Online Security
Protecting yourself from fraud
-
ShellShock / Bash vulnerability
You may be aware of media reports regarding a security bug called ShellShock or Bash which allows criminals to attack and compromise vulnerable systems.
Investec takes the protection of your information and our banking services seriously. We reassure you that none of our online systems are affected by this vulnerability and that we continually monitor the security of our sites and take ongoing action to protect them.
If you have any queries, please contact your Private Banker or email investecfd@investec.co.za
-
Helping you to stay safe online
Advice on how to keep your identity, computer and money safe while using the Internet.
What should I do if I've fallen victim to fraud on my Investec accounts?
Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.
-
We take online security very seriously
We place the highest priority on your online security; however you need to take some basic precautions when using the Internet and banking online, to protect your identity, your information and your finances.
-
What we are doing to protect you
We place the highest priority on the confidentiality and security of your financial information and transactions and are constantly reviewing our infrastructure and security measures, such as firewalls and encryption technology to ensure they’re up to date and meet our stringent security requirements.
We invest significant resources in maintaining the security of Investec Online Banking, some of them are detailed below:
Data encryption
Our Online Banking service is hosted on a secure, 128-bit encrypted server. This means that any information you send us is encoded for your protection.
Timed log out
Online Banking logs you out if you don't use the service for 10 minutes. This gives you added protection if you forget to log yourself out.
Deactivation of your login details
We'll automatically disable your access to Online Banking if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to get into your accounts.
Shopping on line
Visa Secure, which we provide in association with Visa, protects your cards against unauthorised use when you shop online at participating retailers. When you buy something in a shop using a Investec Card, you validate the transaction by entering your PIN or signing a receipt. Visa Secure mimics this process online by providing a digital receipt that you authorise using a password.
Travelling abroad
If you're planning to travel, it's best to let us know in advance. This helps avoid problems with using your cards and accounts overseas, as well as helping to protect you from fraud while you're away.
'Traffic lights' - extended validation certificates
If you use one of the more recent Internet Browsers, when you log in to our online banking service, the address bar (which starts with 'https://') will turn green. It's an extra way of helping you check that a website is safe, secure and trustworthy.
-
What you need to do to protect yourself
To stay secure, please read the following recommendations for best practice online security options:
Install a personal firewall product
Hackers can infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free.
- McAfee
- Symantec
- Zone Labs
The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer.At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.Regularly use an antivirus product, and keep it updatedThese products can also scan for spyware and adware.The most common way to receive a virus is through an attachment to an email. Attachments may appear to be word documents, spreadsheets or pictures but often contain malicious viruses. If you use email at home, you should use an anti-virus product to protect yourself and never open an attachment that has not come from a trusted source.There are many anti-virus products and some are available for home users free of charge:- AVG
- Kaspersky
- McAfee
- Symantec
- Zone Alarm
With any anti-virus product, it’s important to keep it up to date, so to protect against new viruses that are released. Most commercial products (such as McAfee, Kaspersky and Symantec) have a mechanism to update themselves automatically. The free products typically need to be updated manually.The anti-virus product should also be scheduled to scan your computer regularly in order to detect and clean out any viruses.Do not open unsolicited emails with attachmentsThese may contain a virus. Also, if you receive an unwanted email saying "reply to unsubscribe", ignore it. Senders can use this to confirm your email address is valid - and are then likely to send you more emails.Review your “Sent items” folderIf it contains messages that have been sent without your knowledge, your computer may have a virus or may have been compromised.Update your operating system (Windows, Mac) and browser (Internet Explorer, Firefox, Safari).
