Security Centre.
Follow these online banking safety and secuity tips to ensure you bank and trade securely
Some of the benefits
Right to privacy
Encryption
Testing experts
Firewalls
Here are some tips that will help you to ensure your online environment is as secure as possible:
- Control access to your premises, particularly to areas where critical computers are located
- Ensure that anti-virus, anti-spyware, and intrusion prevention systems are up to date
- Keep operating systems updated. Ensure that the latest patches are installed, that software is licensed and legal, and that systems are configured correctly.
- Ensure your employees keep their login details confidential and change passwords regularly
- Familiarise yourself with the information on Business Online
- Be alert at all times. Fraudsters strike in those weak moments when your guard is down
- Never share your token with anyone or leave it unattended. Always keep it locked away securely
Password protection
- One of the standard security features on Business Online is controlled access through user IDs and passwords. Each operator on your profile has their own personalised password which they use when they access the system.
- You can help to reduce your exposure to online threats by implementing sound password protection principles and communicating them to everyone in your organisation who has access to your profile.
- Keep your password safe. Never write it down anywhere or tell anyone what it is, not even the bank.
- Manually enter your password every time you log on. Do not select the automatic password option.
- Make it difficult to decipher. Passwords should be between 6-8 characters long and comprise a combination of numbers, letters (both upper and lower case) and special characters.
- Avoid the obvious. Don't use names or numbers that are easily associated with you, like the names of your children or your birthday.
- Make your banking password unique. Don't use the same password for all your online accounts.
- Change your password regularly. Often a password is compromised without an operator even knowing. Frequent updates will help to minimise the risk of extended malicious usage.
2 Factor Authentication
- 2 Factor Authentication is a multi-level login procedure that requires a user to provide two passwords before being granted access to a Business Online banking profile. This additional security level helps to reduce the risk of fraud on your online banking portfolio.
- The system makes use of two levels of security. The first of these is the self-generated user password. Users choose their own passwords and may change them at any time.
- The second level of security can be provided by a one-time password, which is generated by a small device called a token or alternatively by registering for Digital Authentication which can be used to authenticate your sign-in on both the Mobile app and the Desktop Application.
- TOKEN: Each registered Business Online user has their own token, which generates random passwords at regular intervals. Only the password provided by the token at the time of logging on will be valid for a Business Online session.
OR - DIGITAL AUTHENTICATION: Download the Business Online SA mobile app onto your mobile device, register for digital authentication. Remember to scan the displayed QR Code using the BOL SA Mobile App when signing into the Desktop Application
- TOKEN: Each registered Business Online user has their own token, which generates random passwords at regular intervals. Only the password provided by the token at the time of logging on will be valid for a Business Online session.
Please note the following:
- Tokens may only be registered to one operator. Operators may not lend their tokens to colleagues or borrow other operators' tokens.
- Tokens will be suspended if three incorrect one-time passwords are entered in a row. Suspended tokens can be resynchronised by calling the Business Online call centre on 0860 123 007.
- If an operator leaves their token at home, their one-time passwords can be sent to their registered cell phone number. (This service is only available for one day, or 10 sessions.)
- If a token is lost or stolen, a new token will be provided. A designated person will need to approve the replacement.
Ordering your token
For new Business Online operators - a token order will automatically be placed when your operator details are captured by Standard Bank.
On delivery, you will need to produce positive identification (passport, or South African identity document).
After we have received confirmation that your token has been delivered, a message will be displayed when you logon to Business Online requesting you to register your token. Please do so within 32 days to avoid being suspended from the system.
Registering your token
- Log on to Business Online.
- Enter your existing Operator ID and password.
- Enter the 10-digit token serial number (no spaces or dashes), which appears on the label on the back of the token.
- Press the grey token button once to switch the token on (ensuring that the button is on the left of the display), wait 2 seconds for the 6 digit numeric one-time password to be displayed. Enter this password in the One Time Password field.
- To generate a new one time password, wait for the token to automatically switch off, then follow the instructions in Step 4 again. Enter the new one time password. The second one time password must be different from the first one. Enter this password in the New One Time Password field.
- Click the "Register" button.
Segregation of duties
Online banking activities, particularly sensitive transactions such as making payments and adding or amending beneficiary details, should not be processed without the approval of more than one person in your organisation.
Business Online’s segregation of duties function allows you to separate these transactions into steps, with a separate person being responsible for authorising each of the steps before the transaction can be processed.
