Security

Security for communications and transactions over the Internet, including Online Banking is an important and critical issue. We take Internet security very seriously and have made every attempt to ensure your private information is protected.

For important information regarding “Spyware”, click here.

Online Banking security

Accessing Online Banking
It is recommended that all customers use what is called and referred to as a "Scramble Pad" located on the Online Banking Log On screen to avoid detection of the Personal Access Code being entered or keyed.

The scramble pad uses letters that are randomly generated and correspond to a numeric digit, see example below.

Scramble Pad

As an example, if your Personal Access Code was "1234", the letters you would type into the Personal Access Code field on the Online Banking Log On screen would be "U T J D".

The scramble pad provides our customers with added security and protection from unknown software which may be installed on your computer that can record what numbers are keyed into Online Banking.

There are three main areas of security involved in Online Banking

The Bank, the Internet and your computer.

The Bank
To ensure your personal information is kept safe, the Bank has built a secure connection between bank systems and the Internet. This connection is secured by what is called a firewall. A security team constantly monitors the systems for suspicious activity, such as viruses, Trojans or attempts to break into it (hacking) and automatic alerts are generated if any suspicious activities arise. The Bank also subscribe to services that regularly report on any potential vulnerability so the Bank can take action to ensure new security risks are addressed accordingly.

The Internet
Personal information you send to the Bank is encrypted through Secure Socket Layer (SSL). SSL technology secretly encodes information that is sent over the Internet between your computer and the Bank, helping to ensure that the information remains confidential. After you've submitted your information online, it is recommended that you end your browser session before leaving your computer.

Your computer
It is recommended you install anti-virus software and a firewall on your computer. You should update the anti-virus software on a reoccurring basis. Additionally, it is suggested that you install all the latest patches for the operating system and browser. It is recommended you do not use Internet Banking until you are sure your anti-virus software and patches are up to date. Never install software or run programs of unknown origin.

General Internet / Online awareness

For more effective Internet protection, use a firewall between your computer and the Internet.
Regularly perform a scan for viruses on your computer.
Avoid using shared computers (eg. Internet Cafes).
Never leave your computer connected to the Internet when you are not using it.
You should regularly check your computer security and download the latest recommended security upgrades.
Make sure you, your family members and/or your employees know what to do if a computer becomes infected with a virus.
Be aware of your surrounding environment when using Online Banking.
Ensure you are the only person that knows your Customer Number and Personal Access Code.
Always look for the 'padlock' symbol at the bottom of your web browser and click on it to verify that you are using the correct webpage.
Do not respond to un-solicited e-mails from companies with which you do business requesting that you re-validate personal information or that link to Web sites requesting that you re-validate personal information. Should you receive such an e-mail, contact the company directly via phone or by typing in their home URL directly to determine the validity of the e-mail.
Do not click on
links
you receive in an e-mail message. Open your browser and enter the address directly.
If e-mails or Web sites contain typographical or grammatical errors, review them carefully as these are often signs of fraud attempts to compromise your information.
We advise not to open attachments or diskettes unless you are certain that you can trust the source.
If you think you may have provided information to a fraud perpetrator, contact us.

What is Secure Socket Layer (SSL)?
This is a well-respected technology developed by Netscape, Microsoft and RSA Inc that is supported by most browsers. The USA Government allows financial institutions outside the USA to use the strongest level of this technology. Therefore, as an added level of security the Online Banking applet is downloaded via Secure Socket Layer (SSL). The secure connection between your browser and the Online Banking system uses SSL. We have also implemented secure procedures and connections for protecting the server from unauthorised access.

What is Encryption?
Encryption is based on complex mathematics and is the transformation of data into an unreadable form. When you send and receive data from a secure site (https) you can be assured all communications are encrypted.

Online Banking has been examined by an independent company specialising in Internet cryptography and security consulting. Online Banking uses a combination of three well known and mature cryptographic algorithms. In the changing world of technology, we understand that while this technology is suitable for today, newer technologies may provide stronger security and greater convenience in the future. Hence, we are constantly reviewing newer technologies as they become available.

As soon as your Online Banking session commences, encryption of information is provided by an industry approved 128 bit cryptographic algorithm (triple DES), not normally available to the general public. This system is currently used to protect trillions of dollars in payment instructions and transactions worldwide each day. Every effort has been made to ensure the implementation is correct and secure.

