How we protect you
CBD continually invests in and implements the most advanced security measures to ensure all your online banking transactions with us are safe and confidential.
Some of the security features we use to safeguard your communications with CBD Online Banking are:
- Robust firewall intrusion detection and prevention technologies to prevent unauthorised access to the Bank’s systems.
- Security monitoring for suspicious activity.
- 2048 - Bit data encryption to keep your sensitive information, including messages sent via Secure Email, from being accessed by any unauthorised party.
- A time-out limit that automatically logs you off the system and ends your session. Please remember to log off completely from Online Banking if you’re not using your computer for a period of time.
- Do not disclose your Online Banking User ID and Password to anybody; we will never ask you for this information under any circumstances.
- Always access CBD Online Banking by typing the correct URL (https://www.cbd.ae) into your browser. Never click on a link in an email to take you to a website or enter personal sensitive details either in the email or website.
- Ensure that the online banking address has https:// and a secure lock icon appears at the right bottom corner of the page or next to the address in the top of the webpage.
- Do not use the “Save Password” option on your computer.
- Change passwords and PINS frequently, using appropriate channels (mobile banking, online banking etc).
- Do not save the internet banking webpage link or bookmark in browser favorites.
- Do not leave your computer unlocked.
- Stay updated on any banking transactions through your account with CBD SMS Banking.
SSL Encryption is active on the Web Server, which currently allows and supports 2048-bits encryption. Your browser will display a lock or unbroken key, indicating that you have reached the secure area.
Password and PIN security
Avoid using simple passwords or numbers associated with personal dates
Always be suspicious of unsolicited emails or calls asking you to disclose any personal details or card numbers. Please remember that CBD would never directly ask you to disclose your PIN or password information.
Please note that the financial liability will be on consumers, if they provide their password or personal identification number (PIN) to anyone or leave them written down and accessible to others to observe.
It is important to use up-to-date antivirus software and a personal firewall. If your computer uses a Microsoft Windows operating system, make sure it is updated via the Windows update feature - if you use a different PC operating system or an Apple Mac, please check regularly for updates. You should be especially vigilant on a public computer which may not have the necessary security measures in place.
Check your banking session is secure
When undertaking any banking action on the internet, check that the session is secure. There are two simple indicators that will tell you if your session is secure - the first is the “https://” in the URL, and the other is the presence of a digital certificate represented by a padlock or key in the bottom right corner or next to the address in the top of the webpage. Double clicking on this icon should provide you with information about the organisation with which you have entered in a secure session.
Always completely log off from your internet banking session
It is important to completely log off from your internet banking session; simply closing the window you were working in is not enough to close the banking session. If your computer is infected with any malicious software, your session may be hijacked by a criminal, and financial transactions can be performed on your behalf without your knowledge.
Do not store your username / password in the browsers
Remember to disable your auto-complete function on your browser, as this will make your Username and Password automatically available to anyone having access to your system. To turn this function off in Microsoft Internet Explorer browser, click the Tools menu, click "Internet Options", click the "Content" tab, and click the "Autocomplete" button. Then disable the "Usernames and passwords on forms".
Check your bank account / card statements regularly
This doesn't take long and it will help you spot any fraudulent transactions. If you notice something unusual or suspect that you have been a victim of fraudulent transaction or identity theft, please contact us immediately by calling the number on the back of your card or bank statement.
- Keep your banking correspondence secure for future reference.
- Check your last login date and time each time you login to CBD Online Banking.
- Check your account balances and statements regularly to identify any unusual transactions or activities.
- Check your statement online or SMS received after each transaction on your accounts.
Keep your One Time Password (OTP) secure
- Do not allow anyone to use or tamper with your OTP security token
- Do not reveal the OTP or OTP SMS received from the bank to anyone
Keep your Cheque Books secure
- Keep your cheque books in a safe place. If lost or stolen, inform the bank immediately
Types of online threats
- Phishing is an attempt to acquire your financial information via email by pretending to be a trustworthy entity. This includes emails from what appears to be your bank and contains links requesting you to ‘verify your account’ or ‘confirm your billing information’. Ifyou reveal your password, the attacker can access and use your account .
- Vishing is similar to phishing, but the medium used is the mobile phone. For example, an automated recording informs you that your bank account has had unusual activity and that you should call a particular number immediately. When you dial the number, you are requested to enter your account details on keypad.
- Smishing (SMS phishing) is a type of phishing attack where you receive text messages on your mobile phone with a link to a website. As soon as you click on the link, it redirects you to a fraudulent website in an attempt to obtain your Online Banking Credentials.
- Spoofing is the creation of email messages with a forged sender address. Fraudsters disguise the true origin of the email, making it appear as though it was sent from the bank.