Make sure your computer software has all the necessary security updates available from the vendor. It’s best to ensure this is done automatically.Ensure no one has unauthorised access to your computer.Destroy or delete anything containing login details or security information, even if we sent it to you.Never email, write down or tell someone your security information or logon details.The only time you will ever need to enter your Investec Online Banking user ID, password and secret is when you log on to Investec Online Banking at investec.com.Do not save login details or passwords on your computerDisable, refuse or decline any on-screen prompt on your computer which asks if you wish the computer to remember any of your security information or logon details.Avoid reusing the same security informationYou should create and use different passwords for each service provided by us, another member of Investec Group or another service provider.Don’t leave a computer unattended while logged on to Investec Online Banking.Change your passwords regularlyAvoid familiar names, numbers and places (such as birthdays and phone numbers).Be aware of ‘shoulder-surfers’Shoulder surfing refers to people who use direct observation techniques, such as looking over someone's shoulder to get information. Shoulder surfing is particularly effective in crowded places because it’s relatively easy to watch someone as they fill out a form or enter their PIN or passwords at a cash machine or while using online banking.Protect your printed or physical information just as you would protect your valuablesThis includes statements from financial institutions, shops and utility bills. Shred or destroy any personal documents you don’t need to keep.Always log off from Investec Online BankingIt’s important to always end your session by clicking on the Log off menu item before closing the browser. Investec Online Banking does have an automatic timeout feature for security purposes, but we always recommend you end your Investec Online Banking session once you’ve completed your online banking activities. -
Identity theft and Social engineering
Social engineering
Social engineering is the act of manipulating people into doing what you want. In terms of online fraud, a fraudster will usually trick people into disclosing their passwords, log-in details or other confidential information.
You can protect yourself by:
- Not disclosing confidential information over the phone unless you're absolutely sure of the caller's identity. If in doubt, ask for the caller's phone number and check it to see that it's genuine.
- Please note, we may send you emails from time to time. However, we will never send you an email asking for your security information or logon details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking.
- Keeping your PIN confidential at all times. Banks, including us, will never ask you to disclose your PIN.
Identity theftYour identity is a valuable commodity, however over 100,000 people fall victim to identity theft each year.Identity theft is when a fraudster steals your personal or financial details, which criminals then use to impersonate you, open bank accounts, obtain credit or set up businesses.Once your details are stolen, you could become a victim of identity fraud.Be suspicious if you notice any of the following:- Bills, invoices or receipts addressed to you - for goods or services you haven't ordered
- Letters from solicitors or debt collection agencies regarding debts that aren't yours
- Letters or statements for bank accounts you did not open
- Transactions appearing on your bank statements (normally withdrawals) that you don't recognise
- New accounts showing up on your credit report
- Documents like your passport, driving licence, utility bills or bank statements have gone missing
If you’ve been a victim of identity fraud you should act quickly – don’t ignore the problem. Even though you didn’t order those goods or open that bank account, the bad debts will end up under your name and address.Contact us immediately if you think you are or may be a victim of fraud on your Investment account, Investec card or Bank account or you suspect that somebody has accessed your on line account.If you think you’re a victim of this kind of identity fraud, you should report the matter to the relevant organisation. Depending on their advice, you should then alert your local police force. You should report all lost or stolen documents – such as passports, driving licences, plastic cards, cheque books – to the relevant organisation.You can learn more about identity theft at the UK Police’s Action Fraud website. -
Advance fee frauds or Nigerian 419 scams
Advance Fee Frauds or Nigerian 419 scam (the name comes from section 419 of the Nigerian criminal code) combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter or email offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author is trying to transfer illegally out of a developing country. The scheme relies on convincing a willing victim, to send money to the author in several instalments of increasing amounts for a variety of reasons.
Payment of taxes, bribes to government officials, and legal fees are often described in great detail with the promise that all expenses will be reimbursed as soon as the funds are spirited out of the country. In fact, the millions of dollars do not exist, and the victim eventually ends up with nothing but loss.
If you receive a letter or email from anybody asking you to send personal or banking information, do not reply; simply delete the letter or email.
Remember the golden rule: If it sounds too good to be true, it probably is.
-
Online Frauds
Phishing
Phishing (pronounced fishing) is a process used by fraudsters in an attempt to acquire your confidential information by sending out emails or other kinds of messages that direct you to bogus websites or phone lines. They believe that if they send out enough emails somebody will respond (or “bite”) and provide personal or financial information.
These emails or messages claim to be from a particular company, so they often look legitimate. But these messages are actually sent by fraudsters, often at random. Any information you disclose on these bogus websites or phone lines is captured by the fraudsters.
You can protect yourself by treating any unsolicited emails or calls that ask for confidential information with suspicion. If in doubt about the validity of a particular message, contact the company that supposedly sent you the message to make sure it’s genuine.
To learn more about phishing, visit the UK banking industry’s website Bank Safe Online.
If you have received a fraudulent or suspicious email, which you have not responded to please forward the e-mail to phishing@investec.co.za.
If you have responded to a phishing email please Contact us as soon as possible to help us protect you and your finances.
Please note, we may send you emails from time to time. However, we will never send you an email asking for your security information or logon details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking.
