Internet Banking Security Tips

HDFC Bank has been one of the pioneers in extending internet banking services to cater to anytime, anywhere banking needs of its customers by leveraging on to its state-of-the-art technology platforms. Internet Banking has also been exploited by hackers and fraudsters to deceive the bank's customer and commit frauds. While the bank has best-of-the-breed solutions, processes and people deployed to extend secure banking to its customers, it is important for our customers to know that "SecUrity is incomplete without U". Customers need to follow secure computing guidelines to avert any frauds or security breaches to their accounts, as keys to the internet banking accounts are held by respective account owners in the form of Customer IDs and Internet Banking passwords (IPIN).

1. Keep your Customer ID and IPIN confidential and do not disclose it to anybody.
2. Change your IPIN as soon as you receive it by logging into your NetBanking account. Memorise your IPIN, do not write it down anywhere.
3. Refer "Protect your computer accounts with strong passwords" section under computer security tips.
4. Avoid accessing internet banking from shared computer networks such as cyber cafes.
5. Do not click on links in the emails or sites other than www.hdfcbank.com to access your NetBanking webpage.
6. Always visit the HDFC Bank's NetBanking site through HDFC Bank's home page by typing the bank's website address (www.hdfcbank.com) on to the browser's address bar. Users are encouraged to add the bank's URL to Favorites or Bookmark in the user computer browser.
7. Always verify the authenticity of the Bank's NetBanking webpage by checking its URL as "https://netbanking.hdfcbank.com" and the PAD Lock symbol at the bottom corner of the browser before putting in your Customer ID and IPIN.
8. If your Customer ID and IPIN appear automatically on the login page of NetBanking webpage, you should disable "Auto Complete" feature on your browser. To disable auto complete feature:
   1. Open Internet Explorer, Click on Tools=> Internet Options=> Content.
   2. Click on "Auto Complete", under "Personal Information"
   3. Uncheck "User names and passwords on forms", click on "Clear Passwords"
   4. Click "OK"
9. Use virtual keyboard feature while logging into your internet banking account.
10. Do cross check your last login information available in NetBanking upon every login to ascertain your last login and monitor any unauthorised logins.
11. Always type your confidential account information. Do not copy paste it.
12. Monitor your transactions regularly.
13. Use HDFC Bank's "InstaAlerts" service.
14. Always logout when you exit NetBanking. Do not directly close the browser.

Internet Banking Security Tips

• Always shop or make payments through trusted / reputed websites and bookmark those sites if you use them regularly.
• Ensure that the URL of the website is correct by verifying it in the address bar of your computer browser.
• Do not click on links in emails or on referral websites to visit the online shopping site. Always type the URL in the address bar of the browser to visit the website.
• Do not enter your confidential account information such as Credit Card Numbers, Expiry Date, CVV values, etc on any pop-up windows.
• If you are a frequent online shopper, signup for Verify by Visa and Master Card secure code program.
• Check for  PAD LOCK symbol on the webpage before furnishing your Credit Card Numbers, Expiry Date, PIN and CVV values, etc to make payments.
• Make note of the transaction IDs for future reference incase of disputes.
• Check your account statements regularly and bring any fraudulent transaction to the notice of Bank.
• Do not respond to emails seeking your confidential account information that try to lure you with offers, jobs or prizes etc.

Internet Banking Security Tips

• Use licensed software on your computer
  Unlicensed software procured from untrustworthy sources could have malicious programs such as virus or trojans that may damage your computer by corrupting your files or may reveal your confidential data such as passwords of your various accounts, Credit/Debit card numbers, etc without your knowledge to the owner of that software.
  
  
• Do not allow unauthorised access to you computer
  Unauthorised access to your computer could lead to compromise of your confidential data stored on your computer.
  
  
• Protect your computer accounts with strong passwords
  Computers identify its users based on usernames and passwords unlike humans. Use strong passwords to secure your computer accounts from being compromised or misused and follow good password management practices such as:
  • Keep alphanumeric passwords with length of minimum 8 characters. You can use phrases in sentences such as "nature's wrath tsunami" to frame your passwords as they are easy to remember and difficult to crack.
  • Do not use dictionary based words or your personal information such as name of your spouse or child or your date of birth etc as passwords, because they are easy to crack or guess.
  • Do not keep same passwords for multiple accounts.
  • Maintain confidentiality of your passwords.
  • Do not write down your passwords.
  • Do change your passwords once in every three months.
    
    
• Update your computer with latest security patches
  Install latest security patches for your operating system and other components like browser, email client, etc as released by your computer's operating system vendor. Keep your computer updated periodically of security patches and protect your computer from intrusions.
  
  
• Use anti-virus, anti spyware and personal firewall
  Computers connecting to internet face a variety of threats from the internet such as infections from malware such as viruses, trojans, spyware, adware, etc that may affect the security of user computers in terms of corrupting files, system failures or transmitting user confidential data to hackers or fraudsters without the knowledge of the user. Hackers can take control of user systems by intrusions and misuse them to launch malicious attack on other systems, conduct illegal activity, gain access to your confidential information, etc.
  Protect your computer from malware by installing anti-virus and anti-spyware software and keep it updated with the latest signature files.
  Use personal firewalls to protect your computer from intrusions by hackers on the internet. Do switch off / disconnect your computers from internet when not in use.

