Start Speaking

Please check your microphone and audio levels.

Search the website

Choose your website / عربي

Choose your language

التغيير الى العربية English

Emirates NBD International

United Arab Emirates
English - عربي

Saudi Arabia
English - عربي

Egypt
English - عربي

Singapore
English - عربي

United Kingdom
English

India
English

Our Websites

SkyShopper.com
English

Emirates NBD Asset Management
English - عربي

Emirates NBD Research
English

Emirates NBD Securities
English - عربي

Emirates NBD Properties
English - عربي

ENBD Reit
English - عربي

KSA Capital
English - عربي

Privacy & Security
Safeguarding your information is a shared responsibility

Our security procedures and Code of Ethics ensure utmost confidentiality at all times of the information you entrusted to us. However, you also play an important role in keeping this information secure. Browse through the tabs below to find what you can do to enjoy banking convenience with absolute peace of mind.

Fight Fraud

Fraudsters could be targeting you – Together Against Fraudsters

As Emirates NBD, we thrive in providing our customers the finest banking experience, it’s also our goal to ensure that they are safe from frauds. The UAE Banks Federation and the Central Bank of the UAE have created a Public awareness campaign against Fraud for the United Arab Emirates region.

If you believe that you are a victim to fraud, report your case to UAE Banks Federation:

Types of fraud

Report Fraud

Advance Fee Fraud

Say no to advance fees. No legitimate company will ask you for an advance fee.

Advance fee frauds are very common and vary in type, style and delivery but all are after the same thing to get you to pay time and time again for non-existent funds or large sums of money or goods. The people who operate these scams are professional at it and will provide you with what appear to be plausible and realistic scenarios.

Identity Fraud

Protect your identity, online and offline.

Identity fraud can be described as the use of another person's personal information, without his/her consent or authorization, to commit a crime or to deceive or defraud that other person or a third person. The stolen identity is used in criminal activity to obtain goods or services by deception.

Most identity fraud is committed in the context of financial advantage, such as accessing a victim's credit card, bank or loan accounts or opening a new credit card account in the victim's name, and then charging purchases to that account, or entering into a loan agreement in the victim's name.

The e-mail and SMS Fraud

How to protect yourself from Email and SMS fraud?

Fraudsters will send you e-mails or SMS trying to scare you by saying:

Your account, Debit Card or Credit Card has been frozen or blocked
You cannot deposit or withdraw money from your account
You need to verify your account and provide confidential data such as Debit Card, Credit Card numbers and PIN

They will further pressurize you to share your confidential account information over a link or by phone.

Please remember that the Bank will never send you such e-mails or SMS.

The Lottery Fraud

Protect yourself from bogus prizes from fraudsters.

Fraudsters will tempt you with winnings by e-mail, phone or SMS:

You have won a car!
You have won a cash prize!
You have won a trip!

They will persuade you to share your confidential bank and card details to claim your prize.

Please remember that the Bank will never ask for your confidential details.

The ATM Fraud

How to stay vigilant when you withdraw/deposit your cash at the ATM?

Fraudsters will try to cheat you out of your money by:

Trying to distract you to capture your Card or PIN details
Installing a small camera to steal your details

Be alert

Look at the ATM for unusual signs or changes
Cover the PIN pad when entering your PIN

Sim Swap Fraud

If your mobile phone doesn’t have a network, immediately check with your telecom service provider.

Fraudsters will try to trick you by:

Impersonating you to obtain a replacement SIM card from your telecom service provider
Use the replaced SIM card to reset your Online and Mobile Banking User ID and Password to steal your funds

Be alert

If your mobile phone does not have a network, check with your service provider immediately
If your service provider confirms issuance of replacement SIM card, register a complaint and check your bank account immediately

e-mail Redirection/Fund Transfer Fraud

Always check all characters in an email ID.

Fraudsters will:

Send you an e-mail from an e-mail ID similar to that of your business associates
They will inform you about a change in their bank account number
Share a different IBAN or Account and ask you to transfer funds
Change the contact details in the e-mail to manage any callbacks

Be alert

Always check all characters in an e-mail ID
If the e-mail directs you to send money in a different IBAN or Account, please call your client to confirm
Do not call your clients from the numbers mentioned in the e-mail

Vanishing Ink or Magic Ink

Use your own pen when you fill in your details on a bank form/cheque.