Computer Malware
Malware is the collective term for any malicious software that might infect a computer, including Trojans, viruses and spyware. The development and spread of malware is becoming increasingly sophisticated and is driven by organised criminals for financial gain.
Trojans
A trojan is a type of malware that is capable of stealing information, recording your passwords and other personal details by capturing your keystrokes or taking screen shots of sites you visit. These details are then sent to the fraudsters to help them steal your money.
Trojans can be installed from infected websites or storage devices connected to the computer and you may not even know that you are infected.
The best way to protect yourself from trojans is to install firewalls and internet security software on your computer and to keep these things up-to-date.
Computer Viruses
Viruses are designed to replicate and multiply, spreading between computers. They can cause severe problems, sending out spam email, slowing down or crashing your computer, corrupting or deleting files, and sending confidential information to fraudsters. Viruses may even redirect your internet browser to spoof websites.
The most effective protection is to keep your computer’s security up-to-date and anti-virus up-to-date.
Spyware
Spyware is designed to invade your privacy, gathering information about your computer and internet activity. Spyware can also be responsible for irritating pop-up adverts, slowing down your computer, and sending confidential information to fraudsters.
Spyware can be installed from infected websites or storage devices connected to the computer and you may not even know that you are infected.
The most effective protection is to keep your computer’s security up-to-date. Many anti-virus packages now come with built-in protection against spyware, so make sure you always have the latest version.
Money mules
Most bank accounts do not allow customers to make online cross-border transfers. Since most online fraudsters tend to be based outside the UK or SA, they need people to help launder the funds they receive from their scams. These people are called money mules and they are often innocent victims themselves.
Money mules receive funds into their accounts that fraudsters have stolen. These funds generally come from other victims whose bank accounts UK have been compromised. The money mules are then encouraged to send the funds to the fraudsters overseas using a wire-transfer service, minus their commission.
Money mules are recruited through a variety of methods, including spam emails, genuine job search websites, email responses to a victim's online CV, instant messaging and newspaper ads.
This scam offers you the chance to earn some easy money for a few hours' work each week, but beware: Handling money that's been obtained fraudulently is a crime, even if you're not knowingly complicit in the crime.
You can protect yourself from becoming involved by:
- Treating any unsolicited job offers with suspicion, especially if the company is based overseas.
- Verifying the details of any company that you’re considering working for.
- Not giving your bank account details to anyone whom you don't know and trust.
Assisting a criminal transfer of monies to another account could make you subject to criminal investigation, which may lead to your prosecution.
Remember the golden rule: If it sounds too good to be true, it probably is.
For more about money mules, visit the UK banking industry's website Bank Safe Online.
- Treating any unsolicited job offers with suspicion, especially if the company is based overseas.
-
Card Fraud
Lost and stolen card fraud
Counterfeit card fraud or skimming
A counterfeit card can be a fake card or a valid one that’s been altered or recoded.
Most cases involve skimming, when the data on your card’s magnetic strip
is electronically copied on to another card without your knowledge.
Skimming commonly occurs at retail outlets – particularly bars, restaurants and petrol stations – and at cash machines that have been illegally fitted with a skimming device. The stolen data is then used to create counterfeit cards. Most people are unaware that they’ve fallen victim to this fraud until their statements arrive.
To protect yourself:
- Don’t leave your card with bar or restaurant staff for long periods
- Don’t let retail staff take your card away to process payments
- Check cash machines for signs of tampering before you use them
Card-not-present fraud
This is the most common type of card fraud. It occurs when fraudsters steal your card details and use them to buy things over the internet or by phone, fax or mail. Always be aware of who you are dealing with.
To protect yourself:
- Avoid entering your card details on shared or public computers
- Always remember to log out of any websites where you’ve entered your card details
- Only enter your card details on secure sites (ie, those whose web address begins with ‘https’ and have a padlock in the browser window)
- Keep a close eye on your statements and report any fraudulent transactions immediately
What should I do if I've fallen victim to card fraud
Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.
ATM Frauds
In 2013, there has been an increase in ATM card swapping and jamming:
Card swapping usually happens when a fraudster claims that the ATM is faulty and offers a client assistance. He/she will then swop the client’s card and use it at another ATM to withdraw funds.
With card jamming, an ATM is tampered with and will hold a client’s card in the card reader. The fraudster will then collect the card and attempt to withdraw funds from the account at a later stage.
Tips to keep safe at ATMs:
- Contact us immediately report any suspicious activity to them.
