Notes on Network Security
DBS pays great attention to the maintenance of confidentiality of personal information and network safety. We spare no efforts to provide you with safe and secure online services in order to meet your needs with regards to iBanking.
We have adopted common network security technologies of the banking industry to protect your online transactions and information. In addition we have applied a series of online security measures including routers, firewalls and network intrusion detection system to ensure better protection.
We constantly adopt active steps to ensure that our online security solutions are up-to-date in order to meet service upgrading needs. Nevertheless, we hope that as users you can also actively participate in the security protection of your personal account, transaction information and online transaction.
At present, our online security applications and measures include:
- Secure Sockets Layer (SSL)
To safeguard the information transmitted to our bank or transmitted from our bank to customers, we have adopted the internationally-recognized highly-efficient SSL128-bit encryption system. Information will be highly encrypted before being transmitted. Only the authorized recipients can use designated software to decode and recover the original information.
- 2FA: 2nd Factor Authentication
DBS iBanking provides 2FA for better security. To log onto the system, you not only need to enter the user name and password, but also the One Time Password (OTP) for the Transaction Mode, otherwise you can only using Enquiry Mode to view account information. OTP will be sent via short messaging service (SMS) to the mobile phone you have pre-registered with our bank.
- SMS – OTP
iBanking is more secure and comprehensive with authentication by way of OTP. OTP is a supplementary password which can only be used once. It will be sent to your mobile phone via SMS.OTP is required for logging on and using certain services.
- Automatic Log Out Function
Once your computer is detected for idling for too long, the system will automatically log out of iBanking. To continue using iBanking, you need to re-enter your user name, password and OTP.
- Restriction on Log-on Attempts
- Continuous Closely Monitoring
- Periodical Review and Audit
Beware of fraudulent mails and websites
What is “Phishing”
"Phishing” refers to a case where fraudsters attempt to illegally access your key personal information such as your bank user name, password, identity card number and debit card number. They will use your information to access your account for illegal purposes. For example they will use debit card number which you inadvertently provide to bogus websites to conduct fraud.
How is “Phishing" carried out?
Fraudsters engage in “Phishing” in a number of ways which can be summarized as follows:
Use similar e-mail addresses, trademarks or logos to make you mistake them for true e-mails or websites.
Use different ways to trick you into providing your personal information, e.g. providing hyperlinks to fraudulent websites or online forms attached to the e-mail.
Common examples: You may receive an e-mail claimed to be sent by DBS, requiring you to click on a hyperlink to enter certain website and make some necessary personal information updates under some conditions. Once you click the hyperlink you will be led to a website quite similar to our bank which requires you to enter your personal information for illegal access or utilization. Furthermore, e-mails sent by fraudsters may look vey similar to those from our bank, which may even have bank logos on them. Therefore you must be particular cautious and should not easily trust such e-mails.
For security reasons, under no circumstances will DBS demand online important personal information updates through e-mails.
Why are fraudulent websites so similar to bank websites?
As anyone can download and replicate information from the internet, fraudsters can easily replicate a website that is almost identical to a legitimate organization.
How to avoid being cheated by “Phishing”?
Do not log onto what is claimed to be DBS iBanking website through hyperlinks provided in suspicious e-mails. For security reasons, under no circumstances will DBS demand online important personal information updates through e-mails. Thus, any e-mail of this nature that you receive is fraudulent.
We recommend the following measures to avoid being drawn into “Phishing" scam:
- At all times log onto DBS China’s website (http://www.dbs.com.cn) to enter iBanking.
- Do not reveal your password. Under no circumstances will our bank employees demand you to divulge your password.
- If you receive an e-mail which requires you to "confirm your personal information, otherwise your account with the bank will be closed”, do not respond or click the hyperlink provided in the e-mail.
- Avoid logging onto what is claimed to be DBS iBanking website through hyperlink provided in any e-mail and entering your user name and password.
- Avoid transmission of your personal or financial information through e-mails. If you need to transmit personal financial information through the website, you must check the ‘security lock' logo on the browser in order to ensure that your information is securely transmitted. Our bank will not attempt to obtain your personal and financial information through forms in e-mails.
- Immediately check the transactions when you receive your monthly debit card and banking statements to make sure there are no unauthorized transactions. Please notify our customer service center if your debit card or banking statements are long overdue. You may also telephone us to confirm your mailing address for receipt of monthly statements as well as account balance.
Should I report fraudulent websites or suspicious e-mails?
Please contact our customer service center immediately if you suspect being cheated by fraudulent websites. Any report that you lodge will help us in identifying such fraudulent websites and take the appropriate action to stop them. Furthermore any relevant information that you provide can help our bank to notify customers in order for them to beware of such websites.
Beware of fraudulent e-mails
Recently there were fraudsters who sent false e-mails to bank customers and obtained their personal information. Such ruse had affected banks in numerous countries.
The e-mails easily misled customers to click false websites linked to them. They were websites that closely resembled bank websites such that customers were caught off-guard.
The e-mails usually claimed that customers needed to “update" or “confirm” their information, in order to trick customers into entering their user name, password, personal information and other banking-related confidential information. Once divulged such information would fall into the hands of fraudsters. Such fraudulent acts are usually known as “Phishing”.
