Security
Committed to offering you a secure and private online banking experience.
What we're doing to protect you
Our IT professionals work constantly to stay ahead of online threats, taking advantage of the most advanced technologies and established procedures to protect your data and financial assets. In addition, we offer a number of layers of protection:
Your personal and financial information are safely stored and all communications with the e-Banking platform are encrypted using SSL 128 bit state-of-the-art algorithms. This ensures the confidentiality of your data from EFG systems to your browser. We also offer the SecureMail service, allowing you to exchange securely emails and documents with your Client Relationship Officer (CRO).
The EFG e-Banking website uses extended validity (EV) certificates to prove its identity to visitors. Such certificates require extensive verification, and provide the highest level of confidence about the authenticity of a website.
For added safety, EFG e-Banking requires two levels of authentication to provide access to your e-Banking account and to confirm your transactions:
Your traditional username and password credentials.
An electronically generated one-time password. This will prevent unauthorized access in the event that your username or password are disclosed.
To protect your account from password guessing, an account will be locked out if an incorrect password (or token code) is entered four times consecutively. You will then have to contact your CRO to reactivate it. In addition, you will be automatically disconnected from your e-Banking session after 20 minutes of inactivity, to prevent anyone else from accessing your account in case you leave your computer unattended.
What you can do to protect yourself
There are a number of things you can do to protect your data and improve your online banking experience:
Many us will have expierenced phising emails. However, fake websites can be more difficult to spot, as they often look exactly like their legitimate counterparts. You can make sure of website authenticity by looking at the address, and by checking the certificate. The real web address is not necessarily the one shown in the hyperlink, which could redirect you to a website that has nothing to do with the real e-Banking site. For this reason, you should never follow any link to access your e-Banking and you should manually enter the address https://ebanking.efginternational.com in your browser, or save it in your bookmark.
Once you have entered the right address, it is also critical to verify the certificate. A valid certificate will in fact show you the real entity associated with the web site you are connected to, and it will ensure that only that entity will be able to decrypt the exchanged information. There may be some differences in how browsers show that a certificate is valid (a closed padlock, address highlighted in green, etc.).
Malicious software can infect your computer in many ways. Viruses can be in email attachments or USB sticks; they can hide themselves in valid programs; or you can simply get infected by opening a web page within your browser. In most cases, antivirus software can provide protection; however, it is critical to keep it up to date with the latest virus definitions.
Computer viruses are created on a daily basis, and the most dangerous attacks often draw on recent developments. Make sure your antivirus software is active and configured for automatic updates. In addition to 'real-time' protection, it should also be configured to perform a full scan of your computer on a regular basis.
Spyware is a type of program that records information about your online behavior, often to generate market research data but also sometimes to obtain personal information, passwords, credit card numbers and so on. In most cases they are downloaded and installed as part of a legitimate program without the user's knowledge.
As spyware behaves in a different way from viruses, many antivirus tools are not effective in detecting them. It is a good idea to install specific anti-spyware software.
E-mails are a common method of carrying out scams or viruses. You should always exercise care when opening a suspicious email and, should you have any doubt about the legitimacy of the message, avoid clicking on any link or downloading any attachment.
You should also be cautious when receiving an email from a person that you know, as it is very easy to forge the sender of an address in an email. Common sense is often the best means to spot a fraudulent message in those cases.
While viruses are intentionally developed for malicious activities, software vulnerabilities and bugs are defects involuntarily left by developers in an application or an operating system. Just like viruses, vulnerabilities might open doors for ill-intentioned people interested in your data. It is critical that you keep your operating system and your applications up to date by installing the latest patches and security updates. Many systems and applications offer an automatic updates feature and it is advisable to enable it.
Most of the day-to-day activities performed on a computer do not require administrative privileges and can be safely carried out with a 'standard' account with limited privileges. Moreover, the impact of a virus or malware is generally much higher if executed by an administrative account and it would affect all the users on the system. You should always try use a standard account and only log in as administrator when it is necessary (for example to install a new program).
Securing your wireless connection is imperative, and you should never assume that your neighborhoods are safe as some directional antennas are able to intercept your WIFI signal. You should never use an 'open' access point and never use weak authentication/encryption such as WEP which can be easily broken in a few minutes. You should use more robust algorithm, such as WPA2, with a very complex access code. Refer to the vendor of your wireless equipment for instructions on how to enable WPA2.
Internet browsers often store data. To minimise unauthorised access, you should start a new browser window for any e-Banking session and close all other web pages while you are connected to your account. You should avoid accessing your account from public places like internet cafes or kiosks, as you will lack control about what information is retained and where.
To end your session you should use the 'log out' button, and clear the cache of your browser.