Important notice:  For up to date information about the pandemic visit www.who.int 
  • Products and Services
    • Cash Management
    • Trade Finance
    • Forex Trading
    • Investor Services
    • Channel Services
    FX Trading
    Forex (FX) Trading with Business Online
    A real-time tool for companies dealing in foreign exchange.
    International Payments
    Transfer electronic funds reliably
    Process your cross-border payments and transfer funds between your Foreign Currency accounts.
    BOL SA App
    Convenient Banking
    Enjoy simple and convenient banking at your fingertips with the Business Online SA Mobile App
    Trade Finance
    Transact easily
    Trade Finance solution provides Documentary Trade and Open account trade finance (OATF) facilities to our Business Online clients.
  • Security Centre
  • Help and Support
  • About us
Global
Sign in

Security Centre

Follow these online banking safety and secuity tips to ensure you bank and trade securely  

Some of the benefits

Right to privacy

Your right to privacy and security is important to us. We understand that any information transmitted via our channels is sensitive.

Encryption

All interactions with our transactional sites are protected through encryption that complies with international standards of good practice.

Testing experts

We have employed the services of independent security experts to test and advise us on the security of our systems.

Firewalls

Our application webservers are protected by firewalls and intrusion detection systems.
What to look out for
SECURITY TIPS

Here are some tips that will help you to ensure your online environment is as secure as possible:

  • Control access to your premises, particularly to areas where critical computers are located
  • Ensure that anti-virus, anti-spyware, and intrusion prevention systems are up to date
  • Keep operating systems updated. Ensure that the latest patches are installed, that software is licensed and legal, and that systems are configured correctly.
  • Ensure your employees keep their login details confidential and change passwords regularly
  • Familiarise yourself with the information on Business Online
  • Be alert at all times. Fraudsters strike in those weak moments when your guard is down
  • Never share your token with anyone or leave it unattended. Always keep it locked away securely
SECURITY FEATURES

Password protection

  • One of the standard security features on Business Online is controlled access through user IDs and passwords. Each operator on your profile has their own personalised password which they use when they access the system.
  • You can help to reduce your exposure to online threats by implementing sound password protection principles and communicating them to everyone in your organisation who has access to your profile.
  • Keep your password safe. Never write it down anywhere or tell anyone what it is, not even the bank.
  • Manually enter your password every time you log on. Do not select the automatic password option.
  • Make it difficult to decipher. Passwords should be at least 8 characters long and comprise a combination of numbers, letters and punctuation. You can use both upper and lower case to make your password more secure.
  • Avoid the obvious. Don't use names or numbers that are easily associated with you, like the names of your children or your birthday.
  • Make your banking password unique. Don't use the same password for all your online accounts.
  • Change your password regularly. Often a password is compromised without an operator even knowing. Frequent updates will help to minimise the risk of extended malicious usage.

2 Factor Authentication

  • 2 Factor Authentication is a multi-level login procedure that requires a user to provide two passwords before being granted access to a Business Online banking profile. This additional security level helps to reduce the risk of fraud on your online banking portfolio.
  • The system makes use of two levels of security. The first of these is the self-generated user password. Users choose their own passwords and may change them at any time.
  • The second level of security is known as a one-time password, which is generated by a small device called a token. Each registered Business Online user has their own token, which generates random passwords at regular intervals. Only the password provided by the token at the time of logging on will be valid for a Business Online session.

Please note the following:

  • Tokens may only be registered to one operator. Operators may not lend their tokens to colleagues or borrow other operators' tokens.
  • Tokens will be suspended if three incorrect one-time passwords are entered in a row. Suspended tokens can be resynchronised by calling the Business Online call centre on 0860 123 007.
  • If an operator leaves their token at home, their one-time passwords can be sent to their registered cell phone number. (This service is only available for one day, or 10 sessions.)
  • If a token is lost or stolen, a new token will be provided. A designated person will need to approve the replacement.

Ordering your token 

For new Business Online operators - a token order will automatically be placed when your operator details are captured by Standard Bank.
On delivery, you will need to produce positive identification (passport, or South African identity document).
After we have received confirmation that your token has been delivered, a message will be displayed when you  logon to Business Online requesting you to register your token. Please do so within 32 days to avoid being suspended from the system.

Registering your token

  • Log on to Business Online.
  • Enter your existing Operator ID and password.
  • Enter the 10-digit token serial number (no spaces or dashes), which appears on the label on the back of the token.
  • Press the grey token button once to switch the token on (ensuring that the button is on the left of the display), wait 2 seconds for the 6 digit numeric one-time password to be displayed. Enter this password in the One Time Password field.
  • To generate a new one time password, wait for the token to automatically switch off, then follow the instructions in Step 4 again. Enter the new one time password. The second one time password must be different from the first one. Enter this password in the New One Time Password field.
  • Click the "Register" button.