Fraudsters will:

Approach you as a Bank representative and offer various loans or products
Collect your documents including the latest Bank statements
Fill the application form and Security Cheque using Vanishing or Magic Ink pen and ask you to sign in using your pen

Be alert

Never issue a blank Cheque and do not let anyone fill in the security Cheque
Always fill in the beneficiary name and make it ‘Account Payee’ with your own pen
Always cross-check the credentials of the individual representing the Bank by checking his official Photo ID card
When in doubt, contact the Bank’s Call Centre

Data Privacy Fraud

Never share financial information such as bank account details and credit card numbers, ATM PIN etc.

Fraudsters will try every trick to:

Make you share financial information through e-mail or phone calls or Social Media
Send you malicious links, which may download malicious content on your computer or ask you to download an App on your mobile
Downloading the same can steal your data without your knowledge
Your information can be misused to impersonate you and to obtain financial products or facilities

Be alert

Limit the information you share on Social Media platforms. Do not make your personal details visible for everyone on Social Media
Create strong and complex passwords and change them frequently
Do not download unknown Apps
Do not respond to unsolicited calls or text messages
Remember, the Bank will never ask for your confidential details

Phone Fraud

Do not respond to unknown or unsolicited calls.

Fraudsters will call you:

Impersonating as Government Agencies, Banks, etc. and mention some of your information available on Social Media platforms to gain your trust
They will create a sense of urgency that you have missed a deadline and demand immediate action
They can also use threats to revoke a business license or close an account
They will persuade you to share your confidential information

Be alert

Do not respond to unknown or unsolicited calls
If you are told of a dire action on your bank account, contact the Bank’s Call Centre and verify the same
Do not share any confidential information such as Username, Password, PIN, three-digit CVV number or OTP with anyone over the phone or otherwise

#SecureYourAccount

Protecting your identity matters at all times. Our latest film, "It Wasn't Me", was created in collaboration with Dubai Police and brings you the do’s and don’ts of keeping your identity and bank account secure at all times.

Watch the film to find out all the things a bank won’t ask, but a fraudster will.

We're here to help.

#SecureYourAccount at all times.

Anti-Fraud Awareness
Committed to keeping you safe and informed

We engage our customers with constant awareness campaigns to secure their accounts. Our #DontTakeTheBait campaign highlights smart ways on how to protect yourself and secure your personal data amidst the growing threat of scams and malicious frauds.

Writing the 4-digit year on cheques

In line with our continuous efforts to increase awareness about financial security, we kindly advise you to be careful while writing the date on your cheque.

As per UAE central bank advice, we recommend that you write the complete 4 digits of the year instead of 2 digits when issuing cheques. For example, 1 March 2020 instead of 1 March 20. This will ensure any fraudulent activities such as manipulation of the cheque date are avoided.

Vishing
Be vigilant, do not disclose your personal information over the phone to anyone

Short for voice-based-phishing, 'Vishing' is a criminal mechanism where people are lured to share their personal identity data and financial account credentials over the telephone, either to an Interactive voice response (IVR) machine or a person.

These calls always try to convince bank customers that there's an issue with their banking account or debit/credit card or that they won a big amount in a lottery/draw, which lure them to share personal details with them over the call.

Phishing
Be aware of spam emails, verify the source is safe before clicking on links or email attachments

Phishing is a cybercrime in which a target or targets are contacted by email, by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

It uses deceptive e-mails and websites to gain this personal information that is then used to access important accounts and can result in identity theft and financial loss.

Card Skimming
If you have any doubt about the authenticity of the ATM or the POS machine, do not use it

Card skimming is the act of using a skimmer to illegally collect data from the magnetic stripe of a credit, debit or ATM card. These skimmers are installed in ATM or POS machines. This information, copied onto another blank card's magnetic stripe, is then used by an identity thief to make purchases or withdraw cash in the name of the actual account holder.

Check the ATM or the POS machine for any abnormalities and look for any unusual or strange additions to the machine.

Security Tips

Safeguard your details and protect yourself from identity fraud

Email Security Tips

Use your email safely by keeping in mind the following

Learn to spot fake emails and fake websites

They set them up to con people into giving away passwords and bank details. The technical word for this is 'phishing'.

For example, they might send you an email that looks like it comes from us and it might contain a link to a website that looks like this one. When you try to log on, they can steal your password. They could also ask you to make a phone call or reply by email.