Benefits
- Reduces error and improves online banking security
- Allows for quality assurance on all transactions
- Improves the checks and balances on your business accounts
- Ensures a level of confidentiality of the financials of the business
- The basic underlying principle of segregated duties is that no employee or group should be in a position both to perpetrate and conceal errors or fraud in their normal course of duties. The same would apply if their user credentials were compromised and used fraudulently.
- Ideally, there should be at least three authorising parties to each transaction, the capturer, the releaser and the designated person.
- The designated person ensures that valid and authorised accounts, creditors and debtors are loaded, and that only authorised operators gain access to the Business Online profile. The designated person should also ensure that appropriate limits and release levels are created and maintained.
Audit reports
Business Online's audit reports allow you to identify any irregular activity on beneficiary profiles and payment transactions.
We recommend that you review your audit details at least once at the end of each day.
It is important to remember that an interim audit report is not a confirmed payment. The report merely reflects an intention to pay while the required releasing function is still pending.
Final audit reports submitted as confirmation of payment should not be accepted without confirming that the credit is reflected in your account as an electronic payment and not as either a cash or cheque deposit.
Security Lock out (Access Control)
- Business Online's Security Lock out (Access Control) feature allows you to completely deny access to your online banking profile at certain times of the day and on certain days of the week. The Security Lock out feature is an optional add-on, available at no extra cost that allows pre-defined lock-out periods to be set according to your specific business requirements.
- This feature also allows you to impose an immediate lock-out of a user profile or specific operator should the need arise.
- The facility provides additional control over your Business Online banking platform, giving you increased peace of mind – especially outside of normal business hours.
- Some facts about Security Lock out (Access Control):
- It is an optional feature, available on request
- If you subscribe to this feature it is imperative that you carefully consider your business operational requirements when specifying the Business Online lock-out times for each day of the week
- The lock out times are specified per user profile
- All operators linked to the user profile will be denied access to Business Online during the lock-out time
- Subscribing for this feature does not affect any existing Business Online functionality or other security features
- Extensions to operating times can be arranged on an ad hoc basis, through the bank , should the need arise
- A warning message feature is available to alert operators when lock-out periods are about to commence
- If you do not subscribe, Business Online will continue to be available for 24 hours a day
-
SECURITY TIPS
-
SECURITY FEATURES
Here are some tips that will help you to ensure your online environment is as secure as possible:
- Control access to your premises, particularly to areas where critical computers are located
- Ensure that anti-virus, anti-spyware, and intrusion prevention systems are up to date
- Keep operating systems updated. Ensure that the latest patches are installed, that software is licensed and legal, and that systems are configured correctly.
- Ensure your employees keep their login details confidential and change passwords regularly
- Familiarise yourself with the information on Business Online
- Be alert at all times. Fraudsters strike in those weak moments when your guard is down
- Never share your token with anyone or leave it unattended. Always keep it locked away securely
Password protection
- One of the standard security features on Business Online is controlled access through user IDs and passwords. Each operator on your profile has their own personalised password which they use when they access the system.
- You can help to reduce your exposure to online threats by implementing sound password protection principles and communicating them to everyone in your organisation who has access to your profile.
- Keep your password safe. Never write it down anywhere or tell anyone what it is, not even the bank.
- Manually enter your password every time you log on. Do not select the automatic password option.
- Make it difficult to decipher. Passwords should be between 6-8 characters long and comprise a combination of numbers, letters (both upper and lower case) and special characters.
- Avoid the obvious. Don't use names or numbers that are easily associated with you, like the names of your children or your birthday.
- Make your banking password unique. Don't use the same password for all your online accounts.
- Change your password regularly. Often a password is compromised without an operator even knowing. Frequent updates will help to minimise the risk of extended malicious usage.
2 Factor Authentication
- 2 Factor Authentication is a multi-level login procedure that requires a user to provide two passwords before being granted access to a Business Online banking profile. This additional security level helps to reduce the risk of fraud on your online banking portfolio.
- The system makes use of two levels of security. The first of these is the self-generated user password. Users choose their own passwords and may change them at any time.
- The second level of security can be provided by a one-time password, which is generated by a small device called a token or alternatively by registering for Digital Authentication which can be used to authenticate your sign-in on both the Mobile app and the Desktop Application.
- TOKEN: Each registered Business Online user has their own token, which generates random passwords at regular intervals. Only the password provided by the token at the time of logging on will be valid for a Business Online session.
OR - DIGITAL AUTHENTICATION: Download the Business Online SA mobile app onto your mobile device, register for digital authentication. Remember to scan the displayed QR Code using the BOL SA Mobile App when signing into the Desktop Application
- TOKEN: Each registered Business Online user has their own token, which generates random passwords at regular intervals. Only the password provided by the token at the time of logging on will be valid for a Business Online session.