For more information, please look under “phishing” or “e-mail bank scams” in this website.
To avoid being cheated, please see the following measures:
- Do not divulge your personal password to anyone. Please treat any suspicious e-mails that ask you for your personal information with care. Our bank will never send such e-mails.
- If you receive such an e-mail, do not reply or click the hyperlinks in it.Do not read chain or junk mails, delete them.
- Avoid entering DBS's official website through hyperlinks provided in e-mails or search engines.
Open DBS China’s website (http://www.dbs.com.cn) on any browser and add it to your "Favorite”, in order to facilitate direct logging onto the website in the future.
- Avoid using public/shared computers in internet cafes, public libraries or other public venues, or use any dubious device to enter the iBanking website or other website that requires inputting password to access it, in order to prevent your personal information from being stolen, duplicated or abused after you have left the computer.
- If you suspect that you have been cheated or if you have any questions, please call DBS customer service center (4008208988) any time.
Beware of Spyware
Our bank recommends that customers be extra cautious in the use of any software that claims to be able to increase surfing speed. Such software or services may re-direct your online service to designated servers which will allow them to store and analyze your internet activities. When you use DBS or other encrypted online services, the relevant activities or input data such as user name, password, debit card number, banking and transaction records, etc. may as well be recorded by them.
How do you protect your own interest?
Do not access DBS website on computers which have been installed with surveillance software or software that re-directs your online service.
If you install any software which claims to be able to enhance your online speed or add third-party tool to the browser, you may already be using software which monitors your online activity. We recommend that you delete the relevant software. You may do so by accessing the “Control Panel”, and select “Add/Delete Programs” to find and remove such program.
Be updated regularly on spyware and be cautious about whether your computer has activities which hint of spyware, for example, proliferation of pop-up advertisements when on the internet, or receiving numerous dubious e-mails which show your personal information.
Install and activate anti-virus, anti-spyware software and personal firewall of reputable software companies to protect your computer from being intruded by virus or malware. You should regularly update such software and relevant security patch.
Do not use public/shared computers or dubious devices to access DBS iBanking website, because you can never be sure whether it has been installed with hacking program, surveillance software or software which re-directs your online service.
How DBS Bank protects your interest?
We closely monitor and intercept users who access our website using re-director software or spyware. If you have been denied access to our website, you may have inadvertently installed re-director software or spyware in your computer. Please remove such software.
How do you differentiate a real iBanking website from a fake one?
Fake iBanking websites imitate our iBanking website with a high degree of accuracy. Nevertheless the following 4 steps can help you to confirm whether or not the website you have accessed is a true one.
- Check whether the URL is correct -- http://www.dbs.com.cn
- Once you log onto personal iBanking, you can click a ‘security lock’ logo on the screen’s bottom right hand. A security certificate will be displayed. You can check information on DBS such as our company name, website, certifying organization, validity period and encryption type, etc.
- Enter your registered iBanking user name and password.
- Enter OTP for mobile phone. The OTP password will be sent to your mobile phone pre-registered with our bank.
Do not use your iBanking password on other financial or non-financial internet services such as e-mail, online shopping, electronic authentication or other online application services.
Make sure your computer is not subject to intrusion by virus and malware.
Avoid storing the user name/password when using Internet Explorer.
Avoid using public computer (e.g. computers in internet café) to access iBanking services.
Regularly check your bank account information and transaction records.
Important Security Notice
DO NOT disclose your ID, PIN, and SMS OTP to anyone
DBS staff will NEVER ask for such information.
If you are approached for this information, please inform us at 400 820 8988.
Security Alerts & News
"FREAK" Vulnerability Information
Date: 4 March 2015
Threat Type: Security Vulnerability
Alert Level: Amber
Description: A vulnerability known as “FREAK” has been discovered on OpenSSL implementations of SSL (Secure Socket Layer) and TLS (Transport Layer Security) which are used to encrypt communications between a website and a web browser (such as Internet Explorer, Safari) to keep the customer’s credentials and transactions secure. The vulnerability is present on websites that that use OpenSSL and accept weak encryption key length of 512 bits. When exploited, an attacker can break this weak encryption key which will allow him to steal secret information from web servers, such as the customer’s login credentials.
DBS/POSB iBanking and IDEAL do not use OpenSSL and RSA 512 bit encryption key and are not vulnerable to “FREAK”. You are assured that we have multiple layers of security in place such as 2FA for online banking transactions, to protect your online banking transactions.
However, it has also been reported that “FREAK” affects Apple’s Safari browser and Google’s Android browsers and could enable an attacker to spy on communications of users of these browsers. Both Apple and Google have since announced that a patch/software update is underway, to help mitigate this risk.
How can you protect yourself from this?
You are reminded to remain cautious when banking online:
- Update your web browser to the latest available patches and install the latest software updates on your mobile devices. Ensure that you download these updates from authentic and trusted sources such as Apple App Store or Google Play Store.
- Use different usernames and passwords for your online banking accounts from other non-banking related accounts and ensure that you change your passwords regularly.
- Do not reveal your iBanking/IDEAL username, password or token PIN to anyone.
- Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signatures.
- Call us immediately at 400 820 8988(Personal Banking), if you notice unknown transactions appearing on your account.