- Key-loggers can be software and hardware key loggers. They log all the keystrokes entered on a particular computer. The keystrokes are then retrieved by criminals and used for their own purposes. A software key logger, once installed on your computer, makes a copy of all your keystrokes. Details of the keystrokes are saved to a file on your computer's hard drive where they can be retrieved by the criminal. In some cases, the key logger will send the file to the criminal’s anonymous email address.
- Malware is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems.
Identity theftWhat is it?
Fraudsters attempt to steal your personal information to use for illegal purposes like opening bank account, taking out loans, running up huge debts without paying, etc.
How does it happen?
Fraudsters steal wallets and purses containing identity documents, credit and bank cards as well as mails which include bank and credit card statements. They may also rummage through your dustbins looking for documents containing personal information or intercept personal information and shared on the Internet. Lastly, an identity thief can simply stand next to you and watch as you complete personal information on a form.
What can I do?
Steps that you can take when you have been impersonated:
- Report the matter to the UAE Police and open a case of identity fraud.
- Check your credit profile at the credit bureau to find out whether any credit enquiries have been done by companies whom you have not dealt with and confirm the account you have on your profile
- Report the matter to all companies where you have been impersonated and each company needs to conduct a victim impersonation investigation.
How to secure your mobile phone
CBD Mobile Banking Apps use various security measures and data encryption to ensure your day to day banking is completely safe with a User ID/Password, PIN and security token for high level transactions. Some of these security measures are:
- Personalised activation/registration process with unique one time password code
- Secure registration process using CBD Online Banking credentials
- Multilevel checks using personal password/PIN or security token
The ability to control your beneficiaries by adding or removing utility bills, internal and external payments details through synchronisation from CBD Online Banking through receiving an OTP (one time password) notification on your mobile.
Mobile security tips
Smartphones make up an integral part of our lives these days. With mobile payments and banking becoming increasingly popular, it is important that you apply the same security measures to your mobile phone as you would to your computer. In the wrong hands, your mobile phone could give the wrong person access to your accounts and ultimately your money. Keeping your phone updated and secure is the first step towards real mobile security.
- Lock your phone when not in use. Password-protect your device so that nobody else can use it or view the information. Also be sure to store your device in a safe location.
- Call us on 600 575 556, if you have lost your phone and we will disable your mobile banking user ID and password temporarily. In case you have changed your mobile phone number, please let us know and we will update your contact details.
- Clear mobile frequently by deleting text messages from financial institutions, especially before sharing, discarding or selling your device.
- Never disclose via text message any personal information (account numbers, passwords, or other personal information) that could be used for ID theft.
- Always download apps from trusted sources.
- Keep your phone's Operating System (OS) and apps updated.
- Do not store passwords or accounts numbers on your mobile phone.
- Limit the amount of personal details or contact information that you store in your phone, as criminals may be able to retrieve them if you happen to lose your phone.
- Make a note of your phone's IMEI number (dial *#06# to get it). This makes it easier to disable a stolen phone.
- For iPhone users, never jail-break or crack the device. Activate encrypted backup in iTunes, and turn on the passcode lock for the phone.
- For Android users, never root or crack the device.
- Never use any proxy or VPN software paid/free while accessing your mobile banking and online banking.
SIM swap fraud
Under SIM swap fraud, fraudsters manage to get a new SIM card issued against your registered mobile number through the mobile service provider. With the help of this new SIM card, they get One Time Password (OTP) and alerts, required for making financial transactions through your bank accounts.
How do fraudsters operate?
Step 1 : Fraudsters gather customer's personal information through Phishing, Vishing, Smishing or any other means.
Step 2 : They then approach the mobile operator and get the SIM blocked. After this they visit the mobile operator's retail outlet with the fake ID proof, posing as the customer.
Step 3 : The mobile operator deactivates the genuine SIM card and issues a new one to the fraudster.
Step 4 : Fraudster then generates One Time Password (OTP) required to facilitate transaction, using the stolen banking information. This OTP is received on the new SIM held by the fraudster.
How to protect yourself from fraud:
- If your mobile number has stopped working for a longer than usual period, enquire with your mobile operator to make sure you haven't fallen victim to the scam.
- Register for SMS and any other alert mechanism available to stay informed about the activities in your bank account.
- Regularly check your bank statements and transaction history for any irregularities.
Preventing card fraud
Credit card security
We monitor your account 24/7 for any suspicious or out of the ordinary activity and will contact you straight away if we notice anything unusual. If your card is lost or stolen or you notice any unusual transactions on your account, make sure you contact us immediately on 600 575 556.
What to look out for
There are various frauds linked to stealing your money and credit card details for unauthorized purchases:
- Card not present fraud - Fraudsters may access your credit card details from old receipts to purchase high value items on the internet or phone where the retailer does not need to see the card to authorize the purchase, for example: card not present.
