While ADIB has given the top priority to secure
customer's accounts and personal information and provide them a
secure environment, we still recommend our customer as an Internet
user to be well aware of the best practices and use them.
have provided some basic tips and recommendations that can be
followed to make your online banking experience safer and enjoyable.
Safe Online Practices
/Spoof Email/Email Fraud
Tips when using
has employed a range of security features for its Online Banking
Encryption (128 bit Secure
Two level of Password
for executing Financial Transactions
It is the Virtual
electronic fence that prevents unauthorised
access to the ADIB servers.
stands for "Secure Sockets Layer". It is a protocol designed to
enable applications to transmit information back and forth securely.
Applications that use this protocol inherently know how to give and
receive encryption keys with other applications, as well as how to
encrypt and decrypt data sent between the two SSL has been
universally accepted on the World Wide Web for authenticated and
encrypted communication between the customer's computer and servers.
ADIB uses 128-bit
encryption key to scramble all messages between your PC and all ADIB
online sessions. It is the strongest and more secure form of
encryption that is most widely used worldwide. Some applications
that are configured to run SSL include web browsers like Internet
Explorer and Netscape, email programs like Outlook, and Outlook
Express etc. These programs are automatically able to receive SSL
Digital certificates are
issued by certification authorities to authenticate a Web site or
elements of Web sites. The certificate identifies the originator of
the site, or element, and verifies that it has not been tampered
with. When your Web browser is presented with a certificate, it will
check to see if a legitimate certification authority issued the
certificate. If there is a match, your session will continue.
Otherwise, your browser will issue a warning and your safest action
is to cancel your activity.
Two levels of Password for Financial
Funds Transfers and Bill
Payment can be executed through Internet Banking only by use of
transaction password in addition to the password used for logging
in. All main transactional facilities on the website cannot be done
without entering transactional password.
enhanced security against keystroke capturing, input of your
username, password or PIN will only be allowed via the virtual
keyboard using your mouse. The virtual keyboard is displayed with
numbers (buttons) in random order, rather than the standard 0-9.
To further protect
against unauthorized access to your accounts, our systems are
designed to automatically terminate a secure online session if
extended inactivity is detected. If your session is left idle the
message will popup after the specified time has elapsed, which will
prompt you to either continue or terminate the session.
Although ADIB has employed state-of-art technologies
and methodologies to make your online banking experience safer and
enjoyable, it also recommends you to follow the best practices while
Password verification is the mechanism used by
computer systems and Web sites to check your identity. When you
login to a secure Website using password, you are granted
appropriate access to available services and resources. If someone
else knows your password, he can access the same resources. In other
words, whatever you can do when you are logged into a site, they can
suggest you as our customer tips to protect your password :
Change you password immediately after your first logon
and there after atleast once in a
suggested to change both the passwords (Login and Transactions)
provide additional security for online financial transaction always
create and maintain different passwords for Login and for
not share your password with any one else, including family members,
friends or bank staff.
Always try to create complex and lengthy password that
are difficult to guess. Do not create password that are obvious,
like your name, family members name, address, telephone number, date
of birth etc.
Never use same password for different applications or
services that you may use.
you feel that your password is known by another person you should
change it immediately.
your login IDs or password automatically appear
in the login page of a secure Web site, you should
disable the auto complete function to increase the security of your
you login to ADIB web site successfully, your web browser will
establish a secure connection between your computer and our Web
servers. This will allow you to communicate with us privately and to
conduct online transactions safely. In order to make sure that your
browser has established a secure connection, look for a security
symbol located at the bottom left or right hand corner of your
browser. (see figure below)
may also check the address bar of your browser. If the Web site
address starts with "https://" rather than the standard "http://",
then the session is secured. Also note that the URL shown in browser
is pointing to ADIB�s genuine
Click on the lock in
your web browser to see the site�s security details. Make sure when
you connect to ADIB web site it shows following digital certificate.
Do not forget to log off
and close your browser, when you are finished conducting online
transactions or visiting secure Web sites. This will ensure that any
information that is cached or stored on your computer or in your
browser is erased. This will prevent others from being able to view
this information later. Also never leave your PC unattended when you
are performing the online transactions.
Computer viruses and worms like " Melissa
" and " Code Red
" are very dangerous as
they can spread very quickly and create havoc on personal computers
and corporate networks. You should always use up-to-date anti-virus
software that is capable of scanning files and email messages for
viruses. This can prevent your files from being corrupted or lost,
as well as save you hours of frustration as you try to restore an
infected computer system.
personal computer connected to the Internet that is not properly
protected is vulnerable to a variety of malicious Internet
intrusions and attacks. This is applicable to all cable modem,
digital subscribe line (DSL) and dial-up users. However, cable modem
and DSL users are particularly vulnerable because both connection
methods provide "always-on" connection capability. The chances of a
malicious individual entering your computer increases significantly
the longer your computer is on and connected to the Internet.
role of firewall is to protect you from any intrusion. It creates a
barrier between your PC and the other internet user. A firewall can
be a hardware device, software application or it can be combination
of both. Firewall are cable
of preventing any malicious attacks and can block certain type of
traffic (data) from entering your PC or network. If proper policy is
set they can alert you if any tries to attack your computer.
