Online Security
-
What is the importance of security?
Investec Private Bank places the highest priority on the confidentiality and security of its clients and their financial transactions. As the internet is a potentially risky environment with the threat of trojans, viruses and phishing attacks we will always endeavour to ensure that your interaction with Online Services is as secure as possible.
We have invested significant resources to ensure that all online banking transactions concluded on the Investec Bank website are secure. This is done by using firewalls and encryption technology. Furthermore, we continually review our infrastructure and security measures to ensure that they are up to date and meet our stringent security requirements. -
How can you avoid becoming a victim of online fraud?
- Ensure your computer is safe
- Do not respond to emails requesting personal or log-in information
- Do not log into Online Banking via any emails with hyperlinks or shortcuts
- Do not divulge your personal or log-in information (User ID, pass phrase and PIN) to anyone and change your PIN regularly
- Ensure that no one has unauthorised access to your PC.
- Review your “Sent items” folder for messages that may have been sent without your knowledge
- Ensure that the Online Banking website address is accurate or enter the site exclusively through Investec.com (using the link on Investec.com)
- Ensure that the browser at the top of the Online Banking site is green
- Ensure that your pass phrase is correct before entering your PIN
- Always log out using the log out button before closing the browser
- Do not log into Online Banking on public networks or in internet cafes
- Keep browsers up to date with the latest security patches
- Install a personal firewall product which will help to protect your PC while you are online
-
How secure is the site?
We use the most advanced 128-bit encryption technology, which allows information to be transmitted between your web browser and the Online Banking servers, while preventing any third party from understanding the encrypted information. This encryption will not protect you from key logging software or "spyware".
We have deployed state-of-the-art software to protect our internal systems and your sensitive data.Extended Validation – Secure Socket Layer (EV SSL)A new security measure called EV SSL has been implemented on Online Banking to help protect you from phishing attacks and attempted internet banking fraud.
EV SSL certification works with high security web browsers (such as Internet Explorer 7) to identify whether a site legitimately belongs to a company (i.e. Investec Private Bank) or is a fraudulent site imitating ours.
The Extended Validation is only issued to companies that comply with the prescribed stringent validation standards. This makes it difficult for fraudsters to have the EV functionality on their sites. -
How EV SSL Certification works
You need to have the most recent version of Internet Explorer or Mozilla Firefox, with the correct browser settings, to use this functionality. If you are using Internet Explorer 7 and the site is correctly linked to the EV SSL Certificate (i.e. is the genuine Investec Private Bank site):
The address bar will turn green:
Address bar
A padlock will appear in the address bar with the wording "Investec Bank Limited [ZA]":
PadlockIf, however, the site is a phishing site or a fraudulent site, the address bar will not appear green.
-
What is encryption?
Encryption is a way of converting a meaningful message between two computers into a message that is unlikely to be interpreted, understood or viewed by anyone other than the intended recipient. We use this technology to ensure that all transactions between you and Investec remain confidential.
We have implemented encryption by using industry standard "site certificates". When using our online services, please look for the closed lock at the bottom of your screen to verify that the communication is secured.
To enable encryption between yourself and Investec, use one of our supported browsers (see software requirements below).
What are key loggers?
Investec Private Bank offers clients a safe and secure environment in which to do Online Banking. Staying true to our commitment, we take this opportunity to highlight the importance of protecting your data from key loggers.
Keystroke loggers, commonly referred to as key loggers, record all keystrokes entered on a computer through your keyboard. On occasion, criminals intercept data captured by key loggers and use this data, for example passwords, to commit fraud online.
There are two types of key loggers, software and hardware.
Software key loggers can be either be installed directly on to the PC or delivered within an email message. As a precautionary measure against online criminals, keep your data protected when using software key loggers by updating your anti-virus and firewall software regularly. Ensure that you update the virus definitions and the security signatures as often as possible. There are a number of reputable anti-virus and firewall vendors available, including Norton and McAfee who have combined their anti-virus and firewall into one easy-to-use product.
As an added security measure, products such as Lavasoft Ad-Aware notify you of any ‘spyware’ by scanning your computer on a regular basis.Hardware key loggers are installed on the cable between your keyboard and computer. Retrieving data from this key logger is difficult and more advanced as the physical unit has to be removed to use the data. Protect your data by being more aware of who has access to your computer and by avoiding public computer terminals for online banking.
-
What is phishing?
Phishing is a practice where fraudsters send emails at random, which claim to come from a genuine company that is operating on the internet. The purpose is to trick customers of that company into disclosing information using a bogus website operated by the fraudsters. Usually, the emails tell you that it is necessary to "update" or "verify" your customer account information and they encourage you to click on a link in the email which takes you to the bogus website. Any information you enter on the bogus website will be captured by the criminals for fraudulent purposes.
-
What is "spoofing"?
"Spoofing" is a practice that criminals use to lure you to their site, with the express purpose of defrauding internet bankers and shoppers. This is often done by intercepting your request and redirecting it to another site. A "spoofed" website looks like the real website; however, once you have entered your login information, this is recorded and the criminals can then logon to your account at the legitimate Investec site.
To verify that you are at the correct site, refer to Site certificates. -
What are trojans?