They are good at making their emails and websites look realistic. But you can often spot the fake ones:

Dodgy looking email or web addresses
Poor design, typos or bad spelling
They ask you to do something unusual
A site doesn't display the padlock symbol in the address bar when you log in

If in doubt, check with us first. Avoid clicking on links in emails. A starting point on protecting yourself online is to use the software we refer to from this site. Rapport software and up-to-date web browsers block fake websites.

Minimise the use of attachments

Copy and paste text as often as possible.

Question unsolicited documents

Unsolicited bulk mail and commercial email can put you and your organisation at risk. Questioning it means not opening it, not passing it on, and notifying your system administrator immediately.

Never respond to spam email

For a spammer, one "hit" among thousands of mailings is enough to justify the practice. Instead, if you want a product that is advertised in a spam email, go to a Web site that also carries the product, inquire there, and tell them you do not approve of spam methods and will not patronize a company that uses spammers.

Never respond to the spam email's instructions to reply with the word "remove"

This is just a trick to get you to react to the email -- it alerts the sender that a human is at your address, which greatly increases its value. If you reply, your address is placed on more lists and you receive more spam.

Never sign up with sites that promise to remove your name from spam lists

These sites are of two kinds: genuine AND spam address collectors. The first kind is ignored (or exploited) by spammers, and the second is owned by them. In both cases your address is recorded and valued more highly because you have just identified it as read by a human.

Question executable programs received via email

This is a common means for passing on viruses. Do not open them, do not pass them on, and notify your system administrator if you receive them.

Disable macros on your machine

To do this, you will need to open the application. On Word 2000, select Tools, then select Macros, then select Security, and then checked High: Only signed macros from trusted sources will be allowed to run. Unsigned macros are automatically disabled

Make sure that file extensions are viewable

This will alert you to files of the following types: .exe, .vbs, and .shs. To view file extensions in Windows select the Start menu, then select Settings, then select Control Panel, then select Folder Options, then select View, then UNCHECK the command that reads Hide File Extensions for Known file Types.

Notify the person you received an infected file from

This helps them correct the problem within their system before passing the virus on to other users.

Monitor your transactions.

Review your order confirmations, credit card, and bank statements as soon as you receive them to make sure that you are being charged only for transactions you made. Immediately report any irregularities.

Don't reply to any e-mail that requests your personal information.

Be very suspicious of any business or person who asks for your password, PIN (Personal Identification Number), or other highly sensitive information.

Keep your virus protection up-to-date

If you experience anything that arouses your suspicions, please intimate our call center representative on +971 4 3160316

ATM Security Tips

Here are some of the ways by which you can protect yourself every time you use your ATM

You should always be aware of the security when using an ATM and should always follow these general tips to ensure your personal information is kept safe:

Never disclose your Personal Identification Number (PIN) to anyone.
Never write your PIN or Password on your ATM card or Credit card. Memorise your PIN or Password.
Never use an ATM with a blank screen.
Do not force your card into the card slot.
Stand close to the ATM and use your body and hand as a shield to make sure nobody sees you keying in your PIN.
Keep your hand over the card slot to make sure nobody can swap or take your card.
Follow the instructions on the ATM screen carefully.
Do not insert your card until asked to do so by the display screen.
Only put in your PIN when the ATM tells you to do so.
Avoid drawing cash late at night or when you are alone.
Leave the ATM immediately if you don't feel safe or you are suspicious of individuals loitering around. Come back later or use another ATM.
Never hurry when using an ATM. Make sure you are not distracted, intimidated or rushed into your transaction.
Never accept help from strangers when using an ATM. Always be wary of strangers asking for help. While one distracts you the other steals your card and money.
Do not count your cash in front of the ATM.
Avoid using ATMs in secluded areas after dark.
If the ATM retains your card, cancel it immediately.
Never allow a bystander to call the toll-free number on your behalf - they could be tricking you into thinking your card has been stopped.
Always check that it is your card you get back from the ATM.
Be aware of the daily withdrawal limits on each of your cards and decrease them if necessary.
When using your cards at ATM's be alert that there are no additional devices affixed on the card reader slot or keypad, and also ensure that no one can see you punch the PIN number on the ATM keypad.
Report lost or stolen cheques, ATM cards, or Credit Cards as soon as you discover they are missing.

