Online Security

What is the importance of security?

As a premier financial services institution, Investec places the highest priority on the confidentiality and security of clients and their financial transactions. To help make your banking experience easier and more convenient, we offer a facility to manage your financial affairs via the internet. As the internet is a risky environment with the threat of viruses and hackers, we will always endeavour to ensure that your interaction with Online Services is as secure as possible.

We have invested significant resources to ensure that all internet transactions are secure. This is done by using firewalls and encryption technology. Furthermore, we continually review our infrastructure and security measures to ensure that they are up to date and meet our stringent security requirements.

What can I do to protect my accounts?

1. Make sure your computer is safe.
2. Update your anti-virus product on a weekly basis.
3. Avoid using Online Banking from public terminals such as internet cafes.
4. Do not open unsolicited emails as these could contain stealth programs and viruses.
5. Install a personal firewall product which will help to protect your PC while you are online.
6. Ensure that no one has unauthorised access to your PC.
7. Never disclose your Internet PIN number to anyone.
8. Change your PIN regularly and avoid familiar numbers (such as birthdays and phone numbers).
9. Make sure your operating system and browser have the necessary security updates available from Microsoft
10. Review your “Sent items” folder for messages that may have been sent without your knowledge.
11. Always log out using the log out button before closing the browser

How secure is the site?

We use the most advanced 128-bit encryption technology, which allows information to be transmitted between your web browser and the Online Banking servers, while preventing any third party from understanding the encrypted information. This encryption will not protect you from key logging software or "spyware".

We have deployed state-of-the-art software to protect our internal systems and your sensitive data.

Extended Validation – Secure Socket Layer (EV SSL)

A new security measure called EV SSL has been implemented on Online Banking to help protect you from phishing attacks and attempted internet banking fraud.

EV SSL certification works with high security web browsers (such as Internet Explorer 7) to identify whether a site legitimately belongs to a company (i.e. Investec Private Bank) or is a fraudulent site imitating ours.

The Extended Validation is only issued to companies that comply with the prescribed stringent validation standards. This makes it difficult for fraudsters to have the EV functionality on their sites.

How EV SSL Certification works

You need to have the most recent version of Internet Explorer or Mozilla Firefox, with the correct browser settings, to use this functionality. If you are using Internet Explorer 7 and the site is correctly linked to the EV SSL Certificate (i.e. is the genuine Investec Private Bank site):

The address bar will turn green:

A padlock will appear in the address bar with the wording "Investec Bank Limited [ZA]":

If, however, the site is a phishing site or a fraudulent site, the address bar will not appear green.

What is encryption?

Encryption is a way of converting a meaningful message between two computers into a message that is unlikely to be interpreted, understood or viewed by anyone other than the intended recipient. We use this technology to ensure that all transactions between you and Investec remain confidential.

We have implemented encryption by using industry standard "site certificates". When using our online services, please look for the closed lock at the bottom of your screen to verify that the communication is secured.

To enable encryption between yourself and Investec, use one of our supported browsers (see software requirements below).

What are key loggers?

Investec Private Bank offers clients a safe and secure environment in which to do Online Banking. Staying true to our commitment, we take this opportunity to highlight the importance of protecting your data from key loggers.

Keystroke loggers, commonly referred to as key loggers, record all keystrokes entered on a computer through your keyboard. On occasion, criminals intercept data captured by key loggers and use this data, for example passwords, to commit fraud online.

There are two types of key loggers, software and hardware.

Software key loggers can be either be installed directly on to the PC or delivered within an email message. As a precautionary measure against online criminals, keep your data protected when using software key loggers by updating your anti-virus and firewall software regularly. Ensure that you update the virus definitions and the security signatures as often as possible. There are a number of reputable anti-virus and firewall vendors available, including Norton and McAfee who have combined their anti-virus and firewall into one easy-to-use product.

• Norton Internet Security and Anti-Virus
• McAfee PC Security Suite

As an added security measure, products such as Lavasoft Ad-Aware notify you of any ‘spyware’ by scanning your computer on a regular basis.

Hardware key loggers are installed on the cable between your keyboard and computer. Retrieving data from this key logger is difficult and more advanced as the physical unit has to be removed to use the data. Protect your data by being more aware of who has access to your computer and by avoiding public computer terminals for online banking.

What is phishing?

Phishing is a practice where fraudsters send emails at random, which claim to come from a genuine company that is operating on the internet. The purpose is to trick customers of that company into disclosing information using a bogus website operated by the fraudsters. Usually, the emails tell you that it is necessary to "update" or "verify" your customer account information and they encourage you to click on a link in the email which takes you to the bogus website. Any information you enter on the bogus website will be captured by the criminals for fraudulent purposes.

What is "spoofing"?

"Spoofing" is a practice that criminals use to lure you to their site, with the express purpose of defrauding internet bankers and shoppers. This is often done by intercepting your request and redirecting it to another site. A "spoofed" website looks like the real website; however, once you have entered your login information, this is recorded and the criminals can then logon to your account at the legitimate Investec site.

To verify that you are at the correct site, refer to Site certificates.

What are trojans?

