Online security tips

Some simple steps you can take to protect yourself when transacting online include:

• Securing your computer.
• Using the internet safely.
• Using online banking safely.

 

Securing your computer

Simple steps you can take to help secure your computer are:

• Use and maintain up-to-date software.
• Use an internet security package.

 

Use and maintain up-to-date software

You should only use an operating system that your vendor still supports. For most home users this will be:

• Microsoft XP or Vista.
• Apple Mac OS X Tiger or Leopard.

Update (or ‘patch’) your operating system with the latest vendor security patches at least once a month:

• Microsoft users: use Windows update (http://windowsupdate.microsoft.com/).
• Apple users: use “Software update” within Finder.
• Also use and maintain up-to-date versions of applications and browser plug-ins.  Popular examples include:
• Microsoft Office: see http://office.microsoft.com/productupdates/
• Adobe Acrobat Reader: see http://www.adobe.com/products/acrobat/readstep2.html
• Mozilla Firefox: see http://www.mozilla.com
• Winzip: see http://www.winzip.com/index.htm

For detailed information on secure configuration for your computer, see your vendor:

• Microsoft: http://www.microsoft.com/security/default.mspx
• Apple: http://www.apple.com/support/security/

 

Use an internet security package

Use an internet security package from a reputable vendor. You should look for a package that includes anti-virus, anti-spyware and a personal firewall.  Anti-virus alone is not enough. Examples include:

• Microsoft: http://support.microsoft.com/gp/securityhome
• CA: http://www.ca-store.com.au 
• Checkpoint: http://www.checkpoint.com/products/za_iss/index.html
• F-Secure: http://www.f-secure.com/estore/aus/
• McAfee: http://au.mcafee.com/
• Symantec: http://shop.symantecstore.com/store/symnahho/DisplayHomePage
• Trend Micro: http://www.trendmicro.com.au/au/products/personal/index.html

# These sites are listed for your general information only. The Bank does not endorse any of the services, products or solutions provided by these companies and does not accept any liability for any loss or damage you may suffer arising out of or associated with your choice of any service, product or solution provided by these companies. You should seek independent expert advice if you have any concerns regarding what services, products or solutions may be suitable for you.

Configure your package so that it automatically scans (at a minimum):

• Incoming and outgoing email and attachments.
• Files as they are opened.
• Your entire disk, at least monthly.
• Preferably other services, if possible, such as web traffic and instant messaging.

Most high quality commercial software packages, such as those listed above, provide easy-to-use, intuitive “consoles” for the home user.  They are generally preconfigured to provide an optimum level of security, and options are easily selected using “tick boxes” or “radio buttons”.

Maintain your internet security package:

• Update the software every year or two.
• Update the signatures¹ often (eg every few days) — this should happen automatically with most packages.

¹ Most anti-virus or Internet security software packages are updated on a hourly or daily basis by the vendor.  This ensure that the software package is able to identify the latest threats.  This update process usually occurs automatically, but it is configurable by the user.  Note that this is not the same as updating the version of your software (eg changing from a 2006 version to a 2008 version).

 

Using the internet safely

• Don’t use the same password to access all sites that require a username and password. If you use a common password across different sites, then use different passwords for different classes of sites with different sensitivities. Your passwords for each of the CBA services you use should always be unique.
• Don’t click on a link unless you know where it goes — get in the habit of cutting and pasting links.
• Shop with reputable dealers and be alert to fake websites:
• Think about whether the site has the “look and feel” of security.
• Use other means, such as the phone, to verify the dealer if necessary.
• For further information, see How to shop safely online.
• Never click on an email that asks for your personal banking information (e.g. See the SCAMwatch website for examples).
• Use email spam filters to help protect you from receiving hoax/spam emails. Many Internet Service Providers (ISPs) now offer email spam filtering services, which intercept many hoax emails and prevent them from reaching your email inbox. This is an excellent way of protecting yourself from hoax emails. You may need to contact your ISP by telephone or via their website to activate spam filtering on your email account.
• Never accept links or redirections from other websites or media for the purpose of logging into the NetBank website.
• Avoid opening, running, installing or using programs or files you have obtained from a person or organisation that you do not know you can trust. Be particularly careful of unsolicited emails containing file attachments.
• Practice online “stranger danger” — if you have not met the person then be careful about trusting them.
• Always assume that a computer that you do not control (eg in cyber cafes or conferences) is unsafe for you to use for sensitive activities such as online banking.
• Be careful of the information that you post about yourself on the Internet (eg online social networks). Fraudsters can use this to conduct “social engineering” (ie they pretend to be you).
• Remember: just because something is posted on the Internet, you should not automatically assume that it is true.

 

More information

More information is available at the following websites:

• SCAMwatch
• Stay Smart Online
• Protect Your Financial Id

 

Using online banking safely

In addition to the general tips for using the internet safely, there are some specific steps that you can take to protect yourself with transacting online. These include:

• Protect your password
• Register for NetCode
• Protect your Personalised Identification Questions and Answers
• Set daily withdrawal limits
• Use NetBank carefully
• Pay attention to email alerts
• Update your mobile phone number in NetBank

 

Protect your password

• Choose a password that you will remember, but cannot be easily guessed. You can increase your password’s “strength” by including some numbers as well as letters.
• Take care when entering your password to ensure others cannot see what you are entering.
• Change your password regularly. If you ever believe someone may know your password then change it immediately. Your password is something that should be unique to you and your online financial service.
• Never write your password down, store it on your computer and/or mobile device or use any functionality that will automatically fill/complete the password field. You should memorise your passwords.
• Never tell anyone your NetBank password.  Your NetBank password is yours and yours alone.  If you contact the Bank  for assistance with using NetBank, a Bank staff member may ask you for your Telephone Banking password which you can provide (not your NetBank password). Under no circumstances should you provide your NetBank password to anyone, even to a Bank staff member.
• If you use a web browser that allows you to store secure site passwords (for example, your NetBank password), we strongly recommend you turn off this functionality. Please check the ‘Help’ menu in your browser for details on how to do this.

