Security Awareness - Online Financial Services

Please note the following recommended best practices for safety while using online services.


Online services often require the entry of a user identifier and password (or PIN) combination to gain entry. The protection of these user credentials is extremely important, especially for sensitive services like those with financial implications. To ensure the privacy and safety of your password, please consider the following:


The workstation is the means through which sensitive information and instructions get passed to online services. It is therefore very important that workstations are free from vulnerabilities.

Make sure the workstations used are strengthened and protected:

  1. Preventative maintenance using updated anti-virus software with the latest virus, trojan and spyware signatures.
  2. Keeping operating system and browser software updated, including security patches. Periodically updating all installed software.
  3. If possible, disabling or removing services that are not needed.
  4. Installing a personal firewall if transactions are to be made using workstations that are outside the company firewall.

Practice safe computing:

  1. Do not allow unauthorized people to have physical access to the workstation.
  2. Do not run unknown software on the workstation.
  3. Do not leave the workstation unattended when you are logged into any services.
  4. Always log out from online sessions when no longer required.
  5. Close browser sessions or clear browser cache immediately after logging out of online sessions.
  6. Check that the VM internet banking website address changes from http:// to the secure mode of https:// and that a security icon that looks like a lock or key appears on the bottom of the web page after logging on and before making sensitive transactions.
  7. Use a browser that supports the SSL 128 bit or higher encryption standard.
  8. Use the latest browser supported by the online applications.
  9. Choose appropriate browser settings, e.g., disable Active-X control and/or allow Java-Applets only after additional confirmation.