Please note the following:
- Tokens may only be registered to one operator. Operators may not lend their tokens to colleagues or borrow other operators' tokens.
- Tokens will be suspended if three incorrect one-time passwords are entered in a row. Suspended tokens can be resynchronised by calling the Business Online call centre on 0860 123 007.
- If an operator leaves their token at home, their one-time passwords can be sent to their registered cell phone number. (This service is only available for one day, or 10 sessions.)
- If a token is lost or stolen, a new token will be provided. A designated person will need to approve the replacement.
Ordering your token
For new Business Online operators - a token order will automatically be placed when your operator details are captured by Standard Bank.
On delivery, you will need to produce positive identification (passport, or South African identity document).
After we have received confirmation that your token has been delivered, a message will be displayed when you logon to Business Online requesting you to register your token. Please do so within 32 days to avoid being suspended from the system.
Registering your token
- Log on to Business Online.
- Enter your existing Operator ID and password.
- Enter the 10-digit token serial number (no spaces or dashes), which appears on the label on the back of the token.
- Press the grey token button once to switch the token on (ensuring that the button is on the left of the display), wait 2 seconds for the 6 digit numeric one-time password to be displayed. Enter this password in the One Time Password field.
- To generate a new one time password, wait for the token to automatically switch off, then follow the instructions in Step 4 again. Enter the new one time password. The second one time password must be different from the first one. Enter this password in the New One Time Password field.
- Click the "Register" button.
Segregation of duties
Online banking activities, particularly sensitive transactions such as making payments and adding or amending beneficiary details, should not be processed without the approval of more than one person in your organisation.
Business Online’s segregation of duties function allows you to separate these transactions into steps, with a separate person being responsible for authorising each of the steps before the transaction can be processed.
Benefits
- Reduces error and improves online banking security
- Allows for quality assurance on all transactions
- Improves the checks and balances on your business accounts
- Ensures a level of confidentiality of the financials of the business
- The basic underlying principle of segregated duties is that no employee or group should be in a position both to perpetrate and conceal errors or fraud in their normal course of duties. The same would apply if their user credentials were compromised and used fraudulently.
- Ideally, there should be at least three authorising parties to each transaction, the capturer, the releaser and the designated person.
- The designated person ensures that valid and authorised accounts, creditors and debtors are loaded, and that only authorised operators gain access to the Business Online profile. The designated person should also ensure that appropriate limits and release levels are created and maintained.
Audit reports
Business Online's audit reports allow you to identify any irregular activity on beneficiary profiles and payment transactions.
We recommend that you review your audit details at least once at the end of each day.
It is important to remember that an interim audit report is not a confirmed payment. The report merely reflects an intention to pay while the required releasing function is still pending.
Final audit reports submitted as confirmation of payment should not be accepted without confirming that the credit is reflected in your account as an electronic payment and not as either a cash or cheque deposit.
Security Lock out (Access Control)
- Business Online's Security Lock out (Access Control) feature allows you to completely deny access to your online banking profile at certain times of the day and on certain days of the week. The Security Lock out feature is an optional add-on, available at no extra cost that allows pre-defined lock-out periods to be set according to your specific business requirements.
- This feature also allows you to impose an immediate lock-out of a user profile or specific operator should the need arise.
- The facility provides additional control over your Business Online banking platform, giving you increased peace of mind – especially outside of normal business hours.
- Some facts about Security Lock out (Access Control):
- It is an optional feature, available on request
- If you subscribe to this feature it is imperative that you carefully consider your business operational requirements when specifying the Business Online lock-out times for each day of the week
- The lock out times are specified per user profile
- All operators linked to the user profile will be denied access to Business Online during the lock-out time
- Subscribing for this feature does not affect any existing Business Online functionality or other security features
- Extensions to operating times can be arranged on an ad hoc basis, through the bank , should the need arise
- A warning message feature is available to alert operators when lock-out periods are about to commence
- If you do not subscribe, Business Online will continue to be available for 24 hours a day
We remain committed to protecting your information, but we also need you to ensure that you have taken effective security measures when transacting over the Internet. For queries please contact our 24-Hour Fraud Hotline on 0800 222 050.
Fraudsters will lure you into providing confidential information. It is up to you so stay informed about the types of fraud that is committed. Get all the guidance you need to safeguard yourself.
New types of scams continue to emerge in which fraudsters lure you into providing confidential information. Stay up to date with the scams.