Segregation of duties

Online banking activities, particularly sensitive transactions such as making payments and adding or amending beneficiary details, should not be processed without the approval of more than one person in your organisation.

Business Online’s segregation of duties function allows you to separate these transactions into steps, with a separate person being responsible for authorising each of the steps before the transaction can be processed.

Benefits

  • Reduces error and improves online banking security
  • Allows for quality assurance on all transactions
  • Improves the checks and balances on your business accounts
  • Ensures a level of confidentiality of the financials of the business
  • The basic underlying principle of segregated duties is that no employee or group should be in a position both to perpetrate and conceal errors or fraud in their normal course of duties. The same would apply if their user credentials were compromised and used fraudulently.
  • Ideally, there should be at least three authorising parties to each transaction, the capturer, the releaser and the designated person.
  • The designated person ensures that valid and authorised accounts, creditors and debtors are loaded, and that only authorised operators gain access to the Business Online profile. The designated person should also ensure that appropriate limits and release levels are created and maintained.

Audit reports

Business Online's audit reports allow you to identify any irregular activity on beneficiary profiles and payment transactions.

We recommend that you review your audit details at least once at the end of each day.

It is important to remember that an interim audit report is not a confirmed payment. The report merely reflects an intention to pay while the required releasing function is still pending.

Final audit reports submitted as confirmation of payment should not be accepted without confirming that the credit is reflected in your account as an electronic payment and not as either a cash or cheque deposit.

Security Lock out (Access Control)

  • Business Online's Security Lock out (Access Control) feature allows you to completely deny access to your online banking profile at certain times of the day and on certain days of the week. The Security Lock out feature is an optional add-on, available at no extra cost that allows pre-defined lock-out periods to be set according to your specific business requirements.
  • This feature also allows you to impose an immediate lock-out of a user profile or specific operator should the need arise.
  • The facility provides additional control over your Business Online banking platform, giving you increased peace of mind – especially outside of normal business hours.
  • Some facts about Security Lock out (Access Control):
  • It is an optional feature, available on request
  • If you subscribe to this feature it is imperative that you carefully consider your business operational requirements when specifying the Business Online lock-out times for each day of the week
  • The lock out times are specified per user profile
  • All operators linked to the user profile will be denied access to Business Online during the lock-out time
  • Subscribing for this feature does not affect any existing Business Online functionality or other  security features
  • Extensions to operating times can be arranged on an ad hoc basis,  through the bank , should the need arise
  • A warning message feature is available to alert operators when lock-out periods are about to commence
  • If you do not subscribe, Business Online will continue to be available for 24 hours a day
  • SECURITY TIPS
  • SECURITY FEATURES

Here are some tips that will help you to ensure your online environment is as secure as possible:

  • Control access to your premises, particularly to areas where critical computers are located
  • Ensure that anti-virus, anti-spyware, and intrusion prevention systems are up to date
  • Keep operating systems updated. Ensure that the latest patches are installed, that software is licensed and legal, and that systems are configured correctly.
  • Ensure your employees keep their login details confidential and change passwords regularly
  • Familiarise yourself with the information on Business Online
  • Be alert at all times. Fraudsters strike in those weak moments when your guard is down
  • Never share your token with anyone or leave it unattended. Always keep it locked away securely

Password protection

  • One of the standard security features on Business Online is controlled access through user IDs and passwords. Each operator on your profile has their own personalised password which they use when they access the system.
  • You can help to reduce your exposure to online threats by implementing sound password protection principles and communicating them to everyone in your organisation who has access to your profile.
  • Keep your password safe. Never write it down anywhere or tell anyone what it is, not even the bank.
  • Manually enter your password every time you log on. Do not select the automatic password option.
  • Make it difficult to decipher. Passwords should be at least 8 characters long and comprise a combination of numbers, letters and punctuation. You can use both upper and lower case to make your password more secure.
  • Avoid the obvious. Don't use names or numbers that are easily associated with you, like the names of your children or your birthday.
  • Make your banking password unique. Don't use the same password for all your online accounts.
  • Change your password regularly. Often a password is compromised without an operator even knowing. Frequent updates will help to minimise the risk of extended malicious usage.

2 Factor Authentication

  • 2 Factor Authentication is a multi-level login procedure that requires a user to provide two passwords before being granted access to a Business Online banking profile. This additional security level helps to reduce the risk of fraud on your online banking portfolio.
  • The system makes use of two levels of security. The first of these is the self-generated user password. Users choose their own passwords and may change them at any time.
  • The second level of security is known as a one-time password, which is generated by a small device called a token. Each registered Business Online user has their own token, which generates random passwords at regular intervals. Only the password provided by the token at the time of logging on will be valid for a Business Online session.

