At ABN AMRO, we are committed to protecting the security and
confidentiality of your personal information by providing you
with a safe and secure transaction environment.
We are the first bank in Singapore to introduce a Two-Level
Authentication process using a Dynamic Security Password (DSP).
This helps to curb the various internet threats and challenges
that currently affect internet banking today.
Besides the 1st level of authentication provided through the
use of a User ID and Static Password, a 2nd level Dynamic Security
Password (DSP) is also required to access ABN AMRO Internet Banking. The DSP is a dynamic one-time password generated via
a push of the button on the DSP device. This portable, hand-held
electronic device is issued by the Bank to customers who have
signed up for Internet Banking.
With the added layer of security provided through the DSP, we
bring you added peace of mind by ensuring that your banking
transactions can be performed round-the-clock, 7 days a week,
in a safe and secure environment.
Read on to find out more about
how ABN AMRO Bank
can help you deal with today's internet threats and challenges.
» Internet Threats
» What is phishing?
» How ABN AMRO Bank can help you deal with today's internet threats and challenges
» How to check if ABN AMRO Internet Banking is the intended site?
» Is the security provided by Secure Sockets Layer (SSL) safe enough for banking transactions to be carried out on the internet?
» How can customers be certain that Internet Banking is safe and secure?
» Customer responsibility
» Reporting Incidents
Internet Threats
Internet banking is fast becoming a popular platform for banking transactions. A recent newspaper article reported that in Singapore, approximately a million people out of a total population of 4 million are regular users of Internet Banking.
However, the "open" nature of the internet exposes financial institutions to internet security risks. More recently, there have been reported incidences of a new type of online fraud called phishing (pronounced as “fishing”).
back to top
What is phishing?
Phishing means creating a replica of an existing web page to deceive consumers into submitting personal or confidential information. Phishing is a term coined by hackers who imitate legitimate companies in emails to entice people to share static passwords or credit card numbers. Other names for phishing are brand spoofing, carding, fake websites, and email scams.
While such fraud or scams have existed for years, digital information communication technologies have made this practice easier for nefarious users to spoof any number of things, including emails, websites, and even entire industries. More often than not, the targets of these scams are financial institutions. Thus, there is a growing need within the financial industry to address this problem by educating users on such risks.
Internet security threat comes in four forms:
- Basic phishing
Basic phishing involves emails containing fraudulent forms,
or links to fraudulent websites. For example, an email may
contain a link to what appears to be a legitimate organisation.
While the URL initially appears legitimate, it redirects
the user to another location where a spoofed website resides.
Victims submit sensitive information through this website,
or directly via emails, without realizing that it is instantaneously
transmitted to criminals who intend to use the information
for malicious purposes.
The email will usually include one of the following messages
to trick you to act according to their instructions:
- “Your account is currently being updated as
we are introducing a new security system. Follow the
instructions below to re-activate your account.”
- “Your credit card is the subject of a police
investigation for fraud. Please follow the instructions
below.”
- “Our record shows that payment for your internet
account is due. We are currently introducing a new e-payment
service. Please follow the instructions below to activate
your online payment.”
- “You are the lucky winner of our lucky draw.
Please submit your credit card details so that we can
verify your identity.”
The following are examples of the instructions you may be
asked to follow, to deceive you into disclosing details
such as your password:
- “Please provide a return email with your account
details, password or credit card number. We will re-activate
your account as soon as we receive your email.”
- “Please click on the hyperlink below to update
your personal details.”
- “Please click on the attachment below. This
will automatically generate an alert on our side. We
will update your account and inform you.”
Please note that ABN AMRO Bank will NEVER send you any email
asking you to divulge any confidential or personal information.
You should discard such emails and report them to us.
- Brand spoofing
Hackers will fake or spoof websites of legitimate and existing
organisations to deceive customers into thinking they are
interacting with the legitimate company.
This can involve receiving an email that contains a link
to a website. Once you click on the link, you are redirected
to a fraudulent website. You then unknowingly submit sensitive
information such as your user identification number, password,
credit card number, bank account information, and other
forms of financial data.
- Industry spoofing
Fake or spoofed organisations/ industries purportedly exist
to mitigate
risks, such as escrows* and other third party mediators,
that customers may trust.
