Golden rules for safe e-commerce
Following these nine golden rules will help you avoid and significantly reduce the likelihood of scams:
Install additional security software and adjust security settings
- Operating systems do not provide all security tools, so it is wise to install additional security software such as an antivirus program that protects your device from viruses, worms, and Trojan Horses.
- Quality security software should provide a firewall which constantly monitors all ingoing and outgoing data on your device, and will block unknown and unauthorized sources.
- Do not use administrator user accounts to log in to your device. This account is only necessary for the first installation of desired software but is not required for daily use of the device. This will make it harder for malware to work.
- Do not disable or remove the security settings. Certain devices, such as tablets and phones, have OS-level security installed to further protect apps. Without this protection, devices are more vulnerable to malicious activity that can lead to theft of personal data and result in financial damage. For this reason, never access online or mobile banking services from devices where such protection has been removed (a “rooted” or “jail broken” device).
- Ensure protection from unauthorized access. For PCs, we recommend setting a password longer than 16 characters and changing it at least every 90 days. There are various solutions for mobile phones and tablets such as PIN, "graphic password", password, biometric methods, etc. We recommend using at least one of the listed methods.
- Protect the data on your mobile devices. With newer mobile devices, such protection is enabled in the initial settings when one of the methods of protection against unauthorized access and theft of personal data (password, PIN, fingerprint ...) is selected. With older mobile devices, such protection must be enabled and set separately.
Never reveal passwords, PINs, and other means of accessing your devices to others!
Choose up-to-date software from trusted sources
Make sure the software on your devices is up to date and that all security fixes are installed. This particularly applies to your operating system, antivirus program, and apps through which you access online and mobile banking services (apps and web browsers). Any security breach increases will increase your device’s vulnerability and chance of becoming infected or scammed.
The most common mistakes users make:
- Ignoring messages about new security fixes and disabling automatic update checkers.
- Newer software has an automatic update checker. Make sure the update checker is turned on and, when you get a new update alert (for the operating system, apps, browsers, etc.), complete the installation immediately.
- Old definitions of antivirus programs: Installing an antivirus program is not enough. New forms of malware emerge every day, so it's important to make sure your antivirus software can detect these too. Most programs have automatic updates, but it is wise to regularly check that your antivirus program uses the latest definitions.
Make sure data is transmitted via secure links
- Any data transmission via insecure links may be intercepted and examined by a third party.
- In online and mobile banking services, data is protected before every submission, preventing unauthorized interception. However, make sure you only enter PINs, passwords, and other sensitive data on secure websites and via secure links.
- You can tell a connection is secure when the web address (URL) begins with “https://” and there is green text in the address bar, indicating that the web address is trusted.
- If this is not the case, suspicion exists it is a fraudulent website which is trying to access confidential data. In this case, do not continue working. Close your browser immediately!
- For all communication and correspondence with the bank, we recommend that you use the functions available in the online and mobile services.
We recommend that you request bank statements and other bank notifications as part of the features offered in our range of mobile and online banking solutions.
Make sure you know who you are communicating with online
- A skilled hacker can easily fake an email or create an entire fake webpage that looks exactly like a real one. Therefore, make sure that you regularly access the web address "https://www.bankain.si" through your web browsers and that there is green text in the address bar indicating that the web address is trusted. Any slight deviation from the real address may mean that the website is fake.
- Only enter confidential date when you are sure who the recipient is and you know the purpose of use. Pay attention to any deviation from normal use, such as requesting a PIN expectedly.
- One modern way to gain unauthorized access to confidential data is known as “phishing”. This is usually done by sending a fake email in which the online bank asks users to visit a specific page and enter data (such as a PIN), under the pretext of some change in business policy or some form of maintenance. Since the fraudulent website is visually similar to or an exact copy of the real one, the user will not suspect that it is actually a fake page. Danger can be detected and avoided by adhering to the above recommendations.
- Avoid opening email attachments if you do not know the sender, even when using an antivirus program. Also, avoid visiting suspicious (particularly adult content pages) websites and do not answer yes to any questions (such as installing additional software) if you are unfamiliar with the content. Typically, such correspondence spreads malware that may result in unauthorized access to online or mobile banking services and unauthorized access to your personal data stored on your devices.
Handle personal and confidential data (including data storage mediums and access) with care.
- Never share or pass on confidential and personal data for accessing online and mobile banking services to third parties. Make sure no unauthorized person can access your digital certificate, private key or personal password.
- Handle data storage mediums carefully; do not leave the smart card in the reader, password (PIN) generator or other media within reach of unauthorized persons.
- Make sure that such mediums and passwords cannot be accessed by third parties.
- Only insert your smart card to access online banking services into the reader/PC when using the online banking service. upon completion of online banking services, immediately remove the smart card from your PC or reader. This will prevent unwanted spamming.
- Pay special attention to the safe storage of your smart card for online banking service, devices and password generator in order to prevent loss or theft.
- If you suspect that your digital certificate has been misused, or it is lost, immediately notify both the authority that issued the digital certificate and your bank, so they disable the certificate and use of online and mobile services.
Make sure your device is locked whenever you are away from it or when you are away or not using it.
Only use software from trusted sources
- Do not download programs from the Web unless you are sure that the download and its operation are secure and that the origin or source is authentic. When downloading software, you run the risk of downloading a virus, a Trojan Horse, or even a hidden web address at the same time.
- Only install software and fixes on devices from trusted sources, such as official mobile stores such as the Google Play or App Store, and official software sites such as Microsoft, etc.
- Particularly avoid downloading and installing unlicensed software into your devices through file sharing programs (e.g. eMule, torrent).
Perform safety procedures and inspections regularly
- Before connecting to your online bank, activate the antivirus program and firewall, and set up features that protect your device from unauthorized access (e.g. a password for your username for operating system login).
- Web browsers will often allow you to resume sessions even if you closed the tab or the entire browser. Therefore, it is very important that you sign out after completing your online and mobile banking services. This is the only way to complete all procedures for the safe completion of your work, and re-entry without a security login will no longer be possible.
- Close the browser after logging out.
- Do not use online banking services on public computers (e.g. online cafes, colleges, etc.) as they may not meet the minimum standards for safe e-commerce. There is also a possibility that such computers are adapted for spying and logging data.
Maintenance of software and other devices
- In the event of any malfunction, contact a qualified service technician for assistance.
- When handing over devices that access your online and/or mobile services for maintenance and repairs, remove all data and applications intended to access online and mobile banking services.
- After the malfunction has been repaired and your device has been picked up, you can reinstall your confidential and personal data.
Check your bank account balance regularly
Check your bank account balance and transactions promptly and consistently in order to quickly identify any discrepancies.