Contact us | Clean Security | Help

 

You are here: Home » Clean Security » General Security Tips

 
 

General Security Tips

As part of our security commitment we have outlined a number of general safety tips we recommend you practice when dealing with your financial institution. These simple tips can reduce your risk of financial or identity fraud:

Everyday accounts

  • Contact us as soon as possible when you change your address.
  • Do not disclose personal or account information over the phone unless you initiated the call.
  • Always check your statements and report any unauthorized transactions to a CEDB branch near you.
  • Never allow strangers to transact through your account for their own purposes.
  • Never accept money in return for allowing others to transact through your account.
  • Never pre-sign withdrawal forms.

Cheques

  • Keep your cheque book in a safe and secure place.
  • Never pre-sign cheques.
  • When posting cheques in the mail, cross the cheque 'not negotiable' and where possible, send it in a plain envelope not a window faced envelope.
  • Do not use pencil to write your cheques. Use a black pen.
  • If your cheque book has been lost or stolen, Contact us immediately or advise your local branch.

Card skimming

Card skimming is the illegal copying and capture of magnetic stripe and PIN data on credit and debit cards. Skimming can occur at any bank ATM or via compromised POS (Point of Sale) machines, where, captured card and PIN details are encoded onto a counterfeit card and used to make fraudulent account withdrawals and transactions.

ATM Skimming

Fraudsters can attach false casings and PIN pad overlay devices onto genuine existing ATMs, or they can attach a camouflaged skimming device onto a card reader entry used in tandem with a concealed camera to capture and record PIN entry details.

POS skimming

A foreign device is implanted into a POS machine that is capable of copying and capturing card and PIN details processed through the machine. A compromised EFTPOS terminal can only be detected by a physical inspection. However, you may witness suspicious merchant behavior that needs to be immediately reported.

Examples of suspicious merchant activity

  • Your card is taken out of your sight to process a transaction
  • You card is swiped more than once
  • Your card is subsequently swiped through a second EFTPOS terminal

How to spot an ATM Skimming Device

Before you insert your card into any ATM, take a moment to check for evidence that the ATM has been compromised with a skimming device. The three areas to inspect are:

  • ATM casing
  • Card reader entry where you insert your card
  • PIN pad buttons you use to enter your PIN

What to look for

  • ATM casing
    • Foreign objects attached
    • Evidence of damage or tampering
    • Panels that don’t fit snugly together
    • Holes in the casing panel may indicate that a camera has been inserted
  • Card reader entry
    • Any object placed over the card reader. A skimming device is often “piggy backed” onto the existing card reader.
    • Card entry slot not straight
    • Glue or tape residue around the card reader entry
  • Keypad
    • Keypad is loose and not fitting flush with the rest of the ATM
    • Keypad is a different color to the rest of the ATM

If you see any of these signs on an ATM or POS machine, immediately report it.

ATM Where to report
CEDB Contact us
Other Banks Bank Personnel or Security Guard

Securing your debit card usage

  • Ensure that no one can observe you entering your PIN when using the ATM or making a POS purchase.
  • Always cover your hand with your other hand when entering your PIN.
  • Be discreet when withdrawing cash at an ATM.
  • Keep your card in sight when making an POS transaction.
  • If a shop assistant wants to swipe your card out of your sight, ask why this is necessary.
  • If a shop assistant claims it is necessary to swipe your card in a second machine, immediately ask for your card to be returned to you.
  • EFTPOS receipts should be kept secure. Destroy them if not needed.
  • If you believe an ATM or POS has been tampered with, do not use it. Immediately report it the right authorities.

Phishing & Email Scams

Phishing is a scam where hackers 'fish' for your personal details by using hoax emails claiming to be from financial institutions. This method continues to be favored by online thieves. Hoax emails claiming to be from banks are often generated overseas and are sent in bulk. The email asks the recipient to provide sensitive information such as their username, password, customer registration number or PIN by providing a link leading to a fake website, enabling thieves to gather the details for later fraudulent use. This technique can involve sending hoax SMS or phone calls claiming to be from CEDB or other major Nepalese banks.

You can minimize your chances of being a victim of Phishing scams by:

  • Typing 'www.cedbl.com' into your Internet browser to log on to Internet Banking.
  • Treating all emails, text messages and phone calls requesting personal information such as username, password or PIN with extreme caution. Authentic CEDB emails, SMS or phone calls will not request personal details or log on information.
  • Immediately deleting emails and text messages of unknown origins, no matter how innocent or provocative the subject headings sound.
  • Changing your Internet banking password on a regular basis.
  • Keeping your anti-virus, firewall and other software and firm ware up-to-date and perform regular scans of your computer.

Please be aware of email scams such as the examples provided below. We cannot list all of them, however as a rule of thumb, if the offer seems too good to be true, it probably is.

