Guide To Secure Online Banking.
There are a number of security threats to online banking such as social engineering and malware. Social engineering covers a range of techniques fraudsters use, including calling or sending emails, to trick people into revealing sensitive banking information like login details or approval codes. Malware is malicious software including Viruses, Worms and Banking Trojans, that get installed on a computer or device, and are used to perform unauthorised tasks, to benefit the malware cybercriminal.
While we need to be aware of these risks, it is important to note that there are simple and efficient ways to reduce these threats.
Standard Chartered is committed to minimizing the risks of using online services, and has invested in robust systems and processes to protect you when using our systems. Online security is a shared responsibility. This guide is to help you understand what you should do to minimize these risks.
1) We secure your login with user ID, and password or security token.
2) We encrypt your internet banking session using advanced 128-bit SSL (Secure Socket Layer). This protects the data you send or receive in transit.
3) We have installed multiple tiers of best-of-breed firewall perimeter with stealth capability. Our infrastructure is monitored constantly by Network & Security staff with alerts generated in case of any intrusion attempts to our systems.
4) We have installed antivirus programs on our systems and we regularly update anti-virus definitions.
5) We have implemented best practices around strong password policy for all our system administrators, and physical controls over access to our systems.
6) We regularly update our Operating Systems with security patches, as and when they are released.
7) We continuously research and adapt against emerging security threats, as well as engage with online security initiatives in the industry.
8) We test our systems to ensure they stand up to the latest intrusion attempts and use independent security firms to benchmark our security.
Keep your computer protected
1) Install a robust anti-virus, anti-spyware and firewall software on your computer and other devices and configure it to update regularly.
2) Perform regular scans of your systems for malware and other risks.
3) Operating system providers such as Microsoft, periodically releases updates and patches that improve the security of your operating system. You should periodically check for these updates and keep your system current or configure it to do so automatically.
Check where you are logging in
4) When you want to log on to Straight2Bank, you should always enter the address (https://s2b.standardchartered.com) in your web browser by typing it instead of accepting links or redirections from email or other websites. Alternatively, you can bookmark the above address.
5) Before you type in your login information, ensure that a secure channel has been established by checking two things.
a) First, check that the Straight2Bank address starts with the letters https://, ensuring there is ‘s’ after http to indicate that the session is secure.
b) Second, check for a closed padlock, security symbol or green name box in the address bar or padlock symbol at bottom of your browser. The position and design of this symbol can differ depending upon the browser you are using. When you click on the padlock or green name box you must be able to see the Certificate information issued to s2b.standardchartered.com. This confirms that the page you are on is indeed s2b.standardchartered.com. If there is anything that does not look right, don’t enter your log in details and contact us.
Protect your mobile (smart) device
6) Download applications from only trusted sources.
7) Update your smart devices operating systems and applications regularly.
8) Restrict access to your smart device with a strong password or pin.
9) Avoid jail-breaking or rooting your smart device as it may compromise security.
1) Never log on to online banking from a public or shared computer, or from a computer or device that cannot be trusted.
2) Never share your login details (ID, password, security token PIN) with anybody - verbally or in writing, or allow them to observe you entering them. If you have a Vasco token, never share pin numbers, approval codes, or the token serial number with anybody else or allow anybody to tamper with it.
3) Never write down your user ID and password anywhere (keyboard, desk, notebook, hard disk of your PC, any portable devices such as your mobile, thumb drive, etc.).
4) Never send or share your login user ID, password, Vasco token pin or serial number, or any login information via e-mail, phone, or SMS.
5) Never respond to any email requesting you to provide your login detailsor log in via a link sent in an email.The bank will never send you a mail like that, and such a request is likely to be a phishing attempt.
1) It is strongly recommended that you follow this password policy.
a) Change your password regularly, and it should not be any of the last 8 passwords you have used for Straight2Bank.
b) It must be at least 8 characters and contain upper case (A,B..), lower case (a, b,..), numbers (1,2,..) and special characters (@,*,-).
c) Do not choose a PIN or password that is easily identifiable or guessable such as your User ID, personal telephone number, birthday or other personal information. Avoid names, family names, birthdays, personal telephone numbers or similar data while choosing passwords.
d) Avoid using sequential characters or numbers (such as abcdef, 12345) or the same character or digit more than twice (such as mmssee, 12322) for your password.
e) Change your password IMMEDIATELY if you suspect it has been revealed or compromised.
f) Choose different passwords and PINs for different financial or non-financial web-based services such as for e-mails, online shopping, digital identity and other online subscription services.
2) Keep your security token secure at all times.
3) Disable the auto complete function in your browser, which can store or retain user IDs and passwords that can be used by others.
4) Do not open email attachments or click on links from strangers. Delete junk or chain emails. Watch out for file extensions (like .doc, .rtf) and delete any files that have double extensions as they are likely to be a virus.
5) Do not install software or programs of unknown origin in your PC. Before you run any software or program, ensure that it comes from a trusted source.
6) Always log off from your online session when you leave your computer unattended, even for a while, and clear your browser cache after logging off.
7) You should check your bank account balance and transactions frequently and report any discrepancy.
8) Avoid file sharing in your computer(s) and printers outside your organization network.
9) Always keep your bank up-to-date with any changes to your contact details so as to ensure that all notifications from the bank reach you.
10) Do not disclose personal, financial or credit card information to websites that are little-known or suspect.
11) Make a regular back-up of your critical data and consider using encryption to protect confidential information.
12) Configure online banking with strong security controls including additional approval / checkers, payment limits, access restrictions etc.
13) Share this information with your colleagues and maintain your awareness of computer security best practice by checking reliable sources regularly.
1) You receive an e-mail (or phone call) asking for your Straight2Bank ID, password, Vasco PIN or other security credentials, or a link to online banking site which prompts for your details.
2) You notice unusual behaviour and have been advised or suspect that you may have malware on your computer or device, or you think your log on credentials may have been compromised.
3) You come across anything suspicious when you bank online such as unusual web pages asking for banking information.
4) You do not see any of the security features mentioned in this guide such as padlock sign or security symbol in your browser, if clicking the padlock or security symbol does not show you a valid certificate or if the site starts with http:// instead of https:// ).
5) You come across any ‘look-alike’ fraudulent sites.
6) You lose your mobile phone or device that you use for mobile banking.
1) Call or email us. Contact information can be found on our website (s2b.standardchartered.com).
2) It is important that you contact us immediately so that we can take steps to prevent or stop your losses arising from a security breach. Please note that Standard Chartered is only liable for direct losses as a result of fraud, gross negligence, or willful misconduct on our part.
3) If you have a complaint please contact us. Contact information can be found on our website (s2b.standardchartered.com) We will acknowledge receipt of the complaint within 3 working days and provide a response to you in 30 days or the reason we need more time. You can escalate through your relationship manager.