Online Services: Security
Why is online security important?
We place the highest priority on the confidentiality and security of your financial information and transactions.
To help make your banking experience easier and more convenient, you can manage many of your financial affairs online. As all online use carries risk, such as exposure to viruses and hackers, we’ll work with you to ensure your banking experience is as secure as possible.
We place our infrastructure and security measures, such as firewalls and encryption technology, under constant review to ensure they’re up to date and meet our stringent security requirements. We invest significant resources in maintaining the security of Investec Online Banking.
If you think a fraudster has your Investec Online Banking details, or that someone has accessed your account using Investec Online Banking, please contact us immediately.
General online security
As part of our commitment to your security, we offer you a safe and secure environment in which to carry out your online banking. To help you stay safe online, we’ve highlighted below some important and useful information about internet security.
Keystroke Logging
Keystroke logging (or keylogging) is the practice carried out by Keystroke loggers (or Keyloggers) to record all the keystrokes entered on a computer through your keyboard.
Keylogging is typically done in a covert manner, so the person using the keyboard is unaware their actions are being monitored. Criminals can intercept data captured by key loggers and use this data, for example passwords, to commit fraud online.
There are numerous keylogging methods, ranging from hardware- and software-based ones, to electromagnetic and acoustic analysis.
Software key loggers can either be installed directly on a computer or delivered via an email message. To protect yourself against fraud we recommend you regularly update your anti-virus and firewall software and run a scan at least weekly. There are a number of reputable anti-virus and firewall vendors available, including Norton and McAfee.
As an added security measure, products such as Lavasoft Ad-Aware notify you of any ‘spyware’ by scanning your computer regularly.
Hardware key loggers are installed on the cable between your keyboard and your computer. Retrieving data from this key logger is difficult and more advanced as the physical unit has to be removed to use the data. You can protect your data by being more aware of who has access to your computer and by avoiding using public computers for online banking.
Phishing
Phishing is where someone attempts to fraudulently acquire sensitive information such as usernames, passwords and credit card details. This is often done by someone masquerading as a trustworthy person or organisation. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a fake website, which appears almost identical to the legitimate one.
Phishing emails usually tell you to update or verify your customer account information. They then encourage you to click on a link in the email which takes you to a fake website. Any information you enter on the fake website will be captured by the criminals for fraudulent purposes.
Please note, we may send you emails from time to time. However, we will never send you an email asking for your security information or logon details, or direct you to a web page that asks for this information. We will also never send you an email with a link to Investec Online Banking.
For a quick way to tell if an email is genuine, check for your name at the top of the email. We know who you are so we will always greet you personally, but fraudsters are unlikely to know your name.
Spoofing
"Spoofing" is a practice that criminals use to lure you to their site, with the express purpose of defrauding online banking users and online shoppers. This is often done by intercepting your activity on a legitimate website and redirecting it to a spoofed website which looks like the real website. However, once you’ve entered your login information, it is recorded and the fraudsters can then use this to log on to your account at the legitimate website.
To check you’re using a legitimate website, refer to its Site Certificates. In modern browsers such as Internet Explorer 7 and Firefox 3, the security certification of a website will be visually displayed as a green indicator in your browser. See the section below on EV SSL for more information about how security certification works.
Trojans
Trojans, which take their name from the term “Trojan Horse”, are a type of computer virus that can be installed on your computer without your knowledge. Trojans are sometimes capable of installing a key logger, which captures all the keystrokes entered on a computer keyboard. Some Trojans try to capture passwords entered on certain websites, by capturing keystrokes or taking screen shots of the sites you visit. This information is then sent to fraudsters over the internet.
Fraudsters will usually send out emails at random, encouraging you to click on a link in the email and visit a website from where the Trojan will be installed on your computer.
These emails are not only related to online banking. Fraudsters will use any number of pretences to try and trick you. To protect yourself and your computer, use an anti-virus product, ensure it’s updated regularly and run an anti-virus scan at least weekly.
Social Networking
A social network service focuses on building online communities of people who share interests and activities. Most social network services are web- based and provide a variety of ways for users to interact. Social networking has encouraged new ways to communicate and share information.
The information we post is increasingly being used to illegally obtain products and services without our knowledge. The more information you give about yourself, the more vulnerable you become to fraud.
To protect yourself you should limit both the information you provide about yourself online, and the ability of people to access this information without your express permission. People give their full names, email address, contact numbers, date of birth, plus intimate details such as favourite holidays, place names, father’s and mother’s names. This is everything a fraudster would need to guess the passwords for your bank accounts.
