What does your bank do?

A secure website

Internet banking is always done via a secure website. The banks protect your information via a whole complex of filters, scanning systems and firewalls. This makes the chance that hackers can break into your bank’s online banking system extremely remote.

You can recognise a secure website by:

  • The address always starts with https:// and not with http://;

  • The locked padlock (if you’re working in Internet Explorer) at the bottom right of the internet page (or at the top of recent browsers) is visible. This means that a security certificate has been sent to your computer and that only you have access to the information that you are sending or receiving. If you click the padlock, you can see the certificate’s data and can check who owns the website;

  • The request for your authentication data when you launch an internet banking session;
  • In some cases, the address bar will also turn green. This only happens when a website has an EV certificate (extended validation) and you are working with Internet Explorer 7 or a more recent browser.

If several factors are not right, such as the address is missing an “s”, you are not requested to enter your authentication data, the correct data does not display when you click the padlock, etc., then you have probably landed on a fraudulent site. Fraudsters are becoming ever more successful at certain techniques, such as falsifying the padlock, which means that you do not immediately notice that you have landed on a phishing site. This is why you must always ensure that there is a combination of various security factors present.

Personal access to banking data

Access to your banking data is personal. In order to launch an internet banking session, you must have a card reader or token, whether or not this is necessarily in combination with a bank card and/or your secret code. The combination of these factors generates a unique key per session which only you can use to carry out transactions on your account.

Even if your bank does not work with a card reader or token, but with another system, a new, unique and personal code is always created to give you access to your banking data.

Encoded data

The information that is exchanged between your computer and your bank is sent as encoded data. When you carry out transactions via an internet banking system, these are automatically encoded. The information is sent to your bank’s servers, where they are then decoded. The information that your bank sends to you is encoded and decoded in the same way. This way no-one but you can read or change this information.

Digital signature

Your bank will always ask you to digitally sign your transactions using a password or code.
This password can, depending on the electronic banking system you are using, be something you chose yourself or can be generated by your token or card reader.
If you use a card reader or token, you will see a digital signature on the screen of your card reader or token during every new session. This signature is only valid once. Some banks also have a procedure whereby your card reader or token is blocked after a limited number of attempts to enter the wrong code have been made. The digits of the signature also only remain valid for a limited time.

Automatic deactivation of the internet session

Your bank will automatically end your internet banking session after a few minutes of inactivity. After this, you must log back in again. This way the bank prevents your online session from remaining open when you are unexpectedly called away or are not looking at your screen for a few minutes.

Automatic improvement of internet banking

Your bank takes care of permanently upgrading its internet banking systems, in order to be sure they meet the up-to-date standards in the field of userfriendliness and security.