- If anyone offers to assist you at an ATM or is lurking around the area, rather go to another ATM.
- Keep your PIN safe at all times. Don't write your PIN down or save it on a device, rather memorise it.
- Make sure you are using the correct card at the ATM and make sure you get the correct card back when you are done.
- Be aware of any skimming devices and mini cameras attached to the ATM and look out for any sign of tampering with the card reader slot.
- If you receive an SMS notification for a transaction that you are unaware of, please contact the Investec Client Support Centre immediately.
- If the ATM keeps your card or it is lost or stolen, please contact the Client Support Centre immediately to cancel the card.
Courier or Police Scams
Typically a courier card scam involves customers being tricked into handing over their bank cards and PINs to fraudsters.
The scam starts with an unexpected phone call from someone claiming to be from the bank's fraud department, the police, or National Fraud Authority.
The caller will claim to have identified fraudulent transactions on your account and that your card has been compromised.
To gain your trust they may ask you to verify the call by phoning the telephone number printed on the back of your card, or give you another number to call.
This technique holds your phone line open, so that when you try to dial out, they can intercept and re-answer the call, claiming to be the Bank or Law Enforcement.
The fraudster will advise that your bank card must be collected to protect your card and assist an investigation. Usually they ask you to put your card into an envelope for a courier to collect and provide you with a fake reference number.
Now you'll be asked to enter your PIN into the phone, or put it into the envelope with the card. A courier comes to your home and collects the card. With your card and PIN, they can now gain access to your account and carry out fraudulent transactions.
PLEASE NOTE: The bank may genuinely call you for fraud prevention purposes to verify whether a transaction is genuine. We will NEVER ask to collect your card, for your PIN number, card details or Online/Telephone banking log-in credentials.
-
Cheque Fraud
How does cheque fraud occur?
Cheque fraud takes place when a fraudster uses a stolen or counterfeit cheque to pay for goods and services. More than 90% of fraudulent cheques are stopped before any loss occurs. But even so, cheque fraud still costs millions of pounds a year.
These losses can be compounded when the fraud also involves an ‘overpayment’. This occurs when the fraudster – who is often part of an organised gang – targets the seller of a high-value item, such as a car, and offers to pay using a stolen or counterfeit cheque made out to more than the price of the goods. Once the cheque clears, the victim is asked to transfer this ‘overpayment’ to a third party, as well as handing over the item to the fraudster.
When the real cheque owner discovers that money has been stolen from his or her account, the victim can be obliged to repay the total sum – even if this happens several weeks later.
How to protect yourself against cheque fraud
- Don’t accept cheques from anyone unless you know and trust them, especially when a high-value cheque is involved.
- Be aware that there’s a risk that money credited to your account from a cheque could be reclaimed if the cheque turns out to be stolen or counterfeit.
- Always consider other ways of accepting payment for high-value items – a CHAPS payment (or guaranteed, same-day bank transfer) is ideal. Be especially wary if the buyer is unwilling to pay or split the relatively small cost involved with you.
- Keep your chequebook in a safe place.
- Report any missing cheques to your bank immediately.
- Always check your bank statements thoroughly.
What should I do if I've fallen victim to cheque fraud
Contact us immediately if you think you are or may be a victim of fraud on your Investment Account, Investec card or Bank account.
Protect your email account from hacking and fraud
Email is now critical to your day-to-day activities and is used for more than simply communicating with friends and colleagues. For example, you may use your email to:
- Store receipts and statements
- Store the registration information for purchased software
- Assist with the recovery of password for websites such as iTunes and eBay
- Store details about airline and hotel bookings, with passport and ID information
- Receive confirmation of financial transactions
Your email account is now immensely valuable and needs to be protected from loss or theft by criminals, who use a variety of techniques to try and steal the password to access your account:
- Guessing a simple passwords
- Tricking you to enter your password into a fake site (this is called phishing)
- Installing a virus on your computer to capture the password as you log in
- (this is increasingly common in public internet cafes and airport lounges)
To protect your email account from being stolen, you can take some simple steps:
- Use a strong password. A dictionary word used for a password can be ‘brute forced’ in seconds. Ideally, make it a phrase (ILikeIceCream) and then add some numbers (19ILikeIceCream76). This would be nearly impossible for the criminals to guess (and easier for you to remember).