*Escrow services perform a 3rd party role between an online
buyer and a seller. Such transaction usually involves monetary
exchanges. Escrow services collect the payment from a buyer
on behalf of an online seller, and aid in the delivery of
the purchased item to the buyer.
In instances where this third party is illegitimate, you
will see neither the purchased item nor will you recover
the money paid to the escrow service. This form of industry
spoofing can also be carried out through legitimate organisations.
There have been several instances where illegitimate users
claim to be sellers on certain website, posting falsified
auction items, keeping the customers’ payments, but
never delivering the goods.
- Cyber-mugging
Some emails appear legitimate, but when opened, install Trojans and Keystroke sniffers onto customers’ computers so that sensitive information
can be stolen. Some even allow computers to be remotely
controlled. Criminals can also take money through Salami
slicing. These are cases where undetectably small increments
of money are taken out of an account over a period of time.
Please contact our 24-hour Phone Banking hotline at 1800
ABN AMRO (226 2676) or (65) 6226 2676 (from overseas)
to report such incidents immediately.
back to top
How ABN AMRO Bank can help you deal with today's internet threats and challenges
Dynamic Security Password (DSP): A solution to Internet
threat
"Security within everyone’s reach"
As part of our commitment to create a safe and secure transaction environment, we have introduced the Dynamic Security Password (DSP) device, which is used to generate a dynamic password needed to access your Internet Banking facility. Each DSP device generates a series of passwords unique to that user’s account. Each one-time password is valid for 60 seconds every time.
As the DSP is needed to validate and authenticate the user for each online transaction, you can be assured of a safe and secure transaction environment.
Phishing normally occurs when a static User ID and password is revealed. With the DSP’s Two-Level Authentication via a second dynamic password, which changes every 60 seconds, phishing can be prevented.
So, thanks to ABN AMRO Bank’s Two-Level Authentication process, you can now manage your Internet Banking transactions with complete peace of mind.
back to top
What is a Dynamic Security Password?
"Ultra-portable, highly secure authentication
for peace of mind"
All login and online banking transactions will require a 2nd level of authentication with a Dynamic Security Password (DSP), which is generated with a push of the button on the DSP device.
This portable, hand-held electronic device will be given to you free of charge when you sign up for ABN AMRO Internet Banking.
The DSP is required for login and transactions. Each DSP device generates a series of passwords unique to that particular user. The DSP is used to validate and authenticate the user, therefore providing a safe and secure transaction environment.
What’s more, the DSP device can be kept close at hand as it is small and portable. You can choose to:
- Carry it on a key chain,
- Carry in a pocket or purse,
- Attach it to your handphone; or
- Wear it around the neck along with your access card.
back to top
Industry’s strongest 128-bit SSL Encryption
The 128-bit Secure Socket Layer (SSL) encryption is the de facto cryptographic standard that we use for securing data communication between the browser and our website. Digital certificate technology is used to ensure transaction privacy, message integrity and server-side authentication. This also serves as an assurance that the website runs legitimately under the care of ABN AMRO Bank.
SSL is the industry-standard method developed by Netscape Communications Corporation for protecting web communications. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Any software with encryption features having key lengths over 40-bit is considered strong encryption by the U.S. Government.
Most browsers support 40-bit SSL sessions, and the latest browsers enable users to encrypt transactions in 128-bit sessions. 128-bit encrypted messages are 309,485,009,821,345,068,724,781,056 times harder to break than 40-bit messages. Thus, it would take the same technology used to crack the RSA 40-bit message 1 trillion x 1 trillion years to crack a 128-bit message.*
* Quoted from VeriSign – www.verisign.com
back to top
How to check if ABN AMRO Internet Banking is the intended site?
Always login to ABN AMRO Internet Banking by entering the official bank URL (www.abnamro.com.sg) directly into the browser address field.
back to top
Is the security provided by Secure Sockets Layer (SSL) safe enough for banking transactions to be carried out on the internet?
Banks in Singapore generally adopt the Secure Sockets Layer 128-bit encryption standard, an international standard which is considered secure and adequate for encrypting data transmitted over the internet. This standard is also widely used by other financial centres in the world. ABN AMRO Bank will continue to track and apply best practices in encryption standards.
back to top
How can customers be certain that Internet Banking is safe and secure?
