Security Guideline

Table of Contents

Security

Internet Security: Recommendations for Safe Surfing

The Internet is a public area and an excellent communications instrument. However, it is also susceptible to fraudulent activities. But with due caution you can largely eliminate the risks. These recommendations include a number of guidelines for navigating the Internet safely, and in particular some hints on how to use our eServices platform.

Security tips for using eServices

Always enter https://eservices.bordier.com in your browser

To get to the login page, enter https:/eservices.bordier.com in your browser. Then the following URL will appear in the address bar of your browser:

Do not use any links from a website or an e-mail that lead you direct to this URL.

Always ensure that you are on a secure website before submitting your information via your web browser. It will be “https://” rather than “http://” and it will contain a padlock icon on the status bar at the top of the browser.

Pay attention to padlock in status bar and “https” sites

We process data to provide banking and financial services in the context of the performance of contracts signed with our clients or to take pre-contractual measures in connection with an application. The data is primarily processed in a manner consistent with the product concerned (e.g. bank account, credit, securities, deposits), in particular to assess needs, provide advice, asset management and assistance, and to execute transactions. You will find further information about the purpose of data processing in the general terms and conditions of the Bank.

Always leave eservices.bordier.com via the logout button

Leave eServices using the logout function. Simply closing the browser window is not sufficient to terminate the secure Internet connection. Do not save your online banking login details on the browsers by clearing your browser’s cache and history after each session.

Never tell anyone your user-id and password, store one-time-signature devise safely

Bordier & Cie provides users with a user-id and password as well as the One Time Signature Devise (Smart Card and Calculator) so that they can access eServices. The user-id is defined by Bordier & Cie and sent to the user by hard mail. The password is sent by separate cover, and must be personalized by the user the first time they log in. We recommend changing your personal password regularly. The new password must have between 8 and 16 characters. You should avoid personal telephone numbers, dates of birth, car license numbers, etc. Do not under any circumstances save the password on your computer or reveal it to anyone else. Please note that for security reasons, Bordier & Cie will never ask you for your password by phone, e-mail, letter, SMS or social media. Always keep the One Time Signature Devise provided to you by Bordier & Cie in a safe place.

Bordier & Cie shall be entitled to consider any person who gains access to the eServices using the above to be an authorised used without further inquiry or investigation. Consequently, any loss or damage sustained by you by reason of an unauthorised access to the eServices shall be borne by you, and you will indemnify Bordier & Cie against all loss, damage, costs or expenses incurred by the Bank as a result of the provision of the eServices.

Bordier & Cie should be informed immediately in the event of loss, disclosure, theft, fraud, misuse of the above.

Always use a device that you can trust

Do not use a shared computer or device that cannot be trusted for internet banking such as the computer at an Internet café and other public places. These devices may be installed with certain software that could capture your personal information without your knowledge and approval. If you have to use such shared computer or devise, never leave the PC unattended, always leave Bordier & Cie eServices via logout, and make sure you clear the browser cache.

Cookies

Do not use a shared computer or device that cannot be trusted for internet banking such as the computer at an Internet café and other public places. These devices may be installed with certain software that could capture your personal information without your knowledge and approval. If you have to use such shared computer or devise, never leave the PC unattended, always leave Bordier & Cie eServices via logout, and make sure you clear the browser cache.

Do not open aditional browser windows

Even when you have a secure Internet connection (https://), opening additional browser windows can give other people access to your computer. If at all possible you should avoid non-https sites for online transactions.

Different e-mail addresses for different purposes

We recommended using your regular e-mail address for communicating with people and companies that are known to you. But if you absolutely have to communicate with unknown websites, to reduce spam you should create an alias for your e-mails and use this alias for e-mail correspondence with these unknown websites.

Different SSL Certificate Warning Messages

General rules of behaviour on the Internet

Warning: fraudulent e-mails (phishing)

“Phishing” e-mails are sent by conmen to lure surfers on to fake web pages designed to look like the websites of service providers such as banks and financial services companies. Users are asked to reveal passwords and access information, which the conman then uses to gain access to their account. Please also note that you should never send details of your secret eServices information via e-mail. Bordier & Cie will never ask you for such information by e-mail or letter. For this reason you should ignore e-mails asking you to reveal confidential data, even when the sender of the e-mail seems familiar.

