The following items describe simple things you should do to reduce your online security risk.
- Protect your login credentials
Accessing the Personal Internet Banking requires login credentials comprising the user name and password. These need to be carefully chosen and secured to prevent your account from being compromised. Some measures to secure your credentials include:
- Selecting a complex (non-guessable) password that is minimally 8 characters long with a combination of digits, alphanumeric and special characters
- Memorizing your password instead of writing it down
- Not divulging your password to anyone else
- Changing your password regularly or when there is a suspicion of it being compromised
- Using different passwords for different websites, applications, services
- Avoiding the option of retaining the user name and password for subsequent visits to website
Personal Internet Banking includes an enhanced security feature that requires a one-time password (OTP) issued via a security token to be keyed in during the login process. The security token forms part of your login credentials, and therefore its serial number and OTP should not be divulged to anyone else. Following implementation of Payment Services Directive 2 within the European Economic Area Third Party Providers (TPP) may be able to access your account details with your permission and will therefore request your login details. Before providing login details you should check if the TPP is authorised or registered with your local Financial Regulator to provide such services.
- Install anti-virus software
Anti-virus software helps to prevent, detect and remove malicious computer viruses. Installing reputable anti-virus software protects you, your privacy and your money. Viruses are bad news: they steal personal information, infect your PC, introduce unwanted advertisements and can even exploit your computer to attack other computers. Commonly known viruses include malware, Trojans, spyware or adware. Anti-virus software helps protect you against these malicious viruses. To work properly, anti-virus software has to be updated regularly for it to stay effective against new viruses.
You can download Microsoft Security Essentials (free for personal use) or McAfee® VirusScan Plus* (with a free 12-month subscription).
*The McAfee® software download is only available to PC users.
- Update your web browser
Modern web browser software adds protection against fake websites and viruses. A web browser (commonly referred to as a browser) is a software application for retrieving, presenting and traversing information resources on the World Wide Web. It is advisable to update your web browser regularly to safeguard your computer against viruses that target outdated browsers.
- Keep your computer software up to date
It is harder for viruses to infect a computer installed with updated software. Criminals who create viruses take advantage of software bugs to infect computers. Software companies fix bugs with free downloadable updates. It is a good idea that you install updates for your software as soon as they become available.
Beware of bogus e-mails notifying you of software updates. Use the update software that comes with your computer – don’t click on any links in these fraudulent e-mails. Most modern software will check for updates automatically for both computer and web browser software; you may want to install them as soon as they become available.
Secunia has a free online service that will check most common programs to see if there is an update available. You can check if your Windows computer is up to date in the Security Center in Windows XP SP2 and Windows Vista, and in the Action Center in Windows 7.
- Refrain from using untrusted devices
Refrain from using public or internet café computers to access online services or perform financial transactions.
- Do not share private information online
Check your privacy settings on social networking sites to control who gets access to your personal information and that you only share information with people you trust. Personal information such as address, birth date, bank account number and telephone number is useful to people who have the intention to steal your identity or break into your Personal Internet Banking account. Sharing such personal data over social networking sites, such as Facebook, Twitter or MySpace, is risky and should be avoided.
Please also remember that you must take all reasonable precautions to keep your details safe and prevent any unauthorised use of card and security details. If any information forms part of your security details, you should therefore make sure that you do not disclose it to anyone else – see the terms and conditions that apply to your account(s) for more detail.
When there is a need to share highly sensitive or confidential information such as personal particulars, consider the use of encryption technology to protect this information.
Take extra precaution to secure or remove file and printer sharing in computers, especially when the computers are connected to the internet.
- Look after your paper statements
Fraudsters use personal information from different sources to steal people’s identities. Viruses are one way to do it. But they also use paper documents of people’s accounts containing personal details, such as receipts and bank statements.
Fraudsters use many methods to obtain these documents, such as searching in dustbins. You should take simple precautions to keep your details safe and to dispose of these documents safely, such as shredding before you bin them. You may also want to switch to online statements.
Check your account information, balance and transactions frequently and report any discrepancy immediately.
- Understand how criminals use the internet
Criminals are in it for the money. There are many ways for them to make money online. They can:
We take your Personal Internet Banking security and privacy very seriously. Protecting yourself and your money takes a bit of know-how and the right software.
- steal your passwords and bank details with viruses, bogus e-mails and fake websites
- ask you to provide security details
- send spam with bogus offers and products
- take over your computer and use it to attack other people’s computers
- use viruses to display unwanted adverts on your PC
Make regular backup of your critical data to avoid accidently deletion or potential data corruption.
- Avoid online fraud and con tricks
If it is too good to be true, it probably is. When it comes to protecting yourself and your money on the internet, be wary of ridiculous deals.
Criminals may contact you by e-mail, through websites you use, via SMS or even by phone. It pays to be on your guard as they can be quite convincing.
Here are some warning signs:
If an attachment looks suspicious, don’t open it. Delete junk or chain emails. Do not install software unless it comes from a website you trust (like this one). If it does not feel right, take your time.
- Big promises: ‘You have won the lottery’
- Big threats: ‘Your account has been hacked’
- A false sense of urgency: ‘Act now or it will be too late’
- Unnecessary secrecy: ‘Don’t tell anyone’
- There is no reason for them to contact you. Did you even buy a lottery ticket?
- ‘Business opportunities’ that involve holding or receiving money for strangers
If you suspect that there is a problem with your Personal Internet Banking, you can always talk to us first.
- Learn to spot bogus e-mails and fraudulent websites
Criminals use false e-mails and fake websites. They set them up to deceive people into giving away passwords and bank details. The technical word for this is ‘phishing’.
- Protect your mobile devices
Your mobile devices may hold a lot of personal data – take care of it. You may even use it for internet banking and online shopping. Similar security principles applied to personal computers should also be applied to your mobile devices.
For example, you might receive an e-mail that looks as if it was sent by us and the email might contain a link to a website that looks similar to our Personal Internet Banking page. When you try to log on to the fraudulent website, your password is actually sent to the fraudster. The e-mail could also ask you to make a phone call or reply by e-mail allowing the fraudster to obtain further information from you.
You may want to think about:
- setting and using a security PIN code
- adjusting the phone settings so that it locks automatically if you don't use it for 5 or 10 minutes
- not storing passwords or other sensitive information on your phone in a way that can be understood by someone else
- not storing your home phone number and address under ‘Home’ in the contact list (you wouldn’t want a thief to be able to know your address and be able to check if you’re home)
- verifying additional privileges when installing a mobile application to ensure they correspond to your intended usage
Be wary of voicemail and text message scams.
If you lose your mobile phone, report the case to your service provider immediately and update the Bank with your new mobile phone record as soon as possible. Make a note of your phone’s IMEI number (dial *#06# to get it) as this will make it easier for your service provider to disable a stolen phone.
- Keep your browser cache cleared
Temporary files stored in your computer called cache files and history can contain sensitive information and data. Always remember to clear your browser’s cache and history after each session and to log off from the online session so that your account information is removed, especially if you are using a shared computer.