Capitec Internet Banking – Security Awareness Information
1.Internet Banking Security Features (What Capitec Bank Provides)
1.1Username and password
1.1.1A user must provide the correct combination of
username, password and token password generated by the Security Token to be
able to sign in to Internet Banking.
1.1.2A user will have three (3) opportunities to
enter their username and password correctly. On the fourth failed attempt the
user's account will be locked and can only be unlocked after Capitec Bank
Client Care positively authenticated the user.
1.2.1Capitec Bank is serious about the security and
confidentiality of our clients' information. We therefore implemented the use
of Security Tokens to authenticate you, the user, when signing in to Internet
1.2.2The Security Token will provide you with a different
Security Token password every time you sign in to Internet Banking. The token
password is also called a one-time password (OTP).
1.2.3If someone manages to see what you enter as
token password, they will not be able to reuse it because it can only be used
once to access Internet Banking.
1.2.4It is extremely important to not let your
Security Token lie around or to give your Security Token to someone else.
1.3.1If you sign in to Internet Banking and do not
execute any actions in five (5) minutes, you will automatically be signed out
and you will have to enter your username, password and Security Token password
again before you will be allowed to continue.
1.3.2This is to protect your data from other people
if you forget to sign out and leave your PC unattended.
1.4.1Communication between your Web browser and the
Internet Banking website is encrypted and secured using SSL 3.0 encryption.
1.4.2Capitec Bank uses an Entrust-signed Extended
Validation SSL Certificate (EV SSL Certificate) for this encrypted and secured
communication channel. EV SSL Certificates give high-security Web browsers
information to clearly identify a website’s organisational identity. The
latest browser versions display a green bar on the address bar.
1.4.3The version of the browser that you use to
access the website will determine the strength of the encryption that will be
applied to the transmitted information. The browser should support at least 128-bit
1.4.4Capitec Bank recommends upgrading to the latest released
version of your browser. For example, Microsoft Internet Explorer 7.0, Firefox
3.0, Opera 9.5, or later versions of these browsers support EV SSL Certificates
and 128-bit strength encryption.
2.Security Tips (What you must do)
2.1Protect your sign in details
2.1.1Never provide your username, password or
Security Token to anyone, not even if they claim to work for Capitec
Bank. If someone posing to work for Capitec Bank asks you for this
information, please contact our Client Care Centre on 0860 10 20 43.
2.1.2Never respond to requests via Email, or pop-up
screens that request you to enter you username and password. Capitec Bank will
never ask you to provide your sign in credentials via Email, or on any computer
screen except on the sign in page of our Internet Banking website.
2.1.3Always sign out from the Internet Banking
website before leaving your PC unattended.
2.1.4Make sure that no-one can see what you are
typing when entering your password. Be mindful of security cameras that may be
recording what you key in on your PC’s keyboard.
2.1.5If you receive an Email or SMS message and you are
unsure if the source is Capitec Bank, contact our Client Care Centre on 0860 10
20 43. Never click on or open any links in Email or SMSs that seem suspicious
2.2Confirm that you are on the authentic Capitec Bank Internet Banking website
·Make sure that the URL prefix exactly starts with <https://direct.capitecbank.co.za/ibank/>.
·Make sure that your browser address bar has the green-bar Extended
Validation SSL Certificate indicator on. (The indicator is different depending
on your browser.)
2.3Other precautions to take
·Ensure that your Internet browser software version is updated to
the latest released version and the required security patches for your
operating system is installed.
·Monitor your Capitec Bank accounts and report suspicious
transactions to Capitec Bank immediately.
3.1What is a certificate?
·A digital certificate is the electronic version of an Identity
·Like an ID, it is issued by a trusted third party.
·To obtain this digital certificate, Capitec Bank had to go
through a process where certain information regarding the company was
·Upon confirmation of this information an encrypted file was
provided to Capitec Bank, which is unique to this specific website.
·This digital certificate provides a tamper-proof source of
information that will verify the identity of the website you are signing in to.
3.2What is an Extended Validation (EV) SSL Certificate?
·Extended Validation or EV SSL certificates are the next
generation SSL Certificate because they work with high security Web browsers to
clearly identify a website's organizational identity. For example, if you use
Internet Explorer 7.0, the address bar will turn green to identity this site as
having an EV SSL Certificate. It will also display the padlock as an icon of
trust. However, the address bar will not turn green if the website does not
have an EV SSL Certificate.
3.3Who or what is Entrust?
·Entrust is a trusted and independent registration authority who
issued the Extended Validation SSL Certificate to Capitec Bank.
3.4What are the recent Internet Banking fraud scams?
·This scam involves Emails that seem to come from
a valid source, but will prompt you to provide your username and password.
·An example would be an Email, seemingly from
Capitec Bank, which will include a link to a website or an attachment. If you
click on the link or open the attachment, a pop-up screen will prompt you to
enter some personal information (usually your username and password and/or
credit card details). This information will then be sent to a fraudster who
will be able to gain access to your Internet Banking information.
·How do these fraudsters know that you bank with
Capitec Bank? They usually don't. Fraudsters send out large volumes of Emails
to random Email addresses.
·Fraudsters use sophisticated software called
spyware to record keystrokes on a client's PC. This information is then sent to
the fraudsters who analyse the data and identify possible username and password
3.5What precautions are there against phishing?
·Never enter your personal details on any website
or pop-up screen other than the official Capitec Bank Internet Banking sign in
page — always verify the authenticity of the sign in page by checking the digital
·Capitec Bank will never send you an Email
requesting you to enter any personal details. If you receive such an Email,
even if the 'From' address on the Email indicates that it came from Capitec
Bank, delete the Email immediately.
·If you received such an Email and clicked on or
opened the link or provided your personal details, contact Capitec Bank
immediately and change your Internet Banking sign in details.
3.6What precautions are there against identity
·Make sure that no-one has unauthorised access to
·Do not open suspicious or unfamiliar Emails or
SMSs. Never click on or open attachments that you were not expecting in an Email.
·Monitor any shared folders on your PC closely,
as this would be an easy way to install software without your consent.
·Only install licensed software from reputable
vendors on your PC.
·Ensure that you have the latest version of
antivirus software loaded on your PC.
·Always keep your password secret. No employee of
Capitec Bank is allowed to ask you for your password.