SMS Spoofing

SMS spoofing uses the short message service (SMS) to set who the message appears to come from by replacing the originating mobile number (sender ID) with alphanumeric text. Spoofing has both legitimate uses (setting the company name from which the message is being sent, setting your own mobile number, or a product name) and illegitimate uses (such as impersonating another person, company or product).If you suspect any SMS spoofing, you should notify Bordier & Cie immediately by calling your Relationship Manager.

Bordier & Cie will never request for your personal details via SMS.

Spyware

It is a software inserted onto your computer that collects information about you and your internet traffic. It usually gets stored onto your computer unknowingly when you download software, games, screensavers, etc. from unknown websites and it claims to improve your computer’s performance. It can be used maliciously to gain access to your confidential personal data such as your passwords, PINs and internet browsing history.

you have installed any software that claims to speed up your internet connection, or have additional third-party toolbars on your browsers, then you may be using software that has the ability to track your internet sessions. We recommend that you uninstall this software.

Keylogging

Keylogging is a form of Spyware online fraud where the keys inputted on a keyboard is captured, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

The using of One-Time Signature generated by your Devise (Smart Card and Calculator) is keylogger safe as each PIN is invalidated as soon as it is used. Install anti-spyware applications which are able to detect and disable/cleanse keylogging software.

Keylogging on mobile phone captures and transmit information including email, SMS and keystrokes on the cell phone without the user of the phone being aware of it. Think before downloading applications. Review the privacy policy and understand what data (location, access to your social networks) an application can access on your device before you download it.

If you did not expect any message or connection attempt to your mobile device, take precaution by declining the connection as this may be an attempt to send a malicious program to your mobile device. Always decline such attempts in connection when in doubt.

Avoid downloading Bordier & Cie Mobile application from any site unless it is from the Apple App Store.

Pretext Calling

Pretext calling is defined as a deceptive means of obtaining personal information and unauthorised disclosure of customer financial information. Fraudsters may pretend as bank officers to obtain your account number or credit card number and other information required. Upon obtaining such information, the fraudsters may call your bank posing as you, using the information stolen to take over your identity in order to perform transactions using your account.

Another form of pretext calling is when fraudsters request victims to confirm transactions that were purportedly made on victims’ credit cards. When victims inform fraudsters that they do not have such credit cards, the victims are provided with a fake Bank telephone number in order to lodge a report. Upon calling, the fraudsters will request for victims’ personal information which will subsequently be used for fraudulent activities. Be aware that Bordier & Cie will never request for your personal or financial information through SMS or telephone calls and will never ask anyone to transfer money to any third party account.

Monitor and pay attention to your regular credit card and bank statements to ensure your transactions are accurate.

Do not share personal information, such as account numbers, passwords, National Registration Identity Card (NRIC) number and other personal information over the telephone, email, SMS or internet, unless you know who you are dealing with.

Store your personal information in a safe place and shred your old account statements, and any other correspondences prior to disposing them.

Pharming

Pharming is a scamming practice in which a malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Pharming can be conducted either by changing the host file on a victim’s computer by exploitation of a vulnerability in DNS server software. If you access websites which requires your personal information, ensure the website address has a https:// in its URL.

Telephone Tapping

Telephone Tapping is the unauthorized monitoring of telephone and internet conversations and/or key tone by a third party. Telephone Tapping is possible on a public switched telephone network and can be difficult to detect. To minimize the risk, consider disabling your mobile telephone’s Bluetooth connection to prevent any unauthorized access to signal sent from and to your telephone.

Protect your PC

Keep your virus protection software up to date

Install an anti-virus program on your computer and ensure that updates are downloaded regularly (at least once a week). Most programs have an automatic update function. These will help prevent unauthorized access to your computer.

Update your browser and operating system

Reporting