Security

Prevx SafeOnline

WesBank is serious about security! In addition to the multiple layers of security already available, we also offer all website users a free software program that can protect you from being phished and prevent spyware from stealing your banking login details.

Why do I need this?

WesBank has partnered with Prevx, the providers of SafeOnline, allowing the FREE download of SafeOnline for all WesBank Online users.
This software will give you the protection you require while on all secure sites - not just on Online Account Services!

Prevx SafeOnline helps to:
  • safeguard your credentials whilst on a secure online site
  • protect your Online Banking access details and personal information
  • protect you against activities such as phishing and keystroke logging
  • protect you against fraud
  • alert you when you are on a phishing site
  • alert you of any viruses, spyware etc. on your computer
What can I do with this?

With Prevx SafeOnline you can surf the web, purchase goods, make payments and do transfers online without the stress of worrying whether someone else might be monitoring your behaviour and planning to steal your money or identity.

You can have the peace of mind that you'll be alerted when you are on a phishing or non secure site.

You can opt to purchase the full Prevx SafeOnline solution which will disinfect your computer when any viruses, spyware etc. are detected.

What will it cost?

Prevx SafeOnline is absolutely free to Online Account Services users.

Should you wish to purchase the full anti-virus software provided by Prevx this can be done via Prevx's website: http://www.prevx.com

Do I qualify?

Yes, all Online Account Services clients qualify for the FREE download of Prevx SafeOnline.

What do I need to do?

Login to Online Banking and follow the steps in the Help Section.

Legal

Existing Online Account Services Terms and Conditions apply.

Data protection - supply of information to the bank

In its continued effort to improve your Online Banking security, the Bank may obtain, from Prevx, information relating to security threats on your computer which is important in assisting the Bank to monitor and identify such security threats. In downloading and installing the Prevx software, you authorise Prevx to disclose the information to the Bank and you consent to the Bank receiving and using the information. The Bank undertakes to keep the collected information confidential.

Contact Details

For more information, you can contact our Online Help Desk on 0861 000 969 or E-mail: online@wesbank.co.za


Stay Secure

  • using public terminals (such as Internet cafes) for Internet banking.
  • Be aware of the higher risk of interception during a wireless connection. Only do your banking via a wireless hotspot if you are certain of the integrity of the connection.
  • Ensure that you have an updated anti-virus and spyware program and perform regular system scans.
  • Login to Online Account Services or Online Banking Enterprise and download Prevx SafeOnline for FREE.
  • Never access the site via a link. Rather type the address into the browser address bar or save the address as a 'Favourite'.
  • Do not open other websites while logged into Internet Banking - only have a single browser window open.
  • Choose a User ID and password that cannot be easily guessed and change these regularly.
  • Ensure your computer software is up-to-date.
  • Check for the padlock in the lower right of your browser window (it indicates a secure site). You can click on this padlock to verify the site "owners".
  • When you complete your online banking tasks, log off and close the browser window.
  • Never provide your password over the Internet (by email) or over the telephone to anyone (including persons identifying themselves as bank officials).
  • Don't trust a PDF payment proof unless verified by the bank - these documents can be manipulated by fraudsters.

Online Terminology

  • Anti-spyware program: This is a program that protects your PC against spyware and helps to keep your computer and personal details secure. e.g. Prevx Safe Online.
  • Browser: Browser software provides you with the means to view a web page. Without browser software, you would not be able to surf the Internet.
  • Computer virus: A computer virus is a piece of code that is secretly introduced into a system in order to corrupt it or destroy data. Often viruses are hidden in other programs or documents and when opened, the virus is let loose
  • Cookies: This is a collection of information, usually including a username and the current date and time, stored on the local computer of a person using the Internet. It is used by websites to identify users who have previously registered or visited the site.
  • Encryption: Encryption converts data into an encoded form before it is sent over the Internet. This prevents unauthorised access to the information. At WesBank, we use 2048-bit Secure Socket Layer (SSL) encryption to secure your information.
  • Firewall: Any of a number of security schemes that prevent unauthorised users from gaining access to a computer network or that monitors transfers of information to and from the network or personal computer.
  • Identity theft: This is the crime of obtaining the personal or financial information of another person for the purpose of assuming that person's name to make transactions or purchases.
  • Keystroke logging: This involves the capturing of information that you type on the keyboard by installed hardware. This is often used by fraudsters to capture personal details including passwords.
  • Secure Socket Layer (SSL): This is a protocol that provides a high level of security for communication over the Internet.
  • Spam: Unsolicited email, often of a commercial nature, sent indiscriminately to multiple mailing lists or individuals.
  • Spyware: This is software that secretly gathers information about a user while he/she navigates the internet. This information is normally used for advertising purposes. Spyware can also gather information about email addresses and even passwords and credit card numbers.
  • Trojan horse: This is a program that disguises itself as another program. Similar to a virus, these programs are hidden and cause an unwanted effect. They differ from viruses because they are normally not designed to replicate like a virus.
  • Virus: A computer virus is a piece of code that is secretly introduced into a system in order to corrupt it or destroy data. Often viruses are hidden in other programs or documents and when opened, the virus is let loose.
  • Worm: This is a special type of virus that spreads without any user interaction, typically by exploiting a flaw in popular software.