How to tell if your data is encrypted

Check for the SSL secure connection symbol When you sign into Online Banking a secure session will be established between your computer and the Bank. You will not be able to connect to the Online Banking Log On page unless your browser connects with full 128-bit SSL encryption. You can confirm your Online Banking session is encrypted by ensuring a symbol of a lock appears at the foot of the browser.

The following table shows the various symbols that appear in different browsers when the data is being encrypted. This symbol should always be displayed when using Online Banking:

Data encrypted
symbol Data NOT encrypted
symbol

Netscape Communicator 4.77 and above

Internet Explorer 5.01 and above

Check the strength of the encryption
You can also view the security details in your browser to confirm you have connected using 128-bit encryption.

Verify you are connected to the legitimate website
It is important for you to be certain that your browser has connected to the correct Online Banking site. Every time you connect to Online Banking, the service sends your browser a piece of information called a "digital certificate". This certificate securely identifies the site you are connecting to, and is used to establish the encrypted session. You can view the contents of the certificate when you are connected.

When 'logging on' or entering personal information, look for the 'padlock' symbol at the bottom of your web browser. The 'padlock' symbol is a certificate of authenticity and ensures the site is secure. You can double-click the padlock symbol to view the certificate's details. For Microsoft Internet Explorer 5.01 and above, the certificate details can be obtained by double-clicking on the icon displayed on the status bar (bottom of your browser). For Netscape Communicator 4.77, click on the icon on the status bar and click the 'Page Info' button.

This certificate has been "digitally signed" by Verisign, the most recognised issuer of digital certificates in the world. Most browser software is written to automatically recognise any certificate "signed" by Verisign. Make sure you check the fields of the certificate. The Issuer field should contain a reference to Verisign. The 'Subject' field should always show the organisation as Bendigo and Adelaide Bank Limited.

If you have any concerns about the authenticity of our web site, contact the Bank immediately.

Browser Security

As a high emphasis is placed on security you will need to be using one of the latest browsers that supports 128-bit key encryption (such as Internet Explorer 4.0 or above or Netscape 4.07 or above) to access Online Banking.

The Bank cannot ensure against security flaws in the client browser used. Check the system requirements you need to make sure you're using an appropriate browser.

Changing your browser settings
If you have Microsoft Internet Explorer 5, start by selecting 'Tools'. Then follow these steps for both versions: 1. Select 'Internet Options'. 2. Choose the tab labelled 'Advanced'. 3. Tick the boxes stating 'Do not save encrypted pages to disk' and 'Empty Temporary Internet Files folder when browser is closed'. 4. Click on OK.

Please note: Netscape 4 is set by default to not save secure information on the hard drive.

Please note: From January 2003, VeriSign will no longer support the digital certificates installed in earlier versions of Internet Explorer 5.0 and below, or Netscape Communicator 4.6 and below.

For more information, or to see if you may be affected, please read our digital certificate information.

Privacy

The Bank is committed to your privacy, and the responsible use of information.

Read the privacy policy for further information.

Protection of your Account information
Rigorous security mechanisms have been implemented to ensure that your information and accounts are protected. The latest strong encryption technologies have been used to protect your data when being sent over the Internet. The Online Banking site uses public/private certificates to generate the security keys for your individual session.

Access to your account information is controlled using your Customer Number and Personal Access Code and it is therefore very important for you to protect your details. As information sent between your browser and the Bank is encrypted, it makes it very difficult for anyone to get your details from the Internet.

Never disclose your Personal Access Code to anyone (not even someone claiming to be from the Bank), and don't write it down or store it on your computer.

Ensuring your privacy is protected

Always Log Off (sign out) from Online Banking to close the active session. If you do not Log Off, but merely close the browser window the Online Banking session will remain active on the hard drive for seven minutes.
Close your browser after Logging Off at the end of each Online Banking session
Change your browser settings so that the secure pages you access are not saved on the hard drive

What to do if you think someone is using your accounts
Contact the phone number on your statement immediately. As a precaution, you should verify all transactions viewed in Online Banking against paper-based statements issued on accounts.

Firewalls
A firewall program resides on your computer. It adds Internet protection by creating a protective barrier between your computer and the outside world. This can prevent unauthorised people accessing the personal information on your computer. A firewall is seen to be essential for those that use their computers online, especially through the use of a cable modem.

When leaving your computer unattended, you should either shut it down or physically disconnect from the Internet connection. This lessens the chance that someone will be able to access your computer.