Security issues are of paramount concern to banks in Singapore, whether the consumer uses the traditional channel or the internet. Regardless of the technology or medium, both banks and customers have a responsibility to ensure that transactions are carried out in a safe and secure manner. Customers have to protect their confidential data, such as the password, login information or passwords. Otherwise, they will put themselves at unnecessary risk.
back to top
Customer responsibility
Customer education is critical to the mitigation of the phishing threat. Online users should be aware of how to spot fraudulent emails and websites. URLs can be redirected so that it initially appears legitimate in order to deceive the customer. For example, when a customer submits information on a website, a seemingly legitimate URL can redirect the customer to a different address, which is actually a spoofed website or a criminal email address.
Customers should note that they can often spot grammatical errors on illegitimate sites, as they often originate in foreign countries. They should also delete suspicious emails. Customers should be aware that emails can launch harmful Trojan horses or worms onto customer computer systems. Though not a complete panacea, customers can have some level of protection against threats by proactively securing their own computers with technological measures such as anti-virus software and intrusion detection software.
back to top
How do I prevent my PC from getting infected with viruses and malicious programs?
ABN AMRO Bank recommends that you do the following:
- Equip your personal computer with the latest virus detection
software and anti-spyware so as to protect yourself against any virus attacks
and other malicious attacks.
- Install a personal firewall to protect against hackers,
virus attacks or Trojan horses.
- Update the anti-virus, anti-spyware and firewall products with security
patches or newer versions on a regular basis.
- Avoid downloading any files from websites or people you
are not familiar with.
- Avoid using programs that allow you to automatically receive
or preview files.
- Avoid opening email attachments from strangers or unintended senders.
- Delete all junk and chain emails.
back to top
Password management
Protect and secure your password (for ATM, Phone Banking, Internet Banking). You can protect your password and other security information in these ways:
- Do not allow anyone to use your Dynamic Security Password,
or know your Static Password or any other sensitive information.
- Memorise your Static Password and other security information
and destroy the notification immediately. You should not
write or keep a record of your User ID and Static Password
together with your Dynamic Security Password device.
- Do not leave your Dynamic Security Password device lying
around.
- Do not use easy to remember dates or numbers, like your
identity card number or birth dates, as your Static Password
or password.
- Change your Static Password periodically.
- Avoid having the same password for different websites,
applications or services.
- Do not store your User ID/ Static Password in the Internet
Explorer Browser – Auto Complete Function.
- Never reveal your Static Password to anyone. The Bank
will never request for your Internet Banking, Phone Banking
or ATM Password for any reason.
- Do not choose option to save your ID or Password in your internet browser
back to top
Other Security Precautions and Practices while using Internet Banking
- Disable file and printer sharing in your computer while online, especially if you are connected to the Internet via a cable modem, broadband connection or similar set-ups.
- Avoid installing or running software application from unknown sources.
- Do not enter or disclose your personal data to unfamiliar web sites.
- Avoid accessing online banking or performing financial transactions from public terminals, computers or devices which cannot be trusted. E.g. Internet Cafés.
- Never leave your computer unattended. Ensure your computer is properly logged-off from any online session or shut down while it is not in use.
- Check the balance of your bank account(s) as well as transaction records frequently and report any discrepancy.
- Backup any important data regularly.
- Consider using additional encryption technology to protect highly sensitive data.
back to top
Reporting Incidents
Inform us immediately by calling our 24-hour Phone Banking hotline at 1800 ABN AMRO (226 2676) or (65) 6226 2676 (from overseas) if:
- Your Dynamic Security Password or Static Password is lost or has been stolen.
- You suspect someone else has access to your Static Password or any other confidential information.
- You find out any unusual transaction records in your Internet Banking.
In order to expedite our investigations, we may need you to furnish us your details and descriptions of the incident. We would provide you with an interim update of our investigations, while we are working towards getting a final resolution. As the nature of each incident varies, the incident could be further escalated to other department, such as technical support team or application team, and thus the time required to fully resolve the issue will be on a case-by-case basis.
back to top