  • Nigerian Scam: Fraudsters have been sending out letters inviting individuals to participate in a scheme that ultimately turns out to be nonexistent. Usually, the letters purport to be from a government official who needs help in distributing millions of dollars out of the country in return for a cut of the money. Recipients of the letters are required to divulge bank account details and forward tens of thousands of dollars in 'advance fees'.
  • Spanish Lottery Scam: Victims of this scam receive a letter advising them they have won a large prize from the 'Spanish Lottery'. In order to collect the prize, they must send money before a certain date to a bank account in Spain to cover the cost of traces, bank fees, delivery and insurance costs.
  • Email Employment Scam: Victims of these scams are asked to provide their bank account details to prospective employers with the view to facilitate transfer of funds to overseas parties. In return, the victims are compensated by a commission payment. However, the funds transferred have been obtained fraudulently. Do not provide bank account details to any prospective employer until you are satisfied that the employer is genuine and/or you have signed a contract of employment.
  • Be aware of other scams, such as spam e-mails, chain letters and people claiming to be representatives of government departments, financial institutions or other businesses.
  • Do not give or send your name, bank account details, copies of your passport, birth certificate or any other personal details to anyone other than for legitimate purposes.
  • Be suspicious of any correspondence received from overseas advising you to forward large sums of money or that you have won a prize.

Identity theft

Identity theft occurs when a person steals an individual or company's personal information. This information can then be used to fraudulently open accounts with financial institutions, obtain credit, purchase goods or services and even obtain passports and drivers licenses.

There are steps you can take to prevent your details from being misused:

  • Don't give away your personal details to anyone who does not have a legitimate reason to have them.
  • Ensure documents such as your driver's license and passport are kept in a safe place.
  • Be cautious if you are contacted by telephone, fax, post, email or in person and asked for details such as your date of birth, mother's maiden name, PIN or password. CEDB will never contact you to verify details in this way. Offer to ring back any suspicious callers.
  • Destroy any documents showing your name, address or other details before throwing them away.
  • Avoid using your mother's maiden name as a security password. Where possible try not to use the same password for different accounts.
  • If you move home, inform all relevant organizations of your change in address straight away to make sure all your accounts move with you.

Some warning signs that your identity may have been stolen are:

  • You receive bills, invoices or receipts addressed to you for goods or services you haven't ordered or letters from solicitors relating to debts that aren't yours.
  • You receive letters relating to applications for accounts, goods or services you haven't made or statements for accounts in your name that aren't yours.
  • There are transactions on your statements that you don't recognize.
  • Important identity documents, such as your passport, driver’s license or utility bills have gone missing.
  • There are new accounts appearing on your credit file that you don't recognize.
  • You receive no post at all.

Social networking websites

Treat social networking websites such as Face book, Twitter and LinkedIn in the same way as face-to-face meetings. Do your friends really need to know your date of birth, mobile number, employer or home address? You might want to consider limiting profile access to your close friends only. Fraudsters can search your profile for anything they can use for crime and may be able to obtain enough information to identify themselves as you.

Secure your computer

Being protected means three things:

  • Having protection on your computer in the first place.
  • Checking for new Internet security protection software updates daily.
  • Scanning all the files on your computer periodically including incoming and outgoing emails.

Ensure to:

  • Run an up-to-date Internet Security Package (antivirus, antispyware, firewall)
  • Enable Automatic Updates for your Operating System and other software (also known as “patches” or “security updates”)
  • Stay secure by regularly checking for web browser (Internet Explorer, Mozilla Firefox, Safari) updates.
  • Use a current Web browser. The newest browsers will maximize your security.
  • Always logout of Clean Banking using the logoff at the top right of the screen
  • Always close your browser window immediately once you have logged out. Open a new browser window to continue surfing the Internet
  • Make sure your family members and/or your employees know what to do if a computer becomes infected.
  • Report any suspicious activity on your account immediately to CEDB.

Use PCs and software from trusted sources. Avoid installing programs and opening unsolicited email attachments from people or organizations that you do not know. Avoid using public computers for secure transactions, as you may be unable to check for the latest anti-virus software.

When using the Internet, including Internet Banking, always try to use hard-to-guess passwords. Ensure you are the only person that knows your user name and password. Remember the five golden rules of passwords.

  • Do not choose a password that is easily identified with you (for example, your date of birth, telephone number or your name or any part of it).
  • A password should have a minimum of eight characters, be as meaningless as possible and use uppercase letters, lowercase letters and numbers, e.g. xk28LP97.
  • Change passwords regularly, at least every 30 days.
  • Do not give out your password to anyone! Be wary of unsolicited calls or emails requesting personal information or card numbers. Neither CEDB nor the police would ask you to disclose PIN’s or password information.
  • Try not to write your password down even if it is disguised, attempt to memorize it instead.

For more effective Internet protection, try using a firewall as a gatekeeper between your computer and the Internet.

A firewall is a piece of software or hardware that filters all Internet traffic between your computer and the outside world. It works to either block or permit Internet traffic to and from your computer. You can use the Firewall to better protect your home or business computer and any personal information it holds from offensive websites, spam and unauthenticated logins from potential hackers.

When using a public computer, remember to:

  • Be wary of your surroundings and ensure no one is observing you when entering in your user name or password.
  • Never click the 'save my password/details' option sometimes offered.
  • Never change security details such as your password in a public place (i.e. libraries, Internet cafes).
  • Never leave your computer unattended or idle for long periods of time.
  • Always log out from your Internet banking session when you have finished and close the browser.
  • Use computers that have anti-virus software installed.


Media

Expand »

Clean Circle

© 2011 Clean Energy Development Bank Ltd, Nepal. All rights reserved.

Site map | Careers | Shareholders Hub | Disclaimer

F1