Email is one of the prime movers for malicious viruses. Regardless of how enticing the 'subject' or attachment may look, be cautious. Any unexpected email, especially those with attachments (from someone you may or may not know), could contain a virus and may have been sent without that person's knowledge from an infected computer. Should you receive an email of this kind and you are doubtful of its legitimacy, delete it.

Anti Virus Software
Anti-virus software is designed to protect you and your computer against known viruses. Best practice involves:

Checking for new virus protection software updates daily.
Scanning all the files on your computer periodically.

The importance of using a virus scanner - As new computer viruses are being detected all the time, we recommend that you always use the latest available virus programs on your computer. Specialised viruses could capture password keystrokes or other confidential information from your Internet sessions. To protect your computer against such viruses it is recommended you use a reputable virus scanner and that you regularly obtain anti-virus upgrades as they become available.

Software Updates
Security is essential in protecting your information on the Internet. To do this, check your software vendors' web sites on a regular basis for new security upgrades, or use the new automated patching features that some companies offer. The programs and operating system on your computer may have valuable features that make your life easier, but can also leave you vulnerable to hackers and viruses. You should evaluate your computer security on a regular basis.

Cookies and why we use them
What is a cookie?
A cookie is a message sent to your browser by a web server (in this case, the Bank's web server). Your browser stores the message in memory. This message is then sent back to the web server each time your browser requests a page.

Why we use cookies
Cookies are used in Online Banking as part of the identification process to ensure that a secure session is commenced each time you sign into the service. The Bank web server will send a cookie to your browser each time you sign into Online Banking. This cookie will be used to determine that you are who you say you are and provide you with your confidential account information.

The myths about cookies
Cookies are used to offer increased security when accessing Online Banking. You should note that despite common myths about cookies, any cookie that we send to your computer cannot read your hard drive, obtain any information from your browser, command your computer to perform any action, be sent to any site other than Adelaide Bank or be retrieved by any site other than the Bank.

What are the main types of cookies?
1. Session cookies - this type of cookie only lasts as long as your browser session or until a request is received from the web server you are connecting to. 2. Persistent cookies - this type of cookie is stored on your hard disk until it expires. The web server you are connecting to will set the expiry date.

Online Banking uses session cookies, which will only be present whilst you are connected to Online Banking. The cookie will be sent from the web server when you sign into Online Banking and will last for one hour or until you sign out (Log Off) from Online Banking.

Important Information regarding “Spyware"

The Bank has been advised by AUSCert, (the Australian Computer Emergency Response Team) of an industry wide vulnerability impacting some Online Banking customers with regards to their Internet Connection.

AUSCert has a website here at http://www.auscert.org.au/

It has been brought to our attention that some Online Banking customers may have had their internet connection compromised by a “Spyware” program.

The Spyware program is called MarketScore, and customers may not even be aware it is on their computer. This Spyware may compromise Online Banking.

MarketScore has redirected all of your internet traffic through a remote proxy server at MarketScore. Every web connection goes through a remote proxy server where everything you send and bring back via this connection (including 'secure' HTTPS connections such as Online Banking) is stored and analysed by MarketScore.

This issue is not unique to the Bank and as a precautionary measure we have disabled all access to Internet Banking that arrives via MarketScore.

It is recommended all customers review bank statements for unauthorised transactions and change all other online passwords once the Spyware has been removed.

It is also strongly recommended that we replace your Personal Access Code to protect your accounts in the future. This will restrict your access to Online Banking until you receive a replacement Personal Access Code in the normal mail.

To avoid detection of your Personal Access Code being entered or keyed it is recommended that all customers use the “Scramble Pad” located on the Online Banking Log On screen.

The scramble pad used by Online Banking uses letters that are randomly generated and correspond to a numeric digit.

The scramble pad provides you with added security and protection from unknown software which may be installed on your computer that can record what numbers are keyed into Online Banking.

To remove MarketScore Spyware from your computer, click here.

More Information

For more information relating to Spyware and other scams such as Phishing, Microsoft has published some excellent educational materials on their website.

Click here for more information from Microsoft.

Related Links

RSA Data Security Inc.
http://www.rsasecurity.com/
Provides detailed information on cryptography. The Support Centre includes a brief history of encryption and technical explanations of the algorithms and methods in common use today.

Netscape Security Centre
http://home.netscape.com/security/index.html

Microsoft Security
http://www.microsoft.com/security/default.asp

Microsoft Windows Update
http://v4.windowsupdate.microsoft.com/en/default.asp