator replaces the CODE information you were using before you switched to ŞifreAL. While accessing your Internet branch, you will still use your "customer number" and "password," but you will also use ŞifreAL for financial transactions and making changes to your security settings. A ŞifreAL password cannot be used for accessing the Internet branch itself.

After you access the Internet branch, the "ŞifreAL Password" box will appear in the approval screen of all your EFT, remittance, security restriction transactions. Using the ŞifreAL generator you will then generate a new password for the authorization of your transactions. You will only be able to use each password a single time.

The "perpetually changing password-generating technology" of ŞifreAL,stops third parties from conduction transactions on your accounts without your knowledge, even if your Internet branch access information is compromised.

(*) While accessing our corporate Internet branch, a "user code" will also required in addition to a "customer number" and "password".

How can I activate ŞifreAL?

You can register for ŞifreAL through the the “security definitions/ŞifreAL” menu at our Internet branch. Users of our corporate online banking system should contact their system administrator.

How can I start using?
  1. First you must activate ŞifreAL through your online account.

  2. For this, you can open the Security settings>ŞifreAL>ŞifreAL Activation menu.

  3. Enter the "ŞifreAL serial number" that is written on the back of the generator, without leaving any blank spaces.

  4. You can generate your single-use password by pressing the ŞifreAL button for 1-2 seconds.

  5. Enter the password in the "ŞifreAL password" field.

  6. On the approval screen, you will be asked to enter your old CODE information one more time.

  7. Enter your CODE information and click Next. The message, "Your ŞifreAL is activated,"will appear on the screen.

Reminder! After having accessed our Internet branch using your customer number and password , the ŞifreAL generator will be needed to create ŞifreAL passwords for the approval of your transactions.