Legal

How to behave in case of securety issues


Any user suspecting the existence of safety issue, must act immediately keeping calm.


Not intervening immediately may worsen consequeces and calling Costumer Support in NOT always the the first thing to do.


First of all, it’s necessary to estimate which of the following descriptions adapts better to the problem:


  1. I am able to acces to the account but I suspect that someone could be aware of my login details and may be using it and/or could be;
  2. I am able to acces to the account and I consider that login details are secure, but I suspect non authorised activities are taking place on my account;
  3. I am not able to acces to my account and I suspect that someone is using it at my place;

Below is how to behave:


1. “I am able to acces to the account but I suspect that someone could be aware of my login details and may be using it and/or could be”


The best thing to do is to acces and change passcode, although not sure it could have been identified. Fraudsters often avail of programs able to identify login details, therefore changing it is preferable to prevent it from being identified. If able to acceed the account, the passcode can be changed faster.


To change the passcode:


  • Access the app and go to the Menu

  • Select the “Settings” icon at the top right, then “Security” and “Passcode”

  • Select carefully the passcode and avoid using one similar to others used previously.

2. I am able to acces to the account and I consider that login details are secure, but I suspect non authorised activities are taking place on my account;


Once logged in, review carefully the task list displayed to ensure that they correspond to those legitimately performed.


There is a lot of variation between “I do not recall making this payment” and “I am sure I did not make this payment”. It is therefore proper not to report a unauthorised payment if not sure.


In case of unauthorised activities, please report to Tinaba by contacting Costumer Support (Toll-Free Number: 800 591 801, available from Monday to Friday from 9 am to 7 pm).


It is recommended to report any unauthorised activity only after changing the passcode so that the user can take back full control of his account.


3. I am not able to acces to my account and I suspect that someone is using it at my place;


If it is no longer possible to access Tinaba account, follow the steps to restore its own passcode: by opening the app simply select the written down “Have you lost you passcode?” and follow the steps to get a temporary code in order to reset its own code.


Recognition of the true Tinaba site and App


Tinaba uses all available means to prevent others from falsifying its own site and apps for smartphones and tablets.


However, our commitment to this will never be 100% effective: someone could operate pretending to be Tinaba before he can be identified.


If the user wrongly considers, for example, that a false site is Tinaba’s, by logging in would divulge its data to the fraudster. If the user runs into a similar experience, he should see the section “How to behave in case of securety issues” above.


To be sure to access to the real Tinaba site:


  • Do not use the link to access Tinaba site. The link code that allows to access to a reference site is not visible, therefore it is not possible to know for sure which is the landing page. A link is safe only if the user knows the source, which does not always happen. Some emails, appearantly similar to the ones sent by Tinaba, could be sent by other actors or fraudsters; therefore avoid using access links at Tinaba contained in these emails. Also links available on web sites of which the source is unknown or not reliable may redirect to an imitation of Tinaba site. The best way to be sure to access the real site of Tinaba is to text “tinaba.com” in the browser address bar and press Enter.

  • Control the address bar. Once signed into a site similar to Tinaba’s, view carefully the address bar at the top of the browser window. The look of the address should be the following (with some differences due to the browser in use): view image 1 - view image 2


In this example, “https” and the closed padlock symbol indicate that the connection between the browser used and Tinaba server is encrypted. If the address bar is yellow or red, if the connection is not safe (the padlock is opened or “https” is not stated) or if not connected to our site (different address from tinaba.com), do not access. Fraudsters may use our name without authorisation, but it is much more difficult that they use our Internet domain name, which is tinana.com, therefore it is better to pay attention and to control.


To be sure to install the true Tinaba app on the own mobile device, the user must download the app via official Players: Google Play and Apple Store.


Safe use of Tinaba App


About the safe use of Tinaba app view above in relation to how to behave in case of safety issues.


The wallet represents a digital wallet by which the user is always aware of its availability and its financials.


Achieving the right balance between practicality and safety is not always simple: Tinaba does not contact regularly the user where a security check would not offer no added value; however, if the situation requires it, we ask to cooperate and protect itself, by verifying that it has the actual owner in front and not an impostor.


It is the user’s responsability to follow the recommendations contained in this web page and to assure itself that the devices used to acces Tinaba systems are safe devices.


Effective Access Codes


To locate a five-digit code a system must try 100.000 possible combinations.


We suggest to avoid predictable sequences as “12345”, “36987”, “54321” or “00000”, simple to digit on a normal keyboard.


We also recommend not to use the same access code on different apps and not to use the same sequence of numbers for Access Code and Device Pin.


How to recognise the user


Tinaba Costumer accesses the app by entering its credentials (telephone number and access code) and this, generally speaking, indicates that it is itself performing operations.


Securety of this mode depends on the users ability and attention to keep secret its access datas. Disclosing its own access code, the user gives to other subjects the possibility to control and use money via the app.


We recommend the user not to ever disclose the access datas. See the section “How to behave in case of safety issues” above, if it is believed that someone else know its own access datas.


Tinaba staff never asks the user its access code; this information are recorded and encrypted in our system and can not be displayed by others. Therefore be very careful to non communicate your passcode to third parties.


If the user may lose the access code, it might follow the steps to receive from Tinaba a temporary code that will allow it to access the app and personally reset its own code.


Another mode guaranteeing the authenticity of the user is the access through fingerprint recognition (Fingerprint or Touch ID) is supported by the user’s device.


Besides inserting the personal Pin to authorise many functions within the app (including transactions greater then 25 €) allows a further check, security garantee.


Maintaining the account and money security


It is important that the user fulfills all necessary operations to mantain controlon its own Tinaba account.


It is assumed that a Tinaba account belongs to only one person.


We recommend to the user to avoid disclosing its own access datas, particularly phone number, access code and PIN. Should it happen, change immediately the access code: enter Tinaba, select Settings icon, click “Security” and lastly Access Code to reset a new one.


See the section “Effective Access Code” for suggestions related to the creation of Access Code and PIN.


Communication with costumers


What are the communication channels does Tinaba use with its own community and costumers?


  • Email: To send generic communications to all Tinaba costumers, drawing attention to contents of a different nature. Tinaba tries to limit communications realating to confidential data by email since it is not about a particularly safe mean, however it is possible that the user receives an email invitating to control its own notifications.

  • Service notifications in app: are placed in thededicated section in app, visible only after making Tinaba access and therefore ensures greater safety. They serve to communicate specific contents concerning every activity of its account. However, since the user must access Tinaba app, this method can be less effective than email to get its attention.

  • Push Notifications: Will be received only if the device settings (configured by the user) allow Tinaba to send them. They have the same purpose as emails described above and allow the user to be informed about specific activities that require its attention.

  • Telephone Support: Allows to communicate directly with the user if there are any anomalies. Therefore it represents a safe mean for the user to communicate directly with Tinaba and to receive necessary support in case of issues or suspects.

  • Live Chat Assistance: Allows to communicate directly with Assistance in real time to receive support and specific information.

  • Site and Official Social Media: ùImportant channels for communication about Tinaba universe. The official site also allows to access own credentials to a safe and protected area in which business profiles can have under control all movements.