Capitec Internet Banking – Security Awareness Information

1.                       Internet Banking Security Features (What Capitec Bank Provides)

1.1                  Username and password

1.1.1               A user must provide the correct combination of username, password and token password generated by the Security Token to be able to sign in to Internet Banking.

1.1.2               A user will have three (3) opportunities to enter their username and password correctly. On the fourth failed attempt the user's account will be locked and can only be unlocked after Capitec Bank Client Care positively authenticated the user.

1.2                  Security Token

1.2.1               Capitec Bank is serious about the security and confidentiality of our clients' information. We therefore implemented the use of Security Tokens to authenticate you, the user, when signing in to Internet Banking.

1.2.2               The Security Token will provide you with a different Security Token password every time you sign in to Internet Banking. The token password is also called a one-time password (OTP).

1.2.3               If someone manages to see what you enter as token password, they will not be able to reuse it because it can only be used once to access Internet Banking.

1.2.4               It is extremely important to not let your Security Token lie around or to give your Security Token to someone else.

1.3                  Timeout 

1.3.1               If you sign in to Internet Banking and do not execute any actions in five (5) minutes, you will automatically be signed out and you will have to enter your username, password and Security Token password again before you will be allowed to continue.

1.3.2               This is to protect your data from other people if you forget to sign out and leave your PC unattended.

1.4                  Encryption

1.4.1               Communication between your Web browser and the Internet Banking website is encrypted and secured using SSL 3.0 encryption.

1.4.2               Capitec Bank uses an Entrust-signed Extended Validation SSL Certificate (EV SSL Certificate) for this encrypted and secured communication channel.  EV SSL Certificates give high-security Web browsers information to clearly identify a website’s organisational identity.  The latest browser versions display a green bar on the address bar.

1.4.3               The version of the browser that you use to access the website will determine the strength of the encryption that will be applied to the transmitted information.   The browser should support at least 128-bit strength encryption. 

1.4.4               Capitec Bank recommends upgrading to the latest released version of your browser.  For example, Microsoft Internet Explorer 7.0, Firefox 3.0, Opera 9.5, or later versions of these browsers support EV SSL Certificates and 128-bit strength encryption.

2.                       Security Tips (What you must do)

2.1                  Protect your sign in details

2.1.1               Never provide your username, password or Security Token to anyone, not even if they claim to work for Capitec Bank.  If someone posing to work for Capitec Bank asks you for this information, please contact our Client Care Centre on 0860 10 20 43.

2.1.2               Never respond to requests via Email, or pop-up screens that request you to enter you username and password. Capitec Bank will never ask you to provide your sign in credentials via Email, or on any computer screen except on the sign in page of our Internet Banking website.

2.1.3               Always sign out from the Internet Banking website before leaving your PC unattended.

2.1.4               Make sure that no-one can see what you are typing when entering your password. Be mindful of security cameras that may be recording what you key in on your PC’s keyboard.

2.1.5               If you receive an Email or SMS message and you are unsure if the source is Capitec Bank, contact our Client Care Centre on 0860 10 20 43.  Never click on or open any links in Email or SMSs that seem suspicious to you.

2.2                  Confirm that you are on the authentic Capitec Bank Internet Banking website

·         Make sure that the URL prefix exactly starts with <https://direct.capitecbank.co.za/ibank/>.

·         Make sure that your browser address bar has the green-bar Extended Validation SSL Certificate indicator on.  (The indicator is different depending on your browser.)

2.3                  Other precautions to take

·         Ensure that your Internet browser software version is updated to the latest released version and the required security patches for your operating system is installed.

·         Monitor your Capitec Bank accounts and report suspicious transactions to Capitec Bank immediately.

3.                       FAQ

3.1                  What is a certificate?

·         A digital certificate is the electronic version of an Identity Document (ID).

·         Like an ID, it is issued by a trusted third party.

·         To obtain this digital certificate, Capitec Bank had to go through a process where certain information regarding the company was confirmed.

·         Upon confirmation of this information an encrypted file was provided to Capitec Bank, which is unique to this specific website.

·         This digital certificate provides a tamper-proof source of information that will verify the identity of the website you are signing in to.

3.2                  What is an Extended Validation (EV) SSL Certificate?

·         Extended Validation or EV SSL certificates are the next generation SSL Certificate because they work with high security Web browsers to clearly identify a website's organizational identity. For example, if you use Internet Explorer 7.0, the address bar will turn green to identity this site as having an EV SSL Certificate. It will also display the padlock as an icon of trust. However, the address bar will not turn green if the website does not have an EV SSL Certificate.

3.3                  Who or what is Entrust?

·         Entrust is a trusted and independent registration authority who issued the Extended Validation SSL Certificate to Capitec Bank.

3.4                  What are the recent Internet Banking fraud scams?

3.4.1               Phishing

·         This scam involves Emails that seem to come from a valid source, but will prompt you to provide your username and password.

·         An example would be an Email, seemingly from Capitec Bank, which will include a link to a website or an attachment. If you click on the link or open the attachment, a pop-up screen will prompt you to enter some personal information (usually your username and password and/or credit card details). This information will then be sent to a fraudster who will be able to gain access to your Internet Banking information.

·         How do these fraudsters know that you bank with Capitec Bank? They usually don't. Fraudsters send out large volumes of Emails to random Email addresses.

3.4.2               Identity Fraud

·         Fraudsters use sophisticated software called spyware to record keystrokes on a client's PC. This information is then sent to the fraudsters who analyse the data and identify possible username and password combinations.

3.5                  What precautions are there against phishing?

·         Never enter your personal details on any website or pop-up screen other than the official Capitec Bank Internet Banking sign in page — always verify the authenticity of the sign in page by checking the digital certificate.

·         Capitec Bank will never send you an Email requesting you to enter any personal details. If you receive such an Email, even if the 'From' address on the Email indicates that it came from Capitec Bank, delete the Email immediately.

·         If you received such an Email and clicked on or opened the link or provided your personal details, contact Capitec Bank immediately and change your Internet Banking sign in details.

 

3.6                  What precautions are there against identity fraud?

·         Make sure that no-one has unauthorised access to your PC.

·         Do not open suspicious or unfamiliar Emails or SMSs. Never click on or open attachments that you were not expecting in an Email.

·         Monitor any shared folders on your PC closely, as this would be an easy way to install software without your consent.

·         Only install licensed software from reputable vendors on your PC.

·         Ensure that you have the latest version of antivirus software loaded on your PC.

·         Always keep your password secret. No employee of Capitec Bank is allowed to ask you for your password.