 

Register for Netcode

As a NetBank customer, you can enjoy the added security and convenience of our free NetCode SMS service. A 'NetCode' is a one-off password you can have sent to your mobile phone as an SMS to authorise certain NetBank transactions. View the demonstration here, including How to register for NetCode SMS.

Alternatively, we also offer a security token, a small electronic device that also delivers a NetCode. You can discuss your NetBank security options with us by calling the NetBank Help Desk on 13 2221 option 4, 24 hours a day, 7 days a week.

 

Protect your Personalised Identification Questions and Answers

If you have not registered for NetCode SMS or NetCode Token then NetBank uses your Personalised Identification Questions to authenticate certain transactions. Recently there have been fraudulent attempts to obtain the answers to these questions via hoax emails and computer viruses.

To protect your information, choose questions whose answers cannot be easily guessed — in other words, those with a large number of possible answers. A poor question would be ‘What colour is my car?’, as 70% of cars are either white, red, grey or blue. A good question would be ‘What was the surname of my first teacher?’ since no one is likely to be able to guess.

 

When to supply your Personalised Identification Answer

You should only provide the answer to your Personalised Identification Questions when you:

• Access the 'My contact details' page.
• Pay someone for the first time.
• Add a BPAY biller.
• Send money using International money transfers.
• Changes to your NetBank password.
• Access the 'Register for SMS security' page.
• Access the NetBank 'Register my token' page.

NEVER answer your Personalised Identification Questions in the following scenarios:

• In response to an email.
• Within the NetBank login screen.
• When the Personalised Identification Questions are not actually shown on the same screen.

If you encounter any of these scenarios, please call the Commonwealth Bank on 13 2221.

 

Set daily withdrawal limits

Daily withdrawal limits are set up automatically when you register with NetBank. If you don't want or need the full limit that the Bank has assigned, you can reduce the limit for third party payments, BPAY and International money transfers. Just log into NetBank, navigate to the 'Security' tab, and then select 'Payment limits'.

 

Use NetBank carefully

• Always log in directly from your browser and make sure it is via our authorised site address http://www.commbank.com.au/personal/netbank/
• Whenever you login to NetBank:
• Check that the last successful logon time reported by the service is consistent with when you last logged in.
• Look for any unusual or unauthorised transactional activity on your account and call 13 2221 if there are any transactions you are unfamiliar with or that look suspicious.
• Be careful about using NetBank from PCs other than your own, such as those at some internet cafes, which may not have up-to-date virus protection installed. If you want additional protection when using unfamiliar computers, set up an additional login with restricted access. You can set up and change Additional Logins under the 'Security' tab.
• Make sure your online session is secure by verifying that:
• “https://” is displayed on your browsers address bar.
• A padlock is displayed in the bottom right hand corner of your browser.
• A valid digital certificate has been issued to the site you are visiting. (Double click on the yellow lock to get certificate information.)

If your browser indicates that the digital certificate is not valid or if the padlock indicates that you do not have a secure connection directly to NetBank then you should contact the Commonwealth Bank on 13 2221.

• When making financial transactions online, never leave your computer unattended while the session is still active.
• Select Exit NetBank when you are finished using NetBank and if you leave your computer unattended, to avoid others accessing your account details. If you save or print account details after accessing them electronically, keep this information in a secure place or destroy it when you have finished with it.

 

Pay attention to email alerts

When you perform certain transactions on your NetBank account, we’ll send you an email to confirm that activity. You’ll receive security alerts when you any of these activities is recorded on your account:

• Online registration.
• Online password resets.
• First time third party payments.
• Requests for your NetBank client ID and additional logins to be frozen.
• Changes to any of your personal details in the 'My contact details' page.
• Adding/Deleting of billers in your biller address book.
• Any changes to entries in your account address book.
• Resetting of your identification questions and answers by the NetBank Help Desk.
• Resetting of your password by the NetBank Help Desk.
• Establishing access to International money transfers

These security alerts are automatically sent to you as a bank message and to your personal email address. To ensure that you receive them, please keep your email address up-to-date. To change your email address, login to NetBank, then navigate to the 'My contact details' page under the 'Profile and preferences' tab.

 

Update your mobile phone number in NetBank

If we notice what we consider to be any unusual NetBank activity, we will try to call you on your mobile phone or send you an SMS asking you to contact the NetBank Help Desk, so it’s important that you keep your contact details up-to-date. To change your mobile phone number in our records, login to NetBank, and under the ‘My info’ tab select ‘My contact details’.

 

 Important information

• As the advice on this website has been prepared without considering your objectives, financial situation or needs, you should, before acting on the advice, consider its appropriateness to your circumstances. View our Financial Services Guide. Terms and Conditions for these products and services are available online or from any branch of the Commonwealth Bank. The Terms and Conditions should be considered before making any decision about these products.