Online security

Secure transactions – Secure access – Computer security

We have put in place a series of security measures so that you can bank online with complete peace of mind. All you need to do is familiarise yourself with the technologies we use and comply with the security rules set out below.

Accessing your Internet Banking

You need to enter a user ID and PIN code to access our online services.

User ID

Your user ID is issued by your Account Manager when you register for our online services.
Please contact your Account Manager immediately if you lose your user ID.

PIN code

Your PIN code is sent directly to your home address. Only you know it. You should never give your PIN code to anyone else for any reason or by any means (telephone, fax, email, etc.). You should not even give it to Orabank Group employees, who will never ask you for it.

Security measures

• Communications protocol: data sent between users and the Orabank server are encrypted using SSL 128 or SSL 256 bit encryption. Your web browser must be configured to allow this kind of encryption. This ensures that your connection is secure when you enter your user ID and PIN code, meaning that they cannot be intercepted by others. When entering sensitive data, check that you are on a secure webpage. The website address should begin with 'https://' (standing for 'http secure'), rather than 'http://'.
• Automatic logout: you will be automatically logged out if you have been inactive for 10 minutes. This security measure prevents others from accessing your accounts if you have left your computer without logging out. To log out of your account, simply click on 'Log out' once you have finished your online banking session.
• Cookies: we use cookies to make our website more secure. Cookies are small files that your web browser stores in your computer's memory to identify you and enable you to browse more quickly. We therefore recommend that you allow cookies for our website.

SSL TRANSACTION

SSL LINKS

Accessing your Internet Banking

You need to enter a user ID and PIN code to access our online services.

• Your user ID is issued by your Account Manager when you register for our online services. Please contact your Account Manager immediately if you lose your user ID.
• Your PIN code is sent directly to your home address. Only you know it. You should never give your PIN code to anyone else for any reason or by any means (telephone, fax, email, etc.). You should not even give it to Orabank employees, who will never ask you for it.

Failed login attempts

You have 3 attempts to enter your password. If you enter an incorrect password 3 times, then your password becomes invalid and your account is locked. Only your branch can reinstate your password.
For security reasons, passwords are never sent by email.

Automatic logout

You will be automatically logged out if you have been inactive for 5 minutes. This security measure prevents others from accessing your accounts if you have left your computer without logging out.
To log out of your account manually, simply click on 'Log out' once you have finished your online banking session.
If you want to log in again, you will need to re-enter your user ID and PIN code.

COMPUTER SECURITY

Keeping your web browser up to date

To use our Internet Banking service and get the most out of Orabank Group's website, we recommend that you use the latest versions of the following browsers :

• Microsoft Internet Explorer
• Mozilla Firefox

Update your browser regularly to protect your computer against security vulnerabilities.

Temporary Internet files

The webpages you view are stored in a folder on your computer's hard disk so that they can be displayed more quickly if you visit them at a later date.

• If there are no confidentiality issues regarding your computer, then allowing encrypted pages to be stored on your computer's hard disk will help to speed up access to secure webpages.
• However, if you want to ensure that your data remains confidential, then you will need to disable such storage of secure pages or delete temporary Internet files at the end of each browsing session.

Internet Explorer :

• To prevent secure webpages from being stored on your computer's hard disk, go to the 'Tools' menu, select 'Internet options', then the 'Advanced' tab. Under the 'Security' heading tick 'Do not save encrypted pages to disk'.
• To automatically delete temporary Internet files every time you close your browser, go to the 'Tools' menu, select 'Internet options', then the 'Advanced' tab. Under the 'Security' heading tick 'Empty Temporary Internet Files folder when browser is closed'. Remember to close your browser at the end of each session.
• To manually delete temporary Internet files, go to the 'Tools' menu, select 'Internet options', then the 'General' tab. Under the 'Browsing history' heading, click on the 'Delete' button and select 'Temporary Internet Files'. 

Fraudulent websites and emails

Spoofing is a technique where cybercriminals replace a website with a pirate version, some of which are easier to identify than others. Users are tricked into logging in to the wrong website.

Phishing : is where cybercriminals send out seemingly genuine mass emails, using the identity of a particular institution (generally a bank). These emails direct users, under various pretexts, to update their banking details or personal data by clicking on a link that takes them to a hoax website that looks exactly like the genuine one or has a very similar URL (e.g. www.orbank.net or www.oabank.net), where the cybercriminal can collect this data with the aim of using it to take money from the victim's account.

Pharming is a variation on phishing, the principle being to redirect Internet users to a hoax website with the same aim of stealing confidential data.

Keylogger are devices that record users' keystrokes (e.g. to gather login information needed to access a particular website).

There are a few simple precautions that you can take to guard against these kind of attacks :

• ask yourself why you have received the message;
• ask yourself whether the actions requested seem legitimate;
• check the sender's URL (look out for slight discrepancies with the official website);
• access websites from a link saved in your Favourites or retype the URL;
• proceed with extra caution if a website address contains an '@'.

Viruses and Trojan horses

Viruses are malware programs or codes that are generally contained in a commonly used file format and are stored within an operating system without its user's knowledge. The code can auto-execute at a specific time or when the software program is opened. The aim of a virus is to render the system unusable by destroying key files or swamping the machine's resources.

Trojan horses are programs that are inserted into a sequence of normal instructions. They look like genuine programs but have a hidden criminal function that allows them to bypass the computer system's security measures and hack files with the aim of viewing, changing or destroying them.

The only way to protect your computer against viruses and Trojan horses is to install antivirus software and update it regularly.

Generally speaking, if you think an email seems dubious or if it is unsolicited (e.g. it may come from a sender to whom you have never given your email address), do not open it and do not open or download any attachments if you are unsure of their content – even if the sender is known to you. Viruses can be sent from an email account without the account holder's knowledge.

What is 'spyware' ?

'Spyware' is a general term used to refer to software that carries out unwanted activities, such as displaying advertisements, gathering personal data or changing the configuration of your computer without your prior approval.