Identity Fraud
Identity fraud involves fraudsters getting hold of key pieces of your personal information so they can pretend to be you. Fraudsters use these personal details to get financial services products in your name such as credit cards, loans, state benefits and mortgages, and documents such as driving licences and passports. Alternatively fraudsters can use your information to gain access to your accounts.
To protect yourself against identify fraud, assume that every piece of personal information you hold – written or online – is of value to a fraudster. Limit access to online pages that hold details about you, such as your profile page on social networks, to people that you trust. You should always shred rather than throw away any paper or cards with personal information on them.
How to protect yourself
To stay secure, please read the following recommendations for best practice online security options:
1. Install a personal firewall product
Hackers can infect home computers by connecting to your computer while you’re surfing the internet. The best way to protect your computer from unauthorised connections from the internet is to install a personal firewall. There are several options on the market, some of which are free.
The firewall sits between your computer and the internet and acts as a security guard, restricting what can enter and leave your computer.
At first, the firewall may ask you what you want to allow in or out of your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.
2. Regularly use an antivirus product, and keep it updated
These products can also scan for spyware and adware.
The most common way to receive a virus is through an attachment to an email. Attachments may appear to be word documents, spreadsheets or pictures but often contain malicious viruses. If you use email at home, you should use an anti-virus product to protect yourself and never open an attachment that has not come from a trusted source.
There are many anti-virus products and some are available for home users free of charge:
With any anti-virus product, it’s important to keep it up to date, so to protect against new viruses that are released. Most commercial products (such as McAfee, Kaspersky and Symantec) have a mechanism to update themselves automatically. The free products typically need to be updated manually.
The anti-virus product should also be scheduled to scan your computer regularly in order to detect and clean out any viruses.
3. Do not open unsolicited emails with attachments
These may contain a virus. Also, if you receive an unwanted email saying "reply to unsubscribe", ignore it. Senders can use this to confirm your email address is valid - and are then likely to send you more emails.
4. Review your “Sent items” folder
If it contains messages that have been sent without your knowledge, your computer may have a virus or may have been compromised
5. Update your operating system (Windows, Mac) and browser (Internet Explorer, Firefox, Safari)
Make sure your computer software has all the necessary security updates available from the vendor. It’s best to ensure this is done automatically.
6. Ensure no one has unauthorised access to your computer.
7. Destroy or delete anything containing login details or security information
Even if we sent it to you.
8. Never email, write down or tell someone your security information or logon details.
The only time you will ever need to enter your Investec Online Banking user ID, password and secret is when you log on to Investec Online Banking at investec.com.
9. Do not save login details on your computer
Disable, refuse or decline any on-screen prompt on your computer which asks if you wish the computer to remember any of your security information or logon details.
10. Avoid reusing the same security information
You should create and use different passwords for each service provided by us, another member of Investec Group or another service provider.
11. Don’t leave a computer unattended while logged on to Investec Online Banking
12. Change your passwords regularly
Avoid familiar names, numbers and places (such as birthdays and phone numbers).
13. Take account of any security information updates
We may send you these or publish them on the Investec Online Banking website.
14. Be aware of ‘shoulder-surfers’.
Shoulder surfing refers to people who use direct observation techniques, such as looking over someone's shoulder to get information. Shoulder surfing is particularly effective in crowded places because it’s relatively easy to watch someone as they fill out a form or enter their PIN or passwords at a cash machine or while using online banking.
15. Protect your printed or physical information just as you would protect your valuables.
This includes statements from financial institutions, shops and utility bills. Shred or destroy any personal documents you don’t need to keep.
16. Always log off from Investec Online Banking
It’s important to always end your session by clicking on the Log off menu item before closing the browser. Investec Online Banking does have an automatic timeout feature for security purposes, but we always recommend you end your Investec Online Banking session once you’ve completed your online banking activities.
Our technology
We use 128-bit encryption technology, which allows information to be transmitted between your web browser and the Investec Online Banking servers securely. It’s intended to prevent any third party from understanding the encrypted information. However, this encryption won’t protect you from all types of attack, such as key logging software or "spyware".
Extended Validation – Secure Socket Layer (EV SSL)
We have implemented a new security measure called EV SSL on Investec Online Banking to help protect you from phishing attacks and attempted online banking fraud.
EV SSL certification works with high security web browsers (such as Microsoft Internet Explorer 7 and Mozilla Firefox 3) to identify whether a website legitimately belongs to a company or whether it’s a fraudulent, imitation one. The Extended Validation is only issued to companies that comply with the prescribed stringent validation standards. This makes it difficult for fraudsters to have EV functionality on their websites.