Online Banking Security

Protect your information every time you use

You have to protect your information at all times be it over the internet or during your normal banking activities by simply following these tips:

Protect your Password and Personal Information:

Do not use passwords that are easy to guess, e.g. your name, your date of birth, your telephone number(s), etc.
Use a combination of upper and lower case letters as well as numbers.
Do not use share your password with anyone and do not use the same password for other websites.
Change your password frequently and never write it down.
Always log into Internet Banking via our sites at the following addresses: www.emiratesnbd.com and not through other links.
Avoid logging into Internet Banking from Internet Cafes, Libraries or public sites.
Always close the window once you have logged out of your Internet Banking session.
Important: No one at Emirates NBD will ever ask you for your internet banking password. If someone does ask you for it, they do not represent the Bank and you should not under any circumstance provide this information.

Protect your Computer and Internet session:

Never share your computer.
Use a password on your PC to prevent unauthorised access to your information.
Be wary of opening email messages from untrustworthy sources, especially if they contain attachments.
Do not reply to emails that request your personal information. They may appear to come from a trusted friend or business, but they are designed to trick you in disclosing sensitive personal information.
Use personal firewalls and anti-virus software.
Avoid downloading software such as screen savers, desktop themes, games, and other executable type programs from websites that are obscure or unidentifiable. These programs may contain Trojan viruses that would enable hackers to monitor or take over your PC.
Disable all unnecessary services running on your computer.
Always verify that the site is the genuine Emirates NBD site.
Do not leave your internet banking session unattended at any time.
Before you start your internet banking session, ensure that all other internet sessions are closed. If your internet banking session is open we recommend that you do not open other internet browsers at the same time.
Please contact our Customer Service Helpdesk on +9714 3160316 in case you receive fraudulent emails or require any assistance using our Internet Banking service.

Reporting Fraud

Follow the below guidelines if you faced fraud

Contact your bank(s) and credit card issuers immediately to ensure the following are done:

Access to your accounts can be protected
Stop payments placed on missing cheques
Personal Identification Numbers (PINs) and Online Banking Passwords changed
Be sure to indicate to the bank or issuer all the cards and/or accounts potentially impacted, including your ATM cards and credit cards.
Review all recent transactions on your accounts linked to those cards. Additionally, ensure that no one has requested an address change, title change, PIN change, or ordered new cards or checks to be sent to another address when appropriate.

Maintain a written chronology of what happened, what was lost, and the steps you took to report the incident to the various sources. Be sure to record the date, time, contact telephone number, person you talked to, and any relevant report or reference number and instructions.

For further information or queries, please call 600 54 0000

Sim Swap

Protect yourself from online & mobile banking SIM Swap fraud

Emirates NBD Digital Banking Services use the latest technology standards to protect your credentials from ever-evolving digital threats. However, as customers it is equally important for you to be aware of the potential threats and take necessary actions to protect yourself.

SIM SWAP is one such threat that you need to be aware of and be careful about while using digital banking. Fraudsters try to get control of mobile numbers to obtain authorization codes sent by banks to access digital channels and authorize financial transactions. Find out what SIM SWAP is and how you can protect yourself from fraudsters.

What is SIM SWAP? How does 'SIM Swap' fraud happen?

SIM SWAP is where a fraudster compromises telecom operator processes and gets the SIM Card of your registered mobile number without your knowledge and authorization. In these cases, fraudsters use fake documents to get the SIM CARD and use it in their mobile handsets. This enables them to access SMS Authorization codes sent by banks for financial transactions.
There are many ways that fraudsters use to get your personal information. They may use phishing emailing or SMS techniques to get your Emirates ID/Visa or Passport number, legal name, date of birth, address and registered mobile numbers at the bank. Alternatively, they might collect your data from public websites or your social media accounts. They will then contact your service provider on your behalf to reactivate a new SIM card claiming your SIM card is lost or damaged.
As a result, all calls and text messages will be directed to the fraudster’s phone, including one-time passwords for banking transactions. After receiving a one-time password SMS, the fraudster tries to access your digital banking credentials and conduct financial transactions.

How to detect a potential threat and protect yourself?