Trojans, which take their name from the term “Trojan Horse”, are a type of computer virus that can be installed on your computer without your knowledge. Trojans are sometimes capable of installing a key logger, which captures all the keystrokes entered on a computer keyboard. Some Trojans seek to capture passwords entered on certain websites, by capturing keystrokes or taking screen shots of the sites you visit. This information is then sent to fraudsters over the internet.

Usually fraudsters will send out emails at random, encouraging you to click on a link in the email and visit a malicious website where the Trojan is installed. The emails are not only related to internet banking. They try to trick you into visiting the malicious website using a variety of excuses.

What are the minimum technical requirements for using Online Services?

Hardware requirements

• Pentium or more advanced personal computer
• 56k Modem or higher for Internet connectivity
• 128 Mb or higher memory

Software requirements

• Windows 2000/XP (Windows XP with service pack 2)
• Screen resolution = 800 x 600 or higher
• Internet Explorer 5.5 or more advanced version
• Firefox 1.4 or more advanced version
• Mozilla 1.4 or more advanced version
• Netscape 6 or more advanced version
• Conqueror 3 or more advanced version
• Up to date anti-virus
• Adobe Acrobat reader version 6 or higher

Investec logon

The following screen images were generated using Internet Explorer 5.5 SP2. Your screen may look slightly different if you are using an alternative browser.

To ensure that you are connected to a secure Investec site, please verify that the lock at the bottom of the screen is displayed and the address https://www.secure.sso.za.investec.com/sso/page.cfm is displayed in the "Address" field of the browser at the top of the screen.

Site certificates

To check the site certificate:

• Double click on the lock at the bottom of the screen
• Click on the "Details" tab and then the "Subject" field

Ensure that the certificate has been issued to Investec

Click on the "Certification Path" tab to verify the status of the certificate.

General advice for home computers

As most viruses are transmitted via attachments to emails, be very cautious when you receive emails, especially from unknown people.

If you know the sender of an email but are not expecting the email, ask the sender if they meant to send it before you open any attachments. Their computer may be infected with a virus that has automatically sent itself to you.

If an email "appears" to come from your internet provider or Microsoft, be very cautious. Hackers are easily able to "spoof" an email to make it look like it comes from somebody else. Microsoft never sends updates via email.

Viruses (or virii) can also be transmitted via mechanisms such as MSN-Messenger, Yahoo-Chat and Kazaa. Again do not trust any files that are sent to you.

Change your passwords regularly and do not use words like your pet's name, partner/children's name or your hobby– (they are all easy to guess).

Install a personal firewall (see firewall section) and have an up-to-date anti-virus program to capture any viral programs that may be sent to you.

Keep your computer updated (Microsoft Windows has hundreds of bugs, which Microsoft issues fixes or patches for). Go to Microsoft updates.

If you receive an unwanted email saying "reply to unsubscribe", ignore this. The sender uses this to confirm your email address is valid - and send you more emails.

Protect yourself against viruses

The most common way to receive a virus is via an attachment to an email.

Attachments may appear to be word documents, spreadsheets or pictures but often contain malicious viruses.

We scan all emails using multiple anti-virus products to ensure they are not infected. If you use email at home, you should use an anti-virus product to protect yourself.

There are many anti-virus products and some are available for home users free of charge.

• www.mcafee.com
• www.symantec.com
• www.grisoft.com
• www.bitdefender.com

With any anti-virus product, it is important to keep it up to date to protect against new viruses that are released. At present, the hacking community releases a new virus every day.

Most commercial products (e.g. McAfee and Symantec) have a mechanism to update themselves automatically. The free products normally need to be updated manually.

Install a firewall

Hackers also infect home computers by connecting to the computer while you are surfing the internet.

The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall.

There are several options on the market, again some free, some commercial. The commercial options are, however, not necessarily better.

• www.mcafee.com
• www.symantec.com
• www.blakice.iss.net
• www.zonelabs.com
• www.sygate.com

The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your PC.

At first, the firewall may ask you what you want to allow in or out, but soon learns to make these decisions independently.

The most important point is never to allow anyone from the internet to connect to your computer.

Clean up your machine

Once you have installed an anti-virus and a firewall, you are able to use certain products to clean your computer and remove any spy programs that have been installed.

Various websites use small programs to track your activity, and use the information to target you with advertisements. Ad-aware (from http://www.lavasoft.de/) removes all the tracking programs and cookies, restoring your privacy.

If your computer has been infected in the past, hackers often install backdoors (or Trojans) to allow them to take over your machine again. The Cleaner (from www.moosoft.com) detects and removes all known Trojans. This is a commercial product (US$30) but you are able to download a free trial.

Finally go to www.grc.com and follow the "shields up" links to see how your machine looks from the internet. This site scans your computer to show you how hackers see your PC. This shows how vulnerable you are if you do not have a firewall installed. Do not try this application at Investec as it will be unable to function through our firewalls.

In summary

• Install an anti-virus program
• Install a firewall
• Clean up and remove all the spyware that hackers have installed

General disclaimer: This document is meant for general education purposes only and does not reflect Investec’s recommendation or support of any specific product or service. Unfortunately Investec cannot provide support for your home or personal computers.