Protect Your Computer

  • If you are using a PC and need to walk away from it for any reason, log off or lock your workstation.
  • Select passwords that would be difficult for others to guess and change then frequently.
  • Do not give your password to anyone, or leave written notes with your password near your machine.
  • Report any suspicious activity on your PC to the appropriate person.
  • Download Prevx SafeOnline for FREE from our WesBank website.
Protect Your Email

Any email is at risk of being intercepted, and you should never send sensitive information (passwords, etc) via email.

Tips for staying safe:

  • Do not provide your email address to third party websites, without understanding how your email address will be used.
  • Never send sensitive information via email.
  • Avoid opening unidentified email messages with attachments.
  • Prevx SafeOnline can assist to protect your credentials when online.
  • Remember Your Site Padlock.
  • When you visit a website (especially a transaction website) you should look for a padlock in the browser window.
  • The padlock indicates that you are in SSL (secure socket layer) mode, which means that every request or information that you send from the browser to our secure site is encrypted (scrambled and encoded).
  • WesBank uses Entrust Digital Security to encrypt information.
  • The Entrust Site Seal makes it possible for our Online Banking customers to transact and share information free of worry.
  • Prevx SafeOnline assists by providing an icon on top of your web browser bar in a specific colour to guide you when accessing different sites:
  • * Red = reported phishing site
  • * Blue = non-secure site
  • * Green = secure site
What Browser Do You Use?
  • There are many kinds of browsers and the WesBank website is designed to be accessible via all main web browsers and browsing devices.
  • We recommend that you use the latest version of your preferred browser. The most up-to-date version of your preferred browser is normally available as a free download from the relevant browser manufacturer's website.
  • The latest versions of browsers are more secure than older versions, which is particularly important when doing your banking via the Internet.
  • Most Windows based PCs are preinstalled with Microsoft Internet Explorer (IE), therefore it is the most commonly used browser. Because of this, IE is the browser most attacked by viruses and spyware.
  • If you use IE it is particularly important to run a virus scanner regularly and keep it updated with the latest security patches from Microsoft.
  • Other good browsers for Windows PCs, such as Opera and Mozilla Firefox, are available free of charge.
  • Prevx SafeOnline assists to protect your browser i.e. your entire online experience.
Is Your Browser As Safe As you Think?
  • Browsers can remember or cache information, that being a page or an image from a website.
  • This makes Internet surfing quicker because when you return to a web page, the browser can present a stored page without having to request the page from the server again.
  • For security, all WesBank Online Aoccount Services pages are delivered with instructions to the browser not to cache (remember) the information.
  • While most browsers obey these instructions, Internet Explorer (IE) ignores them and under certain circumstances you may view a cached page of information.
  • Prevx SafeOnline assists to protect your browser i.e. your entire online experience. An icon in a specific colour appears on top of your web browser bar to guide you when accessing different sites:
  • * Red = reported phishing site
  • * Blue = non-secure site
  • * Green = secure site
  • To prevent this make sure that IE has the following settings:
  • * >Tools > Internet Options > Advanced > Do not save encrypted pages
  • * >Tools > Internet Options > General > Settings > Automatically
  • * >Tools > Internet Options > Advanced > Empty Temporary Internet Files folder when browser is closed
  • Download the latest security updates and patches.
  • From time to time, weak spots are discovered in programs running on your PC. The vendor would then release a patch to fix this weakness.
  • To check for patches and weaknesses, visit the vendor's website on a regular basis.
  • Login to Online Account Services or Online Banking Enterprise and download Prevx SafeOnline for FREE.
Be good to your password

Believe it or not, to make your online banking experience more secure, our system will block you from entering a password that is too simple. Read our password rules below:

