Online Security

> Why is online security important?

> General online security

> How to protect yourself

> Our technology

> Security glossary

Why is online security important?

We place the highest priority on the confidentiality and security of clients and their financial transactions. To help make your banking experience easier and more convenient, we offer a facility to manage your financial affairs via the internet. As the internet carries with it risks such as viruses and hackers, we will work to ensure that your interaction with Investec Online Banking is as secure as possible.

We continuously invest significant resources in maintaining the security of Investec Online Banking, and place our infrastructure and security measures – such as firewalls and encryption technology – under constant review to ensure that they are up to date and meet our stringent security requirements.
If you think that a fraudster has your Investec Online Banking details, or that someone other than you has accessed your account using Investec Online Banking, please contact us immediately.

General online security

As part of our commitment to your security, we offer clients a safe and secure environment in which to carry out online banking. To help you stay safe online, we have put together some information about internet security.

Keystroke Logging
Keystroke logging (often called keylogging) is the practice of noting (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware- and software-based to electromagnetic and acoustic analysis.

Keystroke loggers, commonly referred to as key loggers, record all keystrokes entered on a computer through your keyboard. Criminals can intercept data captured by key loggers and use this data, for example passwords, to commit fraud online.

Software key loggers can be either be installed directly on to a computer or delivered within an email message. As a precautionary measure against online fraud, regularly update your anti-virus and firewall software and run a scan at least weekly. There are a number of reputable anti-virus and firewall vendors available, including Norton and McAfee.

As an added security measure, products such as Lavasoft Ad-Aware notify you of any ‘spyware’ by scanning your computer on a regular basis.
Hardware key loggers are installed on the cable between your keyboard and computer. Retrieving data from this key logger is difficult and more advanced as the physical unit has to be removed to use the data. Protect your data by being more aware of who has access to your computer and by avoiding using public computers for online banking.

Phishing
Phishing is the process of attempting to fraudulently acquire sensitive information such as usernames, passwords and credit card details. This is often done by the phisher masquerading as a trustworthy person or organisation in an electronic communication. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Usually, the emails tell you that it is necessary to update or verify your customer account information and encourage you to click on a link in the email which takes you to a fake website. Any information you enter on the fake website will be captured by the criminals for fraudulent purposes.

We may send you emails from time to time. We will never send you an email asking for your security information or logon details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking. For a quick way to tell if an email is genuine, check for your name at the top of the email. We know who you are so we will always greet you personally, but fraudsters are unlikely to know your name.

Spoofing
"Spoofing" is a practice that criminals use to lure you to their site, with the express purpose of defrauding online banking users and online shoppers. This is often done by intercepting your activity on a legitimate website and redirecting it to a spoofed website. A spoofed website looks like the real website; however, once you have entered your login information, this is recorded and the fraudsters can then use this to log on to your account at the legitimate website.

To check that you are using a legitimate website, refer to its Site Certificates. In modern browsers such as Internet Explorer 7 and Firefox 3, the security certification of a website will be visually displayed as a green indicator in your browser. See the section below on EV SSL for more information about how security certification works.

Trojans
Trojans, which take their name from the term “Trojan Horse”, are a type of computer virus that can be installed on your computer without your knowledge. Trojans are sometimes capable of installing a key logger, which captures all the keystrokes entered on a computer keyboard. Some Trojans seek to capture passwords entered on certain websites, by capturing keystrokes or taking screen shots of the sites you visit. This information is then sent to fraudsters over the internet.

Usually fraudsters will send out emails at random, encouraging you to click on a link in the email and visit a malicious website from where the Trojan will be installed on your computer. The emails are not only related to online banking. They try to trick you into visiting the malicious website using a variety of excuses.

Always ensure you use an anti-virus product, that you run an anti-virus scan at least weekly and that it is updated regularly.

Social Networking
A social network service focuses on building online communities of people who share interests and activities. Most social network services are web based and provide a variety of ways for users to interact. Social networking has encouraged new ways to communicate and share information.

The information we post is increasingly being used to illegally obtain products and services without our knowledge. The more information you give about yourself, the more vulnerable you become to fraud.

To protect yourself you should limit both the information that you provide about yourself online, and the ability of people to access this information without your express permission. People give their full names, email address, contact numbers, date of birth, plus intimate details such as favourite holidays, place names, father’s and mother’s names – everything a fraudster would need to guess the passwords for your bank accounts.