Internet Browsing Security Tips

1. Watch your click:
   You must observe click discipline while browsing through different websites. You may land up clicking on to malicious link that could download malicious code / software or virus on to your computer.
2. Do not download software from nontrustworthy sites:
   Downloading software from non-trustworthy sites may lead to infecting your computer with virus. Users should particularly be careful of downloading freeware which may have Trojans installed that would transmit your confidential information to a hacker or fraudster without your knowledge.
3. Read privacy policy of the website:
   Make sure that you read the privacy policy of the website before parting with any personal information such as name, email id, contact number, etc and be aware of how your information would be used by the website owner.

Email Security Tips

• Protect your email ID
  Your email ID is your identity and address on the internet and anyone may reach you from any part of the globe in minimum time and effort. Protect your email ID from being misused.
  
  
• Do not publish your email ID on internet
  Do not disclose your email ID on websites, chat rooms, internet blogs or subscribe to mailing lists without having read the privacy policy of these sites. Your email ID could be shared or sold to marketing companies and may land up in the spam databases which become the target for receiving spam emails.
  
  
• Protect your email box against spam
  Spam emails are unsolicited emails sent in large numbers to recipients for sales and marketing or some promotional activities. Do not reply / respond to spam emails as it may lead you to receiving more spam in your email box.
  
  
• Do not open email attachments in haste
  Do not open attachments received from unknown sender or unexpected attachments from known senders. They may contain virus infected files most of the times.
  
  
• Be wary of fraudulent emails
  You may receive emails well crafted to establish communication with you and lure you into a professional or personal relationship leading to using your Bank account for financial transactions over the internet also known as money laundering. Refer Money Mules

Email Security Tips

Login Security:

Access to customer's NetBanking account is granted using a Customer ID and IPIN (internet banking password) that is privy to the customer. Without a valid IPIN corresponding to the customer ID, access to customer account cannot be gained by anyone.

IPIN Security:

• IPIN is randomly generated by the system and directly printed on tamper proof media that it is not accessible by anyone other than the customer.
• Customer is forced to change his IPIN such upon first login such that customer is assured that IPIN is not compromised before delivery.
• IPIN is stored by the Bank by use of encryption technology such that it is not accessible to anyone including the system administrator.
• IPIN can be generated online using the Debit Card details plus One Time Password (OTP) authentication on the registered mobile number.

Session Security:

Access to the customers are provided through a secure webpage that encrypts the session between the customer's computer and the webpage using 128-bit encryption so that the communication between the customer's computers and the webpage cannot be intercepted by anyone over the internet.

HDFC Bank systems time out the customer's login sessions to his NetBanking account upon prolonged inactivity for protection against misuse.

Digital Certificate:

The webpage of the HDFC Bank's internet banking server is identified by means of a digital certificate provided by Verisign to ensure its customer that they are on the correct site and protect themselves from revealing their confidential account information on some fake website.

Taking internet security to a new level and to prevent frauds, HDFC Bank has enhanced its NetBanking security by obtaining the Extended Validation Secure Sockets Layer Certificate (hereby referred to as “the EVSSL certificate” or “the certificate”).

The EV SSL Certificate provides clear visual indicators in the form of green address bar so that customers can easily identify a genuine website. This implies that it belongs to the organization it claims to be from. In this case it is HDFC Bank. As soon as the bar (URL address bar) turns green, customers can be assured it is the genuine website. Alternatively, if the bar turns red, it means that the web page they are accessing might be unsafe and customers are advised to stop accessing the web page immediately. For further verification you can also click on the green address bar to check for the details of the organization (Simultaneously you can also be on a lookout for padlock* in the bar and the Norton Secured Seal**).

Some of the other benefits of having the EVSSL certificate also includes that the online shoppers can recognize the green address bar as an easy and reliable way to verify the site identity and security.

The customers should be informed that the certificate works on all the major browsers like Internet Explorer 7, Mozilla Firefox 3, Opera 9.5, Google Chrome and Safari 3.2 and the higher versions of these. In case customers are using an older browser, they will not get a green color notification in the address bar, even though the website is EV SSL authenticated. It is highly recommended that they upgrade their browser to a version that is compatible with EV SSL certificates.

The next time you log in to the NetBanking page, watch out for the green address bar as below:

Virtual keyboard:

Customer can use the feature of Virtual Keyboard while logging into his NetBanking account. This protects the users IPIN from being compromised by keylogger software installed on untrusted/shared computers e.g cyber cafes.

Insta Alert:

The Bank has InstaAlert service to send SMS/ Email alert to the customer upon registration for defined transaction denominations and while adding beneficiary/ies for carrying out Third Party Transfer transactions.

Security Solutions:

All banking systems are secured using state-of-the-art security solutions acknowledged world wide viz, firewalls, intrusion detection systems, intrusion prevention systems, anti-malware systems to extend secure banking services to our customers.

Security Teams:

The Bank has robust processes, skilled people and competent service providers who monitor the security of our systems round the clock.