  • Passwords must be a combination of upper and lower case letters, at least one special character and one number.
  • Passwords must be a minimum of 7 characters and not exceed 30 characters.
  • The same character cannot be used consecutively, e.g. aardvark.
  • New passwords cannot be the same as the previous 12 versions.
  • Passwords must not be similar to User ID.
Install and maintain antivirus software
  • A virus is a malicious program that can destroy data on your computer and slow your computer's performance.
  • Viruses are often received via email and to protect your PC, you should install anti-virus software and run regular scans and remember.
  • Make it a habit to never open email attachments from unknown sources.
  • Be cautious when downloading and running programs, as they may contain unsecured data, which cannot be filtered by firewall or anti-virus software.
  • Prevx SafeOnline works on top of any anti-virus software and alongside all other security products that you may already be using. However, unlike anti-virus software, it is designed to protect login details such as your User ID and Password, as well as other personal credentials like your name, ID number and bank account details when banking, shopping and social networking online.
Protect your identity
  • If you think that no one would be interested in your personal information, think again. In the wrong hands, it can provide unauthorised access to your accounts and credit card.
  • Identity theft happens when a criminal obtains your personal information to steal money from your accounts, open new credit accounts, apply for loans, rent apartments and commit other crimes - all using your identity.
  • These acts can damage your credit rating, leave you with unwanted bills and cause countless hours of frustration to clear your name.
  • How do they do it? Fraudsters phish, they spoof, they log keys, engineer socially and organise 419 scams.
  • Prevx SafeOnline is designed to protect login details such as your User ID and Password, as well as other personal credentials like your name, ID number and bank account details when banking, shopping and social networking online.
Don't just download and share files
  • File-sharing occurs when you download software that connects your PC to an informal network of other computers running the same software.
  • By doing this, you can share information (music, games and software) with millions of users.
  • Sounds tempting, but you should be aware of the risks. By downloading this software, you could unwittingly allow access not just to the files that you intend sharing, but also to confidential information on your hard drive.
  • You could also unintentionally download material protected by copyright, or pornography labelled as something innocent.
Firewalls protect your PC
  • In simple terms a firewall monitors for outside attempts to access your system and blocks communication from specified sources.
  • Some operating systems (like Windows) come with a built-in firewall.
Protect yourself from spyware
  • Spyware is a type of computer program that is installed on your PC without your knowledge or consent. This is done either by tricking you into installing the spyware or by someone who has access to your computer.
  • Spyware is designed to steal personal information such as your banking login details (your username and password). The spyware then sends this information onto the criminal. Spyware can steal more than your banking information and can be used to steal your email, instant messaging and monitor websites that you visit.
  • Spyware is designed to evade detection. This means that your anti-virus will not necessarily detect it. In addition some products only detect underground spyware and not commercial spyware.
  • To keep yourself safe, do not run applications sent to you in an email.
  • Do not respond to tweets or messages on other social networking sites from people you don't know, especially those enticing you to download software.
  • In addition run an anti-spyware program to detect and protect you from spyware.
  • Keep up to date with the current scams going around (that try and get you to install spyware.
  • Make sure you understand the protection options offered to you by WesBank and use them to maximize the protection on your account.
  • Prevx SafeOnline prevents spyware from stealing the user's login details on any secure site including, but not limited to, Online Banking. This includes login to sites such as SARS eFiling, web mail and social network sites such as FaceBook and Twitter.

Credit Cards

Protect Your WesBank Credit Card at ATMs
  • Criminals use various different means to commit fraud at ATMs. For example, they could jam the machine and then try and appear helpful with the intent of getting hold of your card and PIN.
  • Remember, a criminal must have both your card and PIN to be able to draw money from your account.
Stay safe and remember:
  • Avoid using ATMs in secluded areas.
  • If you feel unsafe at an ATM, return later or use another machine.
  • Only enter your PIN when the ATM screen instructs you to
  • Stand close to the ATM and block the view with your hand.
  • Never write the PIN on the card.
  • Always check that you get your card back from the machine.
  • Don't count your cash at the ATM.
Shopping Online

If you use a credit or debit card to shop online, remember the following pointers:

  • Only provide your card information to reputable companies and for single purchases.
  • Check that the site is a secure shopping site - indicated by a padlock in the bottom right-hand corner of the browser.
And always remember...
  • If your personal details change, please tell us.
  • If you cancel a card, destroy it by cutting it up.
  • Keep your bank statements and cheque books safe.
  • Shred sensitive information.
  • Read your bank statements.

