- You or colleagues could be tricked by phishing emails or vishing telephone calls into disclosing your password and details on fake banking websites, or to bogus callers.
- Fraud or identity theft caused by viruses or spyware, giving criminals access to your bank account and other personal information stored on your computer.
- Passwords or other confidential information should never be disclosed in response to an email, phone call or letter purporting to be from your bank or other financial institution – however authentic they may seem. Banks will never send you emails or call you asking you to divulge such information. Any communication from banks will use your actual name (not ‘Sir’ or ‘Madam’) and possibly another verification of authenticity such as your postcode or part of your account number. If you are unsure if an email is genuine, contact your bank via other means.
- Always make sure you are using a secure internet connection to connect to your bank. Look for ‘https’ at the beginning of the address and the padlock symbol in the browser frame. Remember, however, that this indicates only that the link between you and the website owner is secure, and not that the site itself is authentic. You need to do this by carefully checking the address for subtle misspellings, additional words and characters and other irregularities.
- Only ever visit your bank’s website by entering the address into your browser or using a bookmark you have created using the correct address. If you believe your details may have been compromised in some way, always contact the bank.
- Ensure you have effective and updated antivirus/antispyware software and firewall running before you log in to your back account.
- Use a different password and PIN for each website.
- Use strong passwords and PINs. Passwords and PINs should not be revealed to anybody else other than the person to whom they have been issued. They should not be written down or stored on computers or mobile devices.
- Consider setting up dual authority with your bank, especially for transactions over a preset limit which could be fraudulent.
- Be clear with your bank where liability for loss lies in the event of fraud. Read their terms and conditions and if in doubt, ask your bank’s business manager.
- If you receive a phone call purporting to be from your bank or other financial institution and you are asked to call back, always do so from another phone or wait at least five minutes before doing so. Fraudsters can hold the phone line open and even spoof phone numbers that appear on your caller display.
- If you notice any unusual transactions in your statement, report them immediately.
- Switch off paper statements and register for online banking with mobile alerts. Paper statements are easily intercepted and read.
- Get the latest Windows updates.
- You and your colleagues should never conduct online banking from public computers (for example, in an internet café)
- Be aware of ‘shoulder surfers’ viewing your screen.
- Do not imagine that soft (screen-based) keyboards are more secure than physical keyboards (in being immune to malware such as keystroke loggers). They are equally vulnerable.
Two factor authentication
Many banks use two factor authentication to obtain stronger evidence of who you are than simply using passwords. Two factors are ‘something you know’ (typically your user name and password) and ‘something you have’ which is either your bank card with a card reader, or else a standalone device like HSBC’s SecureKey. The code generated is personal to you, and different each time you log in.
Additional banking security software
Some banks offer additional security software specifically designed to protect you during online banking. It comes in the form of a free download from these banks and secures financial transactions in addition to your normal internet security software.
All banks carry online security information on their websites, including information about known frauds.
If you have been the victim of actual or attempted fraud, report it immediately to your bank and the Cyber Incident Response Team in the Ministry of Science, Energy and Technology: 876-929-8990-9 or the Communication Forensics and Cybercrimes Unit of the Jamaica Constabulary Force: 876-967-5948 or 876-922-3288