The software that you
use to connect to internet itself can impact the security of your
online transactions. You should visit the websites of software
vendor to check the security bulletins that warn you about various
security bugs or holes that may impact the software and the web
browser you are using. It is import to check for the software
patches and updates for your operating systems too.
/Spoof Email/Email Fraud
Internet Banking is a
safe way to manage your fund. However, there are Internet fraudsters
around who will try to gain access to your accounts by e-mailing you
and prompting you to disclose your on-line banking security details
to them. Please note that banks will never send such e-mails that
ask for confidential information. If you receive an e-mail
requesting your Internet Banking security details, you should not
' refers to the practice of fraudsters 'fishing' for
your details in order to find out and misuse sensitive personal and
financial information. Criminals may, for instance, make identical
copies of existing corporate websites, or send scam e-mails to
elicit a response from you and trick you into divulging your
Although there is no
single way to recognise whether you have
received spoofed email - as the fraudsters are deceptive, there can
be few signs to guess the emails reality .
Signs of Spoof/ Phishing
Sender�s Email ID :
Spoof email may include a forged email id in the from
line. Never rely on the from
field of an email as it can be altered
- Account Status Threat or Urgency:
of the times spoof email you receive will try to tell you about the
threat that your account is jeopardize and you will not be able to
transact on website unless you send the account information
immediately. It may also claim that bank is updating its database.
- Links :
While many emails have links (urls
) included within it, please remember that this link
will take you to fake website. It may look very similar to banks
actual URL but there can be spell mistakes which are not easy to
detect. So do not click on this URL. Always type in the URL in the address bar
to avoid connecting to any fake website.
- Request for personal information:
Requests that you enter
sensitive personal information such as a User ID, Password or
bank account number, covered card number by clicking on a link or
completing a form within the email are a clear indicator of a Spoof
The good thing about
this emails is that you are in control - you can protect your
personal financial information by ignoring the spoof altogether. You
should never provide contact, sign-in or other sensitive personal
information in an email.
when using Public Computer
you use internet caf� to do online transactions there is always a
chance of your information getting stored on the PC you used and may
be accessed by other people who can perform transaction on your
behalf. Below are the few tips you should follow in order to protect
your self when transacting at public places.
Always use Virtual
Remove Your Activities
Always use Virtual
you are transacting online using public computer there is risk that
there is some program running in background which is trying to
capture the keystrokes and hence he may get your password, in order
to avoid password from being recorded you should always use Virtual
Keyboard provided on the login page.
Remove Your Activities
use an Internet browser, it stores data of the site and web pages
you visited. When you finish with surfing or transacting online do
not forgot to clear your activity track by using following simple
Internet Explorer Users :
( i ) Click Tools >
Internet Options. On the General tab, click Delete Files and Delete
Cookies. Then click Clear History.
Netscape Navigator Users :
( i ) Before using
internet, Click Edit and Preferences.
(ii) Click the arrow next
to Navigator and select History. On the right, find Browsing
History. Change Remember Visited Pages to 0.
(iii) Click on the
arrow next to Privacy and Security. Select Disable Cookies and
Disable Cookies in Mail and Newsgroups.
(iv) Once you finished
surfing/transacting online, click Edit and Preferences. Click the
arrow next to Navigator. Click Clear History and Clear Location
(v) Go to Privacy and Security on the left side and click
the arrow. Select Cookies. Click Manage Stored Cookies. On the
stored Cookies tab, click Remove All Cookies.
go to Advanced, in the left-hand panel. Click the arrow and
click Cache. Click Clear Memory Cache and Clear Disk Cache.
Browsers also save passwords. In order to ensure that no one
can track your surfing or grab your passwords with saved data clean
your browser using following option.
(i ) Click Tools >
Internet Options. On the Content tab, click AutoComplete. Uncheck
the four boxes.
(ii) When you finish surfing, again click Tools
> Internet Options. Go to the Content tab and click AutoComplete.
Click Clear Forms and Clear Passwords.
(i ) Before browsing,
Click Edit and Preferences. Click the arrow next to privacy and
Security. Click Passwords. Clear the box next to Remember Passwords.
When you finish browsing, click Passwords again,
under Privacy and Security. Click Manager Stored Passwords.
Select the Passwords Saved tab and click Remove All.
Netscape has a feature similar to AutoComplete. It saves data
entered into forms. To disable that, under Privacy and Security,
click Forms. Uncheck �Save form data from Web pages when completing
forms�. When you
finish browsing, return to the Forms page. Click
Manage Stored Form Data. Click Remove all Saved
Public computers may be secure. But one can never be
sure of what has been done on a public machine. Approach these
machines with care. Avoid performing sensitive business transactions
from these machines.
computers allow you to install software on them, making them
vulnerable to virus attacks or malicious programs such as keystroke
logging programs. If you have any concerns about the security of a
shared computer, don't hesitate to ask the administrator about the
steps they have taken to protect their computers.