Useful Websites

Symantec Security Response
Vulnerabilities
Threats and Risks
Security for the real world
Recently Discovered Viruses

Types of Scams

Spyware Scams

Currently customers are receiving emails with the Subject line: "Payment Notice" or "Quote". When they open these emails, the email contains an attachment in a compressed file. When the customer double clicks on this compressed file there is a file normally called payment notification.exe and can have the words [application] next to it. Do not run this exe. In all likelihood it is spyware and will compromise your Online Banking. Should you receive this or believe you have spyware on your computer contact the WesBank Risk department at: https://www.fnb.co.za/security-centre/contact-us.html. Please report all phishing emails to risk.online@fnb.co.za Emails encouraging users to update their computer software by clicking on a link are also being sent out. Do not click on these links as they normally lead to sites that download spyware rather than software updates. A fake "Acrobat Reader / Adobe flash" email is currently popular. It is a good security practice to update your computer software, but do this via the automatic options your software provides and not via a link in an email.

Phishing

This is a form of fraud where criminals attempt to access your confidential information. This is done either by an email request for information or by luring you to a fake website.

In both instances, the fraudster would pretend to be from a legitimate company (for example the bank), and would ask you to disclose confidential financial and personal information - like passwords, credit card account numbers and ID numbers.

Golden Rules

Never access the site via a link. Rather type the address into the browser address bar or save the address as a 'Favourite'.

If you suspect that your confidential information has been compromised, please do not hesitate to contact our dedicated Fraud Team on 087 575 0011 for
assistance, or email risk.online@fnb.co.za

Never reply to email that:

Requires you to enter personal information directly into the email or submit that information some other way.

Threatens to close or suspend your account if you do not take immediate action by providing personal information.

Solicits your participation in a survey where you are asked to enter personal information.

States that your account has been compromised or that there has been third-party activity on your account, and requests you to enter or confirm your account information.

Asks you to enter your User ID, password or account numbers into an email or non-secure web page.

Asks you to confirm, verify, or refresh your account, credit card, or address information.

The most important thing to remember is not to interact with the sender of the email, and definitely do not enter any of your personal or account details. Remember, WesBank would never ask for sensitive information via email.

Spoofing

Spoofing happens when a fraudster builds a website to mimic another company's website. Not only does the site look similar, but it also has a similar address or URL.

The aim here is to trap unsuspecting customers to transact on the fake website. This fake address would normally be sent via email communication as a clickable link.

WesBank's website address is www.wesbank.co.za and no other website can have the same address. So as long as the above address is in your browser you are on the legitimate site.

Key-loggers

Fraudsters are constantly searching for better ways of committing fraud. One way involves collecting information by using key-loggers and installing these onto computers.

A key logger is a device that captures your key strokes on the keyboard, enabling the fraudster to access your passwords and other personal information.

To prevent this from occurring:

Physically check for key-loggers on the back of your computer each time you log on.

If possible, avoid using vulnerable machines for Internet banking, such as those at Internet cafes.

Skimming

With regards to cards, fraudsters use 'skimming' devices to obtain information. The fraudster simply swipes the card through the device and thereby obtains your information illegally.

The fraudster downloads the information from the device onto a computer and then uses this to manufacture a fraudulent card.

Tips to prevent this occurring:

Never allow anyone else to handle your WesBank Credit card.

Never let your card out of your sight, for example at a restaurant.

Social engineering

This is a term that describes a ploy used to gain information that compromises an individual's or company's security.

Fraudsters befriend unsuspecting people and trick them into revealing passwords or other information.

It is difficult not to fall into the trap of an experienced social engineer, as they exploit the natural tendency of people to be trusting.

The best precautionary measures are to follow the security procedures at your workplace, be aware of your environment and the people therein and don't discard sensitive information without first destroying it.

419 scams

A 419 scam disguises itself in various forms and has become one of the most used schemes to trick people into being victims or accessories to crime.

The fraudsters who introduce these schemes base their efforts on the naivety and greed of people.

The important thing to remember is - if it sounds too good to be true, it probably is.

Cheque fraud

On average, a cheque is handled by up to 20 people from the time you make it out to the time your branch pays it. This means that there are numerous opportunities for the cheque to be intercepted (especially when cheques are posted).

Customers can also be defrauded when accepting a cheque or bank deposit when selling goods. Often the cheque or the deposit turns out to be fraudulent. If you are a seller, never release goods until you are certain that the payment is valid.

Always wait for the funds to be cleared before releasing goods, even if it seems to be a bank-issued cheque. While the cheque may appear to be genuine, fraudsters have even gone so far as to print their own cheques. The cheque could also be stolen. Even if the cheque is genuine, there are certain circumstances when bank-issued cheques will not be honoured.

Never accept a faxed bank deposit slip as proof of payment. Amounts and details can easily be changed to reflect a higher value or that it is a cash deposit.