How EV SSL Certification works
You need to have a modern web browser, such as Internet Explorer 8, Google Chrome, Apple Safari, or Mozilla Firefox, to use this functionality.
If you’re using such a browser, and the site is correctly linked to the EV SSL Certificate (i.e. it’s the genuine Investec Online Banking website) the address bar will turn green and a padlock will appear in the address bar with the wording Investec PLC [GB]
Your browser will look like this:
If you’re using Mozilla Firefox, and you’re accessing the genuine Investec site, the address bar will look like this:
Site certificates
To check the site certificate:
For Microsoft Internet Explorer 7 click on the lock next to address bar, click on “view certificate”, then the "Details" tab and then the "Subject" field.
For Mozilla Firefox 3, double click on the lock at the bottom of the screen and then click on “view certificate”.
Ensure the certificate has been issued to Investec Bank plc.
Click on the "Certification Path" in Microsoft Internet Explorer 7 or the “Details" tab in Mozilla Firefox 3 to verify the status of the certificate.
Security glossary
Anti-virus software
Anti-virus software detects and deletes viruses that try to get on to your computer. Your anti-virus program should be set up to regularly update itself with the latest anti-virus software and signatures.
Encryption
Encryption refers to the conversion of data into a coded form that can’t be understood by unauthorised people.
Firewall
A firewall is a program or hardware that provides a barrier between your computer and the internet. A firewall aims to prevent intruders or ‘hackers’ from gaining access to your computer.
Hacker
A hacker is a person who uses a computer to break into other computers to steal, change or destroy information. To protect yourself from hackers you should install firewall software on your computer and keep it up-to-date.
Popular personal firewall software such as ZoneAlarm Internet Security Suite from Zone Labs, McAfee Internet Security Suite, or Norton Internet Security can help to protect your computer.
Identity fraud
Identity fraud is when someone else steals your personal information without your knowledge. This information is then used to commit fraud.
Keylogger program
A keylogger program is a virus that can record the keys pressed on your keyboard while you’re using your computer.
Phishing
Phishing scams are emails that ask you to fraudulently provide personal information or follow a link to a spoof website. When you click on a link or enter your personal details, the information is sent to the fraudster. Phishing is a play on the word ‘fishing’ where someone casts a line in the hope that an unsuspecting person will take the bait.
We may send you emails from time to time. We’ll never send you an email asking for your security information or log on details, or direct you to a web page that asks for this information. We’ll also never send you an email with a link to Investec Online Banking. For a quick way to tell if an email is genuine, check for your name at the top of the email. We know who you are so we’ll always greet you personally, but fraudsters are unlikely to know your name.
If you think a fraudster has your Investec Online Banking details, or that someone has accessed your account using Investec Online Banking, please contact us (missing link) immediately.
Secure Socket Layer ('SSL')
'SSL' is a method of coding that enables private communication between a web browser and a web server. Many web sites use 'SSL' to ensure customer information, such as banking details, is kept secure. You can tell if you are accessing a secure web site by checking the address bar along the top of your screen. Simply ensure the address begins with ‘https’. On most browsers, you should also see an icon that looks like a closed padlock (indicating a secure session) at the bottom right-hand side of your screen.
Shoulder surfing
Shoulder surfing is a term used to describe someone watching what you’re doing on a computer or ATM. Beware of anyone standing or sitting closely behind you who may try to watch when you enter personal details.
Site certificate
Site certificates form an essential part of providing reassurance that the site you are visiting is genuine. A site certificate shows you that a secure connection has been established and secure communication can take place. It will also demonstrate that you’re not being tricked into entering your details on a fraudulent website.
'Spoof' websites
Spoof websites are fraudulent websites designed to look like legitimate ones. Email or phishing scams asking people to update their details will often contain links to spoof websites. If someone enters their personal or security details on a fraudulent website, fraudsters can then use these details to access that person’s accounts.
If you receive an email from an unknown source, or an email that contains unknown attachments or links, don’t open the attachments or click on the links. Instead, delete all suspicious emails.
We may send you emails from time to time. However, we’ll never send you an email asking for your security information or log on details, or direct you to a web page that asks for this information. We’ll also never send you an email with a link to Investec Online Banking. For a quick way to tell if an email is genuine, check for your name at the top of the email. We know who you are so we’ll always greet you personally, but fraudsters are unlikely to know your name.
Virus
A virus is a computer program that can embed itself into other programs on your computer, and may cause damage to your files. Email is a common way to spread viruses, and opening an unknown email can trigger the spread of the virus onto your computer.