In order to ensure best practice security standards to protect the online communications between the financial institution and you about your personal information, both parties have important and significant roles to play at each step of the way when you use their online services. These steps and the respective roles and obligations are outlined below.
Step 1: When you use your computer to access your financial institutions via the internet
It is important that you, and only you, are able to gain access to your accounts via your computer. To assist with protecting your information, most investment financial institutions will:
- Issue you with an online identity number (‘OIN’)and PIN
- Provide a secure way for you to enter your online identity number and PIN
- Send your PIN only by mail to your registered address
- Automatically log you out of your account if you have been inactive for pre-set period of time. This prevents unauthorised people from accessing your online investing session if you leave your PC unattended without logging out.
The easiest way for someone to gain unauthorised access to your personal information is by guessing, stealing or overlooking your password, rather than by accessing your password over the internet.
To ensure the security measures of the different investment management platforms work effectively, YOU must:
- Protect your online identity number and PIN from access by others (don’t write it down or store it on your computer)
- Never click on the browser pop-up option to “Auto-Complete – remember this password” when entering your OIN and PIN
- Regularly (i.e. each month) change your PIN
- Not choose a PIN that can be easily associated with your obvious personal information
- Correctly log off from your accounts after accessing your account
- Notify your financial institution immediately if you believe your PIN has been lost or stolen, or of any unauthorised use.
Step 2: Sending your personal information via the internet
The information that is exchanged via the internet must not be read or changed by unauthorised parties. To assist with this, the majority of financial institutions:
- Provide the necessary technologies to enable them to exchange messages protected from access by unauthorised parties. This is achieved by using the strongest level of industry-accepted encryption.
- Encryption is supported by Secure Sockets Layer technology.
- Continuously monitor the system for suspicious activity and immediately follow up on any detected issues. This includes the utilisation of technology, people and best practice processes which allows the financial institution to isolate the system in the event of detected risk or vulnerability.
To ensure these security measures work effectively, YOU must:
- Install the most recent version of your preferred web browser.
- Install and regularly use an up to date, recognised virus scanner. Some viruses may be able to obtain passwords, PINs and other personal information from your computer.
Step 3: Protecting the financial institution’s systems from the internet
The systems that are connected to the internet must be protected from unauthorised access. To assist with this, the majority of all financial institutions:
- Have installed a series of sophisticated firewalls that protect their systems. A firewall is a type of computer system that recognises and accepts messages or requests from desired parties and accepts only those with appropriate authorisation.
Step 4: Storing your data on their systems
Your personal information stored on their systems must be protected from unauthorised access both from outside and within the financial institutions. To assist with this, they:
- Provide physical and technical protection for the information storage systems
- Implement and enforce rigid guidelines and policies for their own use of personal information
- Provide access to allow you to update your information
- Ensure that for changes to critical information such as your address, they receive your written authorisation prior to making a change. A large number of financial institutions also offer this online.
To ensure these security measures work effectively, YOU:
- Must keep your personal information up to date.
Step 5: Collection of information via website activity
For statistical purposes most financial institutions collect information on their website activity (such as the number of users who visit their website, the date and time of visits, the number of pages viewed, navigation patterns, what country and what systems users have used to access the site and, when entering their web site from another website, the address of that web site) through the use of our website log files.
This information on its own does not identify an individual but it does provide them with statistics that can be used to analyse and improve their website. They may also collect your personal information via your use of online forms available through their website.
It is quite common that when you access the website of a financial institution they send you a temporary cookie that gives you a unique identification number. A different identification number is sent each time you use their website. Cookies are used for the temporary storage of information that allows the financial institution to deliver online applications and customisation of the users of their website.
To evaluate the effectiveness of their websites, they may also use third parties to collect statistical data.
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your browser instructions or help screens to learn more about these functions. If you reject all cookies, you may not be able to use many of the websites of the financial institutions.
At the end of your interaction with the website of a financial institution, the cookie “crumbles”. This means it no longer exists on your computer and therefore it cannot be used for further identification or access to your computer.
Some commonly used security-related terms
Encryption: information sent is coded using random mathematical “keys” in a technique that allows only you and the website you are on to easily unscramble the information. These keys are created each time you log onto the website of the financial institution and are only used for the duration of the session.
Secure Sockets Layer (SSL): this technology allows the website of the financial institution to communicate with you in a way that prohibits data transmission from being altered or disclosed. It provides encryption and authentication. Information is encrypted to prevent unauthorised disclosures. Information is then authenticated to ensure that it is being sent and received by the correct parties. SSL
provides “message integrity” to prevent the information from being altered during interchanges between the financial institution and you. The majority of financial institutions use “128 bit” encryption which is at the highest and strongest level of encryption currently available online. For further information, you may wish to visit www.verisign.com.
Cookies: A ‘cookie’ is a packet of information that allows the applications on a website to identify and interact more effectively with your computer. For further information, you may wish to visit www.w3.org.
General Advice Disclaimer
This article contains general advice only, which has been prepared without taking into account the objectives, financial situation or needs of any person. You should, therefore, consider the appropriateness of the information in light of your own objectives, financial situation or needs and read all relevant Product Disclosure Statements before acting on the information. Whilst every care has been taken to ensure the accuracy of the material, Paradigm Strategic Planning or Sentry Advice Pty Ltd will not bear responsibility or liability for any action taken by any person, persons or organisation on the purported basis of information contained herein. Without limiting the generality of the foregoing, no person, persons or organisation should invest monies or take action on reliance of the material contained herein but instead should satisfy themselves independently of the appropriateness of such action.
Paradigm Strategic Planning Pty Ltd is an Authorised Representative of Sentry Advice Pty Ltd AFSL 227748