Identity Fraud
Identity fraud involves fraudsters obtaining key pieces of your personal information that they use to pretend to be you. Fraudsters use these personal details to obtain financial services products in your name such as credit cards, loans, state benefits and mortgages, and documents such as driving licences and passports. Alternatively fraudsters can use your information to gain access to your accounts.

To protect yourself against identify fraud, assume that every piece of personal information that you hold – written or online – is of value to a fraudster. Limit access to online pages that hold details about you, such as your profile page on social networks, to only people that you trust; shred rather than throw away any paper or cards with personal information on them.

How to protect yourself

To stay secure online, please read the following pieces of best practice:

1. Install a personal firewall product which will help to protect your computer while you are online
Hackers also infect home computers by connecting to the computer while you are surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market: some free, some commercial.

• www.mcafee.com
• www.symantec.com
• www.zonelabs.com

The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer.

At first, the firewall may ask you what you want to allow in or out, but soon learns to make these decisions independently. The most important point is never to allow anyone else to connect to your computer.

2. Use an anti-virus product, ensure that you run an anti-virus scan weekly and that the anti-virus software is updated regularly.
These products can also scan for spyware and adware.

The most common way to receive a virus is via an attachment to an email. Attachments may appear to be word documents, spreadsheets or pictures but often contain malicious viruses. If you use email at home, you should use an anti-virus product to protect yourself and never open an attachment that has not come from a trusted source.

There are many anti-virus products and some are available for home users free of charge.

• www.mcafee.com
• www.symantec.com
• www.avg.com
• www.bitdefender.com
• www.zonealarm.com
• www.kaspersky.com

With any anti-virus product, it is important to keep it up to date to protect against new viruses that are released. Most commercial products (e.g. McAfee and Symantec) have a mechanism to update themselves automatically. The free products normally need to be updated manually.

The anti-virus product should also be scheduled to run regularly in order to detect and clean out viruses on your computer.

3. Do not open unsolicited emails as these could contain viruses.
If you receive an unwanted email saying "reply to unsubscribe", ignore this. The sender uses this to confirm your email address is valid - and send you more emails.

4. Review your “Sent items” folder for messages that may have been sent without your knowledge.

5. Make sure your operating system and browser have the necessary security updates available from the respective vendor (Microsoft, Apple).
Also ensure that your operating system is set up so that all necessary updates are received and installed automatically.

6. Ensure that no one has unauthorised access to your computer.

7. Destroy or delete any documents or emails we send you that contain your security information or logon details.

8. Never email, write down or tell someone your security information or logon details.
The only time you will ever need to enter your Investec Online Banking user ID, password and secret is when you logon to Investec Online Banking at https://olb.secure.uk.investec.com.

9. Disable or decline any on-screen prompt on your computer which asks if you wish the computer to remember any of your security information or logon details.

10. Avoid using the same security information or logon details for different services provided by us, another member of Investec Group or another service provider.

11. Do not leave any computer you are using to access Investec Online Banking unwatched while you are logged on.

12. Change your passwords regularly and avoid familiar names, numbers and places (such as birthdays and phone numbers).

13. Take account of any security information updates that we send you or publish on the Investec Online Banking website.

14. Be wary of shoulder-surfers.
Shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they fill out a form or enter their PIN or passwords at an ATM or while using online banking.

15. Protect your printed or physical information just like you would protect your valuables.
This will include statements from financial institutions, stores and utility bills. Shred or destroy any personal documents that you do not need to keep.

16. Always end your Investec Online Banking session by clicking on the Log off menu item before closing the browser.
Investec Online Banking does have an automatic timeout feature for security purposes, but it is always recommended that you terminate your Investec Online Banking session once you have completed your online banking activities.

Security links

• McAfee
• Symantec
• AVG
• Bitdefender
• Zone Alarm
• Kaspersky
• Get Safe Online
• Bank Safe Online
• Microsoft Security Central
• Microsoft Update
• Mozilla Firefox
• Apple Support
• Shields UP

None of the vendors shown above are specifically endorsed or recommended by us.

Our technology

We use 128-bit encryption technology, which allows information to be transmitted between your web browser and the Investec Online Banking servers, and is intended to prevent any third party from understanding the encrypted information. This encryption will not protect you from all types of attack, such as key logging software or "spyware".

Extended Validation – Secure Socket Layer (EV SSL)
A new security measure called EV SSL has been implemented on Investec Online Banking to help protect you from phishing attacks and attempted online banking fraud. EV SSL certification works with high security web browsers (such as Microsoft Internet Explorer 7 and Mozilla Firefox 3) to identify whether a website legitimately belongs to a company or is a fraudulent website imitating a legitimate one. The Extended Validation is only issued to companies that comply with the prescribed stringent validation standards. This makes it difficult for fraudsters to have the EV functionality on their websites.