Trojans, which take their name from the term “Trojan Horse”, are a type of computer virus that can be installed on your computer without your knowledge. Trojans are sometimes capable of installing a key logger, which captures all the keystrokes entered on a computer keyboard. Some Trojans seek to capture passwords entered on certain websites, by capturing keystrokes or taking screen shots of the sites you visit. This information is then sent to fraudsters over the internet.
Usually fraudsters will send out emails at random, encouraging you to click on a link in the email and visit a malicious website where the Trojan is installed. The emails are not only related to internet banking. They try to trick you into visiting the malicious website using a variety of excuses.
What are the minimum technical requirements for using Online Services?
Hardware requirements- Pentium or more advanced personal computer
- 56k Modem or higher for Internet connectivity
- 128 Mb or higher memory
Software requirements
- Windows 2000/XP (Windows XP with service pack 2)
- Screen resolution = 800 x 600 or higher
- Internet Explorer 5.5 or more advanced version
- Firefox 1.4 or more advanced version
- Mozilla 1.4 or more advanced version
- Netscape 6 or more advanced version
- Conqueror 3 or more advanced version
- Up to date anti-virus
- Adobe Acrobat reader version 6 or higher
-
Investec logon
The following screen images were generated using Internet Explorer 5.5 SP2. Your screen may look slightly different if you are using an alternative browser.
To ensure that you are connected to a secure Investec site, please verify that the lock at the bottom of the screen is displayed and the address https://www.secure.sso.za.investec.com/sso/page.cfm is displayed in the "Address" field of the browser at the top of the screen.
-
Site certificates
To check the site certificate:
- Double click on the lock at the bottom of the screen
- Click on the "Details" tab and then the "Subject" field
- Ensure that the certificate has been issued to Investec
- Click on the "Certification Path" tab to verify the status of the certificate.
-
General advice for home computers
As most viruses are transmitted via attachments to emails, be very cautious when you receive emails, especially from unknown people.
If you know the sender of an email but are not expecting the email, ask the sender if they meant to send it before you open any attachments. Their computer may be infected with a virus that has automatically sent itself to you.
If an email "appears" to come from your internet provider or Microsoft, be very cautious. Hackers are easily able to "spoof" an email to make it look like it comes from somebody else. Microsoft never sends updates via email.
Viruses (or virii) can also be transmitted via mechanisms such as MSN-Messenger, Yahoo-Chat and Kazaa. Again do not trust any files that are sent to you.
Change your passwords regularly and do not use words like your pet's name, partner/children's name or your hobby– (they are all easy to guess).
Install a personal firewall (see firewall section) and have an up-to-date anti-virus program to capture any viral programs that may be sent to you.
Keep your computer updated (Microsoft Windows has hundreds of bugs, which Microsoft issues fixes or patches for). Go to Microsoft updates.
If you receive an unwanted email saying "reply to unsubscribe", ignore this. The sender uses this to confirm your email address is valid - and send you more emails. -
Protect yourself against viruses
The most common way to receive a virus is via an attachment to an email.Attachments may appear to be word documents, spreadsheets or pictures but often contain malicious viruses.
We scan all emails using multiple anti-virus products to ensure they are not infected. If you use email at home, you should use an anti-virus product to protect yourself.There are many anti-virus products and some are available for home users free of charge.
- www.mcafee.com
- www.symantec.com
- www.grisoft.com
- www.bitdefender.com
With any anti-virus product, it is important to keep it up to date to protect against new viruses that are released. At present, the hacking community releases a new virus every day.Most commercial products (e.g. McAfee and Symantec) have a mechanism to update themselves automatically. The free products normally need to be updated manually. -
Install a firewall
Hackers also infect home computers by connecting to the computer while you are surfing the internet.
The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall.
There are several options on the market, again some free, some commercial. The commercial options are, however, not necessarily better.- www.mcafee.com
- www.symantec.com
- www.zonelabs.com
- www.sygate.com
The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your PC.
At first, the firewall may ask you what you want to allow in or out, but soon learns to make these decisions independently.The most important point is never to allow anyone from the internet to connect to your computer.
-
Clean up your machine
Once you have installed an anti-virus and a firewall, you are able to use certain products to clean your computer and remove any spy programs that have been installed.
Various websites use small programs to track your activity, and use the information to target you with advertisements. Ad-aware (from http://www.lavasoft.de/) removes all the tracking programs and cookies, restoring your privacy.
If your computer has been infected in the past, hackers often install backdoors (or Trojans) to allow them to take over your machine again. The Cleaner (from www.moosoft.com) detects and removes all known Trojans. This is a commercial product (US$30) but you are able to download a free trial.
Finally go to www.grc.com and follow the "shields up" links to see how your machine looks from the internet. This site scans your computer to show you how hackers see your PC. This shows how vulnerable you are if you do not have a firewall installed. Do not try this application at Investec as it will be unable to function through our firewalls. -
In summary
- Install an anti-virus program
- Install a firewall
- Clean up and remove all the spyware that hackers have installed
General disclaimer: This document is meant for general education purposes only and does not reflect Investec’s recommendation or support of any specific product or service. Unfortunately Investec cannot provide support for your home or personal computers.