- Don’t trust unsolicited emails and don’t click on the links in unsolicited emails. Criminals often send out emails that look like they came from your Bank, SARS or Professional Institutions (eg SAMA, SAICA, etc) with links to fake websites where they capture your passwords as you try to log in.
Investec will never ask you to enter your username or password via an email. If you do receive a with a link to log in, it is a fake and an attempt to defraud you.
- If your email provider (Gmail, Outlook, Yahoo, etc) supports strong or two-factor authentication, make sure you use it. The following section provides details of how to do this.
- If you suspect that your email account has been compromised, change your password immediately (from a known and trusted PC).
- The following section gives you advice on enabling strong or two-factor passwords on your email accounts.
-
Protect your email account from hacking and fraud
Email is now critical to your day-to-day activities and is used for more than simply communicating with friends and colleagues. For example, you may use your email to:
- Store receipts and statements
- Store the registration information for purchased software
- Assist with the recovery of password for websites such as iTunes and eBay
- Store details about airline and hotel bookings, with passport and ID information
- Receive confirmation of financial transactions
Your email account is now immensely valuable and needs to be protected from loss or theft by criminals, who use a variety of techniques to try and steal the password to access your account:
- Guessing a simple passwords
- Tricking you to enter your password into a fake site (this is called phishing)
Installing a virus on your computer to capture the password as you log in(this is increasingly common in public internet cafes and airport lounges)
To protect your email account from being stolen, you can take some simple steps:
- Use a strong password. A dictionary word used for a password can be ‘brute forced’ in seconds. Ideally, make it a phrase (ILikeIceCream) and then add some numbers (19ILikeIceCream76). This would be nearly impossible for the criminals to guess (and easier for you to remember).
- Don’t trust unsolicited emails and don’t click on the links in unsolicited emails. Criminals often send out emails that look like they came from your Bank, SARS or Professional Institutions (eg SAMA, SAICA, etc) with links to fake websites where they capture your passwords as you try to log in.
- Investec will never ask you to enter your username or password via an email. If you do receive a with a link to log in, it is a fake and an attempt to defraud you.
- If your email provider (Gmail, Outlook, Yahoo, etc) supports strong or two-factor authentication, make sure you use it. The following section provides details of how to do this
- .If you suspect that your email account has been compromised, change your password immediately (from a known and trusted PC).
- The following section gives you advice on enabling strong or two-factor passwords on your email accounts.
Gmail
Google provide a service (similar to online banking) where they will send you an SMS with a unique PIN which you will then need to enter to access your account. This is the best way to protect your account details from being stolen.
Also ensure that you request Google to notify you by email and phone when any changes are made to your account. If you do, you will receive an email with information about any changes you have made to your account’s security settings.
How to set up two-step verification on Gmail
- Sign into your Google Account settings page by clicking on your name or picture in the upper right corner of the screen and then click on ‘Account’.
- On the left tab, click on ‘Security’ and then ‘Edit’ under ‘2-Step verification’.
- You will then see a step-by-step guide to help you through the setup process.
- Once you are done, you will be taken to the two-step verification settings page again. Be sure to review your settings and add backup phone numbers.
- You are done! Next time you sign in, you will receive an SMS with a verification code.
Easy Gmail setup for Android users
If you only access your Google Account from Android devices, you can use a short walkthrough to set up the Google Authenticator application on your phone. With Google Authenticator, you can generate verification codes on your phone even if your phone is not connected to a network.
- Sign into your Google Account settings page by clicking on your name orpicture in the upper right corner of the screen and then click on ‘Account’.
- On the left tab, click on ‘Security’ and then ‘Edit’ under ‘2-Step verification’. Then click on ‘Settings’.
- Android users (4.0 or older) will see a screen with the option to install the Google Authenticator app.
- If you prefer to receive codes by SMS instead of using the Google Authenticator app, click on the link at the bottom of the screen that says ‘You can receive codes by text message (SMS) or voice instead’ and follow the instructions to complete the setup
- If you would like to use Google Authenticator, click ‘Send me the app’ to install the app on your phone and follow the instructions on your screen to complete the setup process.
- You are done! Next time sign in, you will be prompted to enter a code you will receive from the Authenticator app.
Yahoo
Yahoo checks not only the password when somebody attempts to log into your account, it also looks at the location and computer where the attempt is made. If it looks suspicious (such a device you have never used before), Yahoo! Mail can require more than just your password, but you must have enabled two-step authentication.