- Cash machine (ATM) fraud - Devices are planted in cash machines by fraudsters in order to skim the card details and use them for unauthorized purchases at a later date. The fraudster may also be watching at the cash machine to steal your card and PIN.
- Counterfeit fraud - Counterfeit is a term used to describe the manufacture of a credit card so it looks like a genuine card. Genuine credit cards are then “skimmed” and the details duplicated onto the counterfeit card via the magnetic strip.
- Mail not received fraud - Cards are stolen in the post before the cardholder receives them and used for fraudulent purchases.
How we protect you
Keeping your financial and personal information secure is our highest priority. We use the most sophisticated levels of technology and processes to protect your privacy and security and prevent fraudulent transactions on your credit card.
Verified by Visa and MasterCard SecureCode
What is 3D Secure Authentication?
- MasterCard SecureCode™ and Verified by Visa™ (also known as 3D Secure Authentication) are the leading security systems for authenticating credit card transactions online, so you can feel confident when using your credit card for purchases over the internet.
How does 3D Secure Authentication work?
- 3D Secure Authentication protection is provided automatically with your credit card with no need to register or create a password to benefit from this added layer of security. The majority of online transactions will be automatically processed, however from time to time you may be prompted for additional information linked to your account to authorize the purchase.
Why do I need 3D Secure Authentication protection?
- Your account information will be protected when you use your card for purchases online, so you can shop quickly and conveniently without compromising your security.
Zero fraud liability
If your CBD card is used without your knowledge or consent, you will not be liable for fraudulent use. So it is important you contact us immediately if you think your card has been lost or stolen, or if you notice any unusual transactions on your account.
Important tips when using your card:
- Sign your card as soon as you receive it
- Review your account statements on a timely basis
- When shopping online, only place orders with your card on a secure website
- Don't send emails that quote your card number and expiry date
- Ensure that you get your own card back after every purchase
- Never write down your PIN or disclose it to anyone
- Report lost and stolen cards immediately
- Destroy your credit card receipts before discarding it
- Never let the card out of your sight.
Get a new card:
- If you lose your card or if it is stolen then call us straight away on 600 575 556 —remember to keep this number safe or save it in your mobile phone for future reference.
- If delivery of a new card seems slow, query it with your bank immediately.
- Destroy old cards by cutting through the magnetic strip.
- Make sure your post is secure and that you know when to expect your credit cards if you have ordered new ones. If you don't receive your statement or card, or your mail appears to have been tampered with, please call CBD immediately on 600 575 556.
Card Verification Code (CVC):
- The CVC code is a unique feature of Visa and MasterCard cards and an added layer of security. It includes a 3 digit number on the back of your card (usually on the signature strip).
ATM security tips
Shoulder surfing card and PIN safety
What is it?
Criminals distract you while you are entering your personal identification number (PIN), with the pretense of either wanting to assist client as the ATM is not working correctly or leaving a slip. They then swap your card. This is done so quickly that very often you are unaware that you no longer have your own card. The customer then assumes that the ATM has retain the card.
What can happen?
What can I do?
Here are some of the ways by which you can protect yourself every time you use your ATM:
- Never disclose your Personal Identification Number (PIN) to anyone.
- Never write your PIN or Password on your ATM card or Credit card. Memorise your PIN or Password.
- Never use an ATM with a blank screen.
- Do not force your card into the card slot.
- Stand close to the ATM and use your body and hand as a shield to make sure nobody sees you keying in your PIN.
- Keep your hand over the card slot to make sure nobody can swap or take your card.
- Only put in your PIN when the ATM tells you to do so.
- Avoid drawing cash late at night or when you are alone.
- Leave the ATM immediately if you don't feel safe or you are suspicious of individuals loitering around. Come back later or use another ATM.
- Never accept help from strangers when using an ATM. Always be wary of strangers asking for help. While one distracts you the other steals your card and money.
- If the ATM retains your card, cancel it immediately.
- Never allow a bystander to call the toll-free number on your behalf - they could be tricking you into thinking your card has been stopped.
- Always check that it is your card you get back from the ATM.
- Be aware of the daily withdrawal limits on each of your cards and decrease them if necessary.
- When using your cards at ATM's be alert that there are no additional devices affixed on the card reader slot or keypad, and also ensure that no one can see you punch the PIN number on the ATM keypad.
- Report lost or stolen cheques, ATM cards, or credit cards as soon as you discover they are missing.
How to report a suspicious activity
Take control of your security
Remember: we will never request your password, account or confidential information over the phone, via email, SMS or social media. We will also never direct you to a site to input your username and password. Your password and PIN are private to you – never reveal them to anyone.
If you think you may have disclosed your account details to a suspicious party, contact us immediately by calling 600 575 556 or email to email@example.com