Wednesday, 22 November 2017

Security Tips & User Guides

We would like to inform you that in the last period, the number of Malwares which were developed to target the banking information of the customers such as their personal information, accounts numbers, and Internet banking credentials (Usernames and Password) has noticeably increased.

How Personal Information are Stolen

After visiting un-trusted websites or installing software from malicious sources which will be delivered to the user as an email attachment or mentioned URL in the email body, the victim computer could be infected by viruses which enable the criminal to monitor the victim activities (visited websites, performed transactions, entered data, etc.) and steal all used data without the victim knowledge.

This will enable the criminal to access all banking online services by using the stolen credentials (Usernames + Password) and use the available functions such as fund transfer.

Important Advices for Our Valued Customers

  1. Use the Tow Factor Authentication Feature on our internet banking service which is called “One Time Password (OTP)”. This feature will send an SMS containing an additional password to your registered mobile number, every time you logon to the internet banking service.
  2. Install Anti-Virus software on your computer and keep it always up to date.
  3. Do not install Software from un-trusted sources, and do not brows suspicious websites.
  4. Ignore any email from unknown senders and delete it immediately
  5. Ignore any email asking to visit the Internet banking website by clicking an embedded link, and entering your username and password. It is always preferred to visit the Internet banking website by typing the address in the browser’s address bar.

Protect your banking information when using the internet banking service with these useful security tips.

Below are some security tips to protect your banking information.

  • We advise you to select a password that is made up of 15 numerical and alphabetical characters.
  • Change your password regularly.
  • Always maintain the confidentiality of your banking information, such as the username and password, and do not share them with anyone.
  • Disable the option of saving system access information from the browser and ensure that you enter the information every time you access the system, whether you are using the same computer, PDA or others.
  • Ensure that you do not write down the user name or password.
  • Select a password that is easy for you to remember but difficult for others, such as a password that includes a variety of digits and letters.
  • We would like to inform you that Jordan Kuwait Banks policy is not to send clients any confidential information by email, such as the password, or to ask the client for any private or financial information or to enter the PIN on a webpage that appears in an email. Therefore, Jordan Kuwait Bank advises clients to ignore such emails and immediately inform the bank about such incidents by calling the contact center at 06-5200999 / 080022066
  • Ignore any email, SMS, Fax or communication that asks to disclose personal or banking information or the password of your account and immediately inform the bank about such incidents by calling the contact center at 06-5200999 / 080022066.
  • Use a different password for every website you visit to ensure security.
  • Do not open internet banking website using cashed links on other websites or included in emails. We recommend that you type the address manually every time in your web browser.
  • Use your personal computer to access internet banking service and avoid using computers or the internet service in public places, such as internet cafes or free wireless connections.
  • Ensure that you log-out from the internet banking website when you finish your work or when you are leaving the location of your computer.
  • Lock your PC when unattended, press and hold the Ctrl, Alt, Del keys.

Protect your banking information when using ATMs by following these security tips.

A number of bank ATMs around the world were exposed and card information was stolen using fake components that are installed over the original ATM components, and they include:

  • The keypad
  • The card reader slot
    Here are some tips to avoid the compromise of your card information or PIN:
  • It is highly recommended to use the same ATM as much as possible. If you use the same ATM regularly, it is easier to notice any changes.
  • Be careful and observant when using another ATM (Notice the existence of strange object fixed over the ATM, existence of monitoring person, etc) and immediately inform the bank about such incidents by calling the contact center at 06-5200999 / 080022066.
  • Ensure that the keypad is leveled with the ATM and not protruding.
  • Ensure that the card slot is leveled with the ATM and not protruding.
  • Be aware of any small cameras placed at the front of the ATM to photograph the PIN.
  • Make sure to use the PIN Guard utility installed on our all our ATMs, and if you had to use an ATM with no PIN guard installed please make sure to place a piece of paper of an envelope to cover your hand when entering the PIN,
  • Wait for the ATM to return the card to you. Do not leave until you receive the money and the card or a bank notification indicating that the card has been withdrawn, should this occur. You may contact the numbers shown on the ATM's screen for assistance.

Protect your banking information when using your plastic cards with these useful security tips.

  • Ensure that you have received your PIN in a sealed envelope that has not been tampered with.
  • It is preferable to immediately change your PIN as soon as you receive the PIN and card from the Bank as well as change the PIN on a regular basis.
  • Notify the bank immediately if you lose the card and request that it is suspended by calling the contact center at 06-5200999 / 080022066
  • Keep the card in a safe place and do not allow anyone else to use it.
  • Do not keep the card and PIN in the same place. It is better to memorize you PIN.
  • Do not disclose information related to the card, such as its number or PIN, by email or websites or telephone calls.
  • When using the card over Point of Sale, watch the person who is entering the card on the Point of Sale system and enter the PIN yourself on the system and do not give it to the seller. Ensure that you take your copy of the receipt and verify the amount that was deducted and cover your hand while entering the PIN number.
  • When using credit cards on websites, ensure that you are dealing with secure and well-known websites (“Secure Websites” HAVE a lock icon) and note that it is preferred to use the prepaid card for online shopping.
  • It is advisable to be alert when traveling, particularly in countries where card hijacking occurs. It is better to change the card upon return from travel.
  • When using Point of Sale, ensure that there are no persons can monitor you in order to have the card number and the CVV / CVC
  • Destroy expired card by breaking them.
  • If you use a Visa card for online purchases, subscribe to Verified By Visa service for added security and privacy.

What is Social Engineering?

  • “Social Engineering" refers to the practice of manipulating people as to circumvent security systems and conduct fraud. This technique involves obtaining information people would not normally reveal to strangers.
  • Social engineering can take on a variety of forms, (e.g. telephone, email, written mail, fax, or Instant Messaging).

Social engineering techniques:

Spoofed emails can be identified by recognizing their distinguished form or composition, for example, a form of email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply

  • Phishing:
    • Phishing is a type of deception designed to obtain and use your personal data (e.g. credit card numbers, passwords, account data, etc.) for fraudulent purposes.
    • Con artists send thousands of “spoofed” e-mail messages (or even SMS messages) that appear to come from a source you trust, like your bank, and request from you to provide personal information via e-mail or redirect you to illegitimate websites, identical to the original, created by them for this purpose.
  • spoofed email
    • Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information, such as username and passwords. Most of the times, it includes links to fake sites and is used a as a medium to spread and carry out phishing attacks.
  • How do I identify a spoofed email?
  • Shred documents containing confidential information (e.g. credit card statement, PINs, account statement) when no longer needed
  • When traveling or while using your laptop in public places:
    • Keep your laptop with you and do not check it in with luggage.
    • Never leave your laptop in an open view in your car, lock it in your trunk.
    • Never leave your laptop unattended in public places.
    • Regularly monitor your account activity to detect any fraudulent transaction.