If you have enabled two-step authentication, a second step is necessary to complete login. This can be a code sent to your mobile phone or answering security questions. You can also turn off the latter and require only mobile phone verification.
The Yahoo! Mail account is then as secure as your password and access to your mobile.
How to protect your account with two-step authentication
To add a second layer of authentication for suspicious login attempts (from a new country, for example) to your Yahoo! Mail account:
- Hover the mouse cursor over your name or icon in the top Yahoo! Mail navigation bar
- Select ‘Account Info’ from the menu
- If prompted, type your Yahoo! Mail password under ‘Password’
- Click on ‘Sign In’
- Under ‘Sign-In and Security’, follow the ‘Set up your second sign-in verification’ link
- Under ‘Further Protect Your Account’ make sure ‘Check this box to turn on the second sign-in verification’ is checked
- If you already have a mobile phone number associated with your account, click on ‘Use Current Phone’ to use it for two-step authentication or click on ‘Use New Phone’ to use a different phone number.
Please note that the form on this page may not allow you to enter phone numbers in all the countries Yahoo! can actually deliver verification codes to. You can add those mobile numbers on your account (see below).
If you have not yet set up a mobile phone number or chose ‘Use New Phone’
- Enter your phone number under ‘Second Sign-In Verification Setup: Add Mobile Phone’
- Click ‘Receive SMS’
- Type the verification code received at the number under ‘Enter code’. The code is not case-sensitive
- Click on ‘Verify Code’
- To request SMS message verification under ‘Your second sign-in verification is turned on’, choose ‘Use only my mobile phone number for verification’
- For a two-step authentication with a password and security question, you can choose ‘Use either my security question or mobile phone number for verification’.
Two-step authentication will only apply when you are accessing through the website, not when you are using an App on your phone or PC.
How to add a mobile number not recognised on the two-step verification form
To set up a new mobile phone number for recovering access to Yahoo! Mail:
- Click your name or avatar in the top Yahoo! Mail navigation bar
- Select ‘Account Info’ from the menu
- Follow the ‘Update password-reset info’ link under ‘Sign-In and Security’
- Click ‘Add another under Mobile Numbers’
- Enter your mobile phone number
- Click the country code to pick a different one
- Click on ‘Save’.
Hotmail
To enable two-step authentication, visit the https://account.live.com and then navigate to https://account.live.com/proofs/Manage. Here, you will see a link to set up two-step verification.
Please note: You cannot have other Microsoft accounts linked to the Microsoft account you are trying to enable two-step authentication for. If you do, you will be prompted to unlink the accounts.
There is a short wizard. All you really need to do is be contacted via one of the alternate methods you previously supplied, for example a second email address. Microsoft will send a code to that account with the message “We need one more way to make sure you’re you”. When you enter the code, it enables the two-step verification.
Use two-step authentication
Two-step authentication is used in two ways - a security code or an app password. Put simply, whenever you need to sign into anything with your Microsoft account credentials (username and password), try doing so normally. If it works, great. Otherwise, you could be prompted to enter a security code. If not, you will need an app password.
Security code
If you have signed into Windows 8 with a Microsoft account and trusted the PC, you would have seen the security code prompt: ‘Microsoft will send a text message to your mobile phone that contains this code’.
You must then enter that code on the website or in Windows or wherever you are prompted. That is one form of two-step authentication - your Microsoft account credentials plus the security code.
App password
You can now also create an app password for those apps or devices that do not work with the security code system.
One example is Microsoft Outlook 2013. If you had previously configured Outlook for Hotmail or Outlook.com and then configured the underlying Microsoft account, the next time you use the application, you will be prompted to enter your credentials again. Your normal password will not bwork - you need an app password.
You can generate an app password at the https://account.live.com, again from https://account.live.com/proofs/Manage.
Just tap the link ‘Create a new app password’ under App Passwords. When you do, you’ll be provided with an app password that you can type (or copy and paste) into the application.
This also works from mobile browsers like the one on Windows Phone. This is handy because you may run into this issue with mobile apps as well. You can then use the phone’s copy and paste capability to get the app password into the mobile app that’s not authenticating properly against
your Microsoft account.Authenticator mobile app
When you need to generate a security code but have no cellular coverage, for example when you are flying, Microsoft provides a mobile app called Authenticator that can generate these codes in offline mode.
You need to configure the Authenticator app to work with your Microsoft account. Visit https://account.live.com/proofs/Manage on https://account.live.com.