How EV SSL Certification works
You need to have the most recent version of Microsoft Internet Explorer or Mozilla Firefox, with the correct browser settings, to use this functionality.

If you are using Microsoft Internet Explorer 7 and the site is correctly linked to the EV SSL Certificate (i.e. is the genuine Investec Online Banking website) the address bar will turn green and a padlock will appear in the address bar with the wording Investec PLC [GB]:

If you are using Mozilla Firefox 3 and the site is correctly linked to the EV SSL Certificate (i.e. is the genuine Investec Online Banking website) the address bar will turn green and the wording Investec PLC [GB] will appear:

Site certificates
To check the site certificate:

• For Microsoft Internet Explorer 7 click on the lock next to address bar, click on “view certificate”, then the "Details" tab and then the "Subject" field
• For Mozilla Firefox 3, Double click on the lock at the bottom of the screen and then click on “view certificate”

Ensure that the certificate has been issued to Investec Bank plc.
Click on the "Certification Path" in Microsoft Internet Explorer 7 or the “Details" tab in Mozilla Firefox 3 to verify the status of the certificate.

Security glossary

Anti-virus software
Anti-virus software detects and deletes viruses that attempt to get on to your computer. The anti-virus program should be set up to regularly update the latest anti-virus software and signatures.

Encryption
Encryption is the conversion of data into a coded form that cannot be understood by unauthorised people.

Firewall
A firewall is a program or hardware that provides a barrier between your computer and the internet. A firewall aims to prevent intruders or ‘hackers’ from gaining access to your computer.

Hacker
A hacker is a person who uses a computer to break into other computers in order to steal, change or destroy information. To protect yourself from hackers you should install firewall software on your computer and keep it up-to-date. Popular personal firewall software such as ZoneAlarm Internet Security Suite from Zone Labs, McAfee Internet Security Suite, or Norton Internet Security can help to protect your computer.

Identity fraud
Identity fraud is when someone else steals your personal information without your knowledge. This information is then used to commit fraud.

Keylogger program
A keylogger program is a virus that can record the keys pressed on your keyboard while you are using your computer.

Phishing
Phishing scams are emails that may appear to be from who they claim to be from, but that ask you to provide personal information or follow a link to a spoof website. When you click on a link or enter your personal details, the information is sent to the fraudster. Phishing is a play on the word ‘fishing’ where someone casts a line in the hope that an unsuspecting person will take the bait.

We may send you emails from time to time. We will never send you an email asking for your security information or log on details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking. For a quick way to tell if an email is genuine, check for your name at the top of the email. We know who you are so we’ll always greet you personally, but fraudsters are unlikely to know your name.

If you think that a fraudster has your Investec Online Banking details, or that someone other than you has accessed your account using Investec Online Banking, please contact us immediately.

Secure Socket Layer ('SSL')
'SSL' is a method of coding that enables private communication between a web browser and a web server. Many web sites use 'SSL' to ensure customer information, such as banking details, is kept secure. You can tell if you are accessing a secure web site by checking the address bar along the top of your screen to ensure the address begins with ‘https’. On most browsers, you should see an icon that looks like a closed padlock (indicating a secure session) at the bottom right-hand side of your screen.

Shoulder surfing
Shoulder surfing is a term used for anyone observing what you are doing on a computer or ATM. Beware of anyone standing or sitting closely behind you who may try to watch you when you enter personal details.

Site certificate
Site certificates form an essential part of providing reassurance that the site you are visiting is genuine. A site certificate shows you that a secure connection has been established and secure communication can take place. It will also demonstrate that you are not being tricked into entering your details on a fraudulent website.

'Spoof' websites
Spoof websites are fraudulent websites designed to look like legitimate ones. Email or phishing scams asking people to update their details will often contain links to spoof websites. If someone enters their personal or security details on a fraudulent website, fraudsters can then use these details to access that person’s accounts.

If you receive an email from an unknown source, or an email that contains unknown attachments or links, do not open the attachments or click on the links. Instead, delete all suspicious emails.

We may send you emails from time to time however, we will never send you an email asking for your security information or log on details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking. For a quick way to tell if an email is genuine, check for your name at the top of the email. We know who you are so we’ll always greet you personally, but fraudsters are unlikely to know your name.

Virus
A virus is a computer program that can embed itself into other programs on your computer, and may cause damage to your files. Email is a common way to spread viruses, and opening an unknown email can trigger the spread of the virus onto your computer.