You can protect yourself by following the below steps:

To avoid any SIM Swap fraud activity, we highly encourage you to use Smart Pass feature available through our online and mobile banking platforms. By using Smart Pass you can authorize your online/mobile banking transactions independently from your local or international telecom operator. Click here to know more about Smart Pass.
If you stop receiving calls or texts and you don't know why, check with your mobile operator immediately.
Don’t share your online/ mobile banking passwords or any other personal credentials with anyone. Remember, Emirates NBD never asks for your credentials and personal information through SMS or e-mail and never reply to e-mails or SMS that asks you to do so.
Do not install applications from unknown sources to your mobile devices or your computer. Please make sure that you are using a trusted anti-virus software to protect your devices from potential viruses and malwares.
We send all transaction details to you through SMS or email. Please keep a close eye on your financial transactions.
In case you suspect fraud or notice any suspicious transaction, call us immediately on +971 600 54 00 00, and as a precautionary measure, change your online/ mobile banking password, registered e-mail & mobile phone number with the bank immediately.
Refrain from publishing your personal details such as your phone number, date of birth or details that you have provided to financial institutions for verification purpose on any of the social media platforms.
Try to use a different e-mail address for your financial transactions and your social media accounts.

Update your browser

Modern browser software adds protection against fake websites.

The program you use to look at websites is called a web browser. Modern browsers warn you if you visit fake websites and it is harder for viruses to infect them.

If you have updated your computer regularly, it is likely that you are already running either the latest version of Microsoft Internet Explorer / Google Chrome / Mozilla Firefox (on Windows PCs) or Safari (on Macs). It is a good idea that you install an up-to-date web browser. There are several to choose from and they are all free.

Keep your software up-to-date

It's harder for viruses to infect updated software.

You can check if your Windows computer is up to date in the Action Center in Windows 7. For Windows 10, the Update & Security link is located in the Windows Settings menu.

The criminals who create viruses take advantage of software bugs to infect computers.
Software companies fix bugs with free downloadable updates.
It is a good idea that you install updates for your software as soon as they become available.
Be wary of fake emails about bogus updates. Use the update software that comes with your computer - don't click on links in emails. As well as your computer software, other programs need updating. This includes your web browser and the applications you use. Most modern software will check for updates automatically. You may want to install them as they become available.

Don't share private information online

Double-check privacy settings on social networking sites.

What's your mother's maiden name? What's the name of the first school you went to? What was your favourite subject at school? What's your address? Birthday? Phone number?

All this information is useful to people who want to steal your identity or break into your online banking. You wouldn't give this information away to a stranger on the street but if you use social networking sites, such as Facebook, Twitter or MySpace, you could be over-sharing personal data.

You may want to think carefully about the information you put into your profiles on sites like these. It is also a good idea that you check the privacy settings on each site that you use to make sure you only share personal information with people you trust.

Please also remember that you must take all reasonable precautions to keep your details safe and prevent any unauthorised use of any cards and security details. If any information forms part of your security details, you should make sure that you do not disclose it to anyone else - see terms and conditions that apply to your account(s) for more detail.

Look after your paper statements

Fraudsters use personal information from different sources to steal people's identities.

Viruses are one way to do it. But they also use paper documents of your accounts containing personal details, such as receipts and bank statements.

Fraudsters use many methods such as searching in dustbins to obtain these documents. You should take simple precautions to keep your details safe and to dispose of these documents safely, such as shredding them before you bin them.

Understand how criminals use the internet

Criminals are in it for the money

There are many ways for them to make money online:

Steal your passwords and bank details with viruses, fake emails and fake websites
Ask you to provide security details
Send spam with bogus offers and products
Take over your computer and use it to attack other people's computers
Use viruses to display unwanted adverts on your PC

We take your online banking security and privacy very seriously. Protecting yourself and your money takes a bit of know-how and the right software.

Avoid online fraud and con tricks

If it's too good to be true, it probably is

When it comes to protecting yourself and your money on the internet be wary of ridiculous deals.

Criminals may contact you by email, through websites you use, via SMS or even by phone. It pays to be on your guard as they can be quite convincing.

Here are some warning signs:

Big promises: 'You have won the lottery'
Big threats: 'Your account has been hacked'
A false sense of urgency: 'Act now or it'll be too late'
Unnecessary secrecy: 'Don't tell anyone'
There is no reason for them to contact you. Did you even buy a lottery ticket?
'Business opportunities' that involve holding or receiving money for strangers

If an attachment looks suspicious, don't open it. Don't install software unless it comes from a website you trust. If it doesn't feel right, take your time.

If you suspect that there is a problem with your online banking, you can always talk to us first.

Protect your mobile phone

Your mobile phone may contain personal information.

You may even use it for internet banking and online shopping.

You may want to think about:

Setting and using a security PIN code
Adjusting the phone settings so that it locks automatically if you don't use it for five or ten minutes
Not storing passwords or other sensitive information