But this time, click the ‘Set up’ link under Authenticator app. In the next screen, you will be prompted to pair your phone with your Microsoft account using a bar code tag.
In the Authenticator app on Windows Phone, tap the Add (+) app bar button to add your account.
Then, tap the ‘Scan’ button that resembles a camera icon to scan the bar code. The app will quickly scan the bar code and then generate a code that you can type into the web page. Then, click the ‘Pair’ button to complete the process.
Going forward, the app will generate a new code automatically every 30 seconds. If you ever need to use a code to sign into your Microsoft account and your phone is offline, you can use this app to get the code.
-
Companies not connected to the Investec Group
It has come to our attention that members of the public are receiving telephone calls and correspondence from the following people and companies:
Maurice O’Leary, Compliance Director
Miss. Noleen Charles, Client Services Manager
Objective Returns PLC
2nd Floor, Beaux Lane House
Lower Mercer Street
Dublin 2
Tel: 00353 1902 3930
Fax: 00353 1902 3934
Quoting the FCA regulation number: 580716
The Financial Conduct Authority (FCA) already has a warning message on their website concerning Objective Returns. Please refer to the FCA’s website:
http://www.fca.org.uk/news/warnings/objective-returns-cloned-firm
Please note neither of the aforementioned persons or companies are connected to or represent Investec Private Bank PLC or any other Investec Group Company.
-
Accessibility
We recognise that its important to provide a website that is accessible for all users. Accordingly, we have worked to ensure that our site can be easily used by people with disabilities.
To ensure we are as accessible as possible we have made significant changes to achieve a Conformance Level "A" of the Web Content Accessibility Guidelines on investec.com. Most pages adhere to Conformance Level "A".
-
Accessibility features
We have introduced the following features to ensure the best use of our site by all of our users.
Headings and navigation menus
HTML heading tags are used to convey document structure. H1 tags are used for main titles, H2 tags for subtitles etc.
Navigation menus are marked up as HTML lists. This ensures that the number of links in the list is read out at the start and it can be skipped easily.
Images
All images used in this site include descriptive alt tag attributes. Where an image has no use other than being decorative the alt tag is set to null to allow easy reading of the site by all users.
Colours
We have taken care to ensure that the site's font and background colour combinations contrast significantly and are effective in ensuring information is still clear when viewed in different colour combinations.
If you wish to override the site's colours, you can do this by changing your browser settings to your own preference.
Font size
Most of the font sizes we use on our site are sizable. You can change the font size to make it either larger or smaller via your browser settings. You can change the font size in the following ways depending on your browser;
- In Internet Explorer; select View, then Text Size, and then your preferred size.
- In Netscape; select View, then Text Zoom, and then your preferred percentage size. Stylesheets
This site uses cascading style sheets for all visual layout. If your browser or browsing device does not support stylesheets at all, the use of structured semantic mark up ensures that the content of each page is still readable and clearly structured.
Tables
Most data tables have properly scoped header cells, to allow screen readers to render them intelligently. We have also ensured table summaries are used as well as captions where appropriate.
Tables used for layout use none of the above attributes to ensure that they are not confused with data tables.
Forms and fields
All form fields follow a logical tab sequence to ensure easy navigation. Most form fields also have ‘label’ and ‘id’ attributes to explicitly associate the form field with its label to allow for easy entry of data.
JavaScript
If you disable Javascript, you can still access the site’s content.
Links
All links have been written to make sense when taken out of context. Where appropriate, we have also added link title attributes to describe the link in greater detail.
Copy
Abbreviation and acronym tags have been used where appropriate to ensure abbreviations and acronyms are given a full textual explanation. We have also ensured that blockquotes are only ever used for identifying quotations. They are not used for formatting purposes.
Useful links
If you would like to know more about accessibility and the Internet, you may be interested in the following websites:
- www.bbc.co.uk/education/betsie - BBC web pages specially constructed to improve clarity for visually impaired users. The website also includes other useful links.
- www.bcab.org.uk - British Computer Association of the Blind
- http://www.disability.gov.uk/ - The Disability Discrimination Act 1995 (DDA)
- JAWS - a screen reader for use with Windows
- Lynx - a free text-only web browser for visual users with low bandwidth
- Links - a free text-only web browser for blind users with refreshable Braille displays
- www.rnib.co.uk - The Royal National Institute for the Blind
- www.w3.org/WAI - W3C accessibility guidelines