Simple tips for safe online banking

Chris Kotze, CEO of FNB Online

Business banking has benefited enormously from the advent of the Internet, allowing companies to control their funds more closely, and to make payments and inter-account transfers rapidly, conveniently and at a low cost.

According to Chris Kotze, CEO of FNB Online, online threats include 'phishing', keyloggers and the potential for internal staff to abuse their positions to commit fraud. "While they may seem sinister and cause for concern, these problems can be neutralised by applying the right strategies when using online banking, making the use of such systems practically risk-free," he says.

Phishing

Explaining further, Kotze says, "'Phishing' involves the sending of a spoof email, or the use of a spoof website. These are fakes that are intended to trick the online banking user to part with their username and password, providing the thief with access to your online banking platform," he says.

His advice is simple: to avoid falling victim to phishers, remember that the bank will never, ever ask you for your username and password other than when login in to the official FNB online banking site. "Treat these like your ATM PIN number - never part with it. Also, check that the URL (the website address) is the correct one - a spoof site will have a variation - and also ensure that the padlock appears in the bottom right of your browser," adds Kotze.

Malware

Keyloggers are 'malware' - malicious software programmes - which record every key stroke typed on the keyboard, continues Kotze. "Such programmes attempt to provide the fraudster with a record of what is typed, from which he or she can identify and use the username and password."

Again, his advice to prevent malware's success is simple: "Make sure your operating system is licensed and up to date, and make sure that you never use the Internet without up-to-date antivirus software installed; perform regular antivirus scans to detect and remove any potential problems."

Tampering with remuneration confirmation

A new threat which has recently emerged - and which is a play on common cheque fraud - is the tampering with remuneration confirmation. When a transfer is made online, the system typically generates a .pdf file as a record of the transaction. Fraudsters submit such a document as 'proof' of a payment, and can succeed in wrongfully securing goods or services on that basis.

"There is a common perception that a .pdf document cannot be altered - however, this is not true. Users of online banking should therefore be aware of this new play on an old scam," cautions Kotze.

Internal staff

In terms of preventing internal staff from abusing banking systems, Kotze explains that the system architecture is designed to ensure that all transactions are valid and traceable. "From a business banking point of view, additional measures are taken to protect funds, since the people using the banking systems are often employees. For example, three password fields are required, and banks impose stringent rules to ensure that the chosen password is difficult to guess," he says.

Digital certificate

Then there is the digital certificate, which is an electronic means to verify the identity of an individual using a business banking system. "Only the person who has been assigned a digital certificate can use it; the nominees must therefore be trustworthy individuals in the eyes of the business, and the digital certificate becomes the identifier and is a legal assurance that it was indeed that person using the system. Digital certificates also provide an auditable trail for accountants to follow," Kotze explains.

Multiple authorisation

Within larger business environments, Kotze adds that further measures are available to ensure that no fraudulent transactions are made. "These include multiple authorisation for certain transactions, so one person cannot operate in isolation," he comments.

Transaction limits

Furthermore, online business banking systems typically include a wide range of filters that can be set to limit the potential for abuse - for example, limits can be placed on the number of transactions permitted on any account in a given period, while restrictions and conditions can also be placed in terms of transaction value.

"There are permissions and restrictions that can be introduced at various levels as to what can and cannot happen on the bank account; the level of policing offered is very high for the corporate client," he adds.

Kotze notes that convenience sometimes has to be compromised in the interests of security - but adds that with all these measures in place, in the six years that FNB has offered online business banking, its clients have suffered no loss due to system security having been breached.

"That's a good track record, but it's never good enough. We must constantly research the market for new or emerging threats, and always ensure that the customer's information and funds are fully secured," he concludes.

Simple tips for safe banking

1. Choose a username and password that cannot be guessed easily and change these regularly
2. Ensure your computer software is up-to-date.
3. Ensure that you have an updated anti-virus and spyware programme; perform regular system scans
4. Avoid using public terminals (such as Internet cafés) for Internet banking
5. Check that the URL in your browser is in fact the proper one
6. Check for the padlock in the lower right of your browser window (it indicates a secure site. You can click on this padlock to verify the authenticity of the site)
7. Never give your password over the Internet (by email) or over the telephone to persons purportedly from the bank
8. Don't trust a .pdf payment proof unless verified by the bank - these documents can be manipulated easily by fraudsters.