Check with your bank first that the correct amount has been deposited and whether the deposit is cash or cheque. If it is a cheque deposit, wait until the cheque has been paid (usually this will take seven days) before you release goods.

Some sensible safety tips:

When you write out a cheque, use a ballpoint pen instead of a pen with more erasable inks like fountain pens or felt tip pens.

To prevent unauthorised additions and/or alterations, start writing as close as possible to the left-hand margin. Leave no gaps and draw a line through unused spaces.

Any cheques that you don't want to cash should be crossed. To ensure that a cheque is paid into the intended beneficiary's account, the cheque must be marked with the words Not Transferable between two transverse lines.

Always keep your chequebook in a safe place to prevent anyone else from using it.

Always keep your chequebook separate from your credit cards, ATM cards or any other document that bear your signature. If a thief gets hold of your chequebook, but does not have a sample of your signature, a forged signature will probably not resemble yours.

All paid cheques that are returned with your bank statements should be kept in a safe place because they contain your signature. Fraudsters may even try to re-use these cheques.

Make a habit of doing monthly reconciliations on the cheques you have issued.

Regular recons should be done on all unused cheques in a chequebook against a counterfoil or carbon copy records.

Report a stolen chequebook to your nearest FNB branch as soon as you discover that it's missing. You can also stop a cheque via Online Banking.

Avoid posting cheques. If you need to post a cheque, place it in a non-transparent or dark envelope without any staples / paper clips, which can be felt.

Never leave any cheques that have not been completed or fully signed lying around.

There are lots of other payment methods that are safe and convenient and can even save on bank charges. These alternatives include Visa Cheque Cards, Visa Electron debit cards, Internet, Telephone and Cellphone Banking, ATM payments, debit orders and future dated payments.

Payment confirmation

When you receive a printed, faxed or emailed proof of payment you are advised to check that the funds are actually in your account, or in the case of a cheque that the funds are cleared. Fraudsters can relatively easily manipulate these documents and defraud you.

How this scam works:

The fraudster will advise the client that a cash/electronic deposit will be made into the client's account and fax or email a copy of the deposit slip or proof of payment to the client.

The fraudster then deposits a fraudulent cheque or does an electronic payment into the client's account and alters the deposit slip or proof of payment confirmation.

The fraudster the faxes or emails the altered deposit slip or proof of payment to the client.

In some cases, the fraudster will tell the client that an overpayment was made and request a reimbursement.

SIM card swapping

SIM card swapping is a form of fraud where criminals request your cell phone service provider (SP) to transfer your existing cell phone number onto a new SIM card by pretending to be you, or pretending to act on your behalf. They usually have a copy of your ID (authentic or falsified) and other details that may convince the SP that the request is legitimate.

Once they have illegally assigned your cell phone number to their SIM card, they will receive all your calls and sms notifications, which include your inContact and One Time Pin (OTP) messages. Your phone will stop receiving any incoming calls or messages, but SIM swap victims usually only notice this when it is too late.

The fraudsters usually use SIM card swapping as part of an extensive process which includes phishing. By the time they have swopped SIM cards, they usually already have enough of your personal banking details (login and password etc.) to transact on your online banking account - with the sms OTP as the last link in the chain.

Fraudsters are then able to add beneficiaries to your account and transfer money to accounts of their choice, and can authorise such processes with the OTP messages sent to the fraudulent SIM card.

Our golden rules:

If your phone suddenly loses signal for no apparent reason, don't simply ignore it. Contact your service provider immediately and find out whether a SIM swop has taken place. It's better to be safe than sorry!

If your SP confirms that a SIM swop has taken place. Instruct them to deactivate your SIM card immediately and to follow the steps required when a SIM card has been stolen.

Promptly contact our dedicated Fraud Team on 087 575 0011 for assistance.

Protect yourself

Anyone is at risk of becoming a victim of a SIM swop, and you should never disclose any sensitive information such as login details, passwords, etc.

Tips for staying safe:

Always be aware of your cell phone's status. If you realise that you are not receiving any calls or sms notifications, something may be wrong.

Have your SP's numbers written down somewhere close by. This way you can phone to check whether anything suspicious has taken place.

Make a habit of checking your bank statements and online banking transaction history regularly. This way you will notice when any unauthorised activity has taken place.

Familiarise yourself with the tips on phishing.

Below is a list of service providers/network operators to contact when you notice anything suspicious:

MTN 123 STOP (123 7867)

Vodacom 082 1946

CellC 084 140

Virgin Mobile 0741 000 123