Please note the following:

  • Tokens may only be registered to one operator. Operators may not lend their tokens to colleagues or borrow other operators' tokens.
  • Tokens will be suspended if three incorrect one-time passwords are entered in a row. Suspended tokens can be resynchronised by calling the Business Online call centre on 0860 123 007.
  • If an operator leaves their token at home, their one-time passwords can be sent to their registered cell phone number. (This service is only available for one day, or 10 sessions.)
  • If a token is lost or stolen, a new token will be provided. A designated person will need to approve the replacement.

Ordering your token 

For new Business Online operators - a token order will automatically be placed when your operator details are captured by Standard Bank.
On delivery, you will need to produce positive identification (passport, or South African identity document).
After we have received confirmation that your token has been delivered, a message will be displayed when you  logon to Business Online requesting you to register your token. Please do so within 32 days to avoid being suspended from the system.

Registering your token

  • Log on to Business Online.
  • Enter your existing Operator ID and password.
  • Enter the 10-digit token serial number (no spaces or dashes), which appears on the label on the back of the token.
  • Press the grey token button once to switch the token on (ensuring that the button is on the left of the display), wait 2 seconds for the 6 digit numeric one-time password to be displayed. Enter this password in the One Time Password field.
  • To generate a new one time password, wait for the token to automatically switch off, then follow the instructions in Step 4 again. Enter the new one time password. The second one time password must be different from the first one. Enter this password in the New One Time Password field.
  • Click the "Register" button.

Segregation of duties

Online banking activities, particularly sensitive transactions such as making payments and adding or amending beneficiary details, should not be processed without the approval of more than one person in your organisation.

Business Online’s segregation of duties function allows you to separate these transactions into steps, with a separate person being responsible for authorising each of the steps before the transaction can be processed.

Benefits

  • Reduces error and improves online banking security
  • Allows for quality assurance on all transactions
  • Improves the checks and balances on your business accounts
  • Ensures a level of confidentiality of the financials of the business
  • The basic underlying principle of segregated duties is that no employee or group should be in a position both to perpetrate and conceal errors or fraud in their normal course of duties. The same would apply if their user credentials were compromised and used fraudulently.
  • Ideally, there should be at least three authorising parties to each transaction, the capturer, the releaser and the designated person.
  • The designated person ensures that valid and authorised accounts, creditors and debtors are loaded, and that only authorised operators gain access to the Business Online profile. The designated person should also ensure that appropriate limits and release levels are created and maintained.

Audit reports

Business Online's audit reports allow you to identify any irregular activity on beneficiary profiles and payment transactions.

We recommend that you review your audit details at least once at the end of each day.

It is important to remember that an interim audit report is not a confirmed payment. The report merely reflects an intention to pay while the required releasing function is still pending.

Final audit reports submitted as confirmation of payment should not be accepted without confirming that the credit is reflected in your account as an electronic payment and not as either a cash or cheque deposit.

Security Lock out (Access Control)

  • Business Online's Security Lock out (Access Control) feature allows you to completely deny access to your online banking profile at certain times of the day and on certain days of the week. The Security Lock out feature is an optional add-on, available at no extra cost that allows pre-defined lock-out periods to be set according to your specific business requirements.
  • This feature also allows you to impose an immediate lock-out of a user profile or specific operator should the need arise.
  • The facility provides additional control over your Business Online banking platform, giving you increased peace of mind – especially outside of normal business hours.
  • Some facts about Security Lock out (Access Control):
  • It is an optional feature, available on request
  • If you subscribe to this feature it is imperative that you carefully consider your business operational requirements when specifying the Business Online lock-out times for each day of the week
  • The lock out times are specified per user profile
  • All operators linked to the user profile will be denied access to Business Online during the lock-out time
  • Subscribing for this feature does not affect any existing Business Online functionality or other  security features
  • Extensions to operating times can be arranged on an ad hoc basis,  through the bank , should the need arise
  • A warning message feature is available to alert operators when lock-out periods are about to commence
  • If you do not subscribe, Business Online will continue to be available for 24 hours a day
Stay informed

We remain committed to protecting your information, but we also need you to ensure that you have taken effective security measures when transacting over the Internet. For queries please contact our 24-Hour Fraud Hotline on 0800 222 050.

Protect yourself from fraud
Protect yourself from fraud

Fraudsters will lure you into providing confidential information. It is up to you so stay informed about the types of fraud that is committed. Get all the guidance you need to safeguard yourself.

Scams
Scams

New types of scams continue to emerge in which fraudsters lure you into providing confidential information. Stay up to date with the scams.

Protect yourself from fraud

Fraudsters will lure you into providing confidential information. It is up to you so stay informed about the types of fraud that is committed. Get all the guidance you need to safeguard yourself.

Scams

New types of scams continue to emerge in which fraudsters lure you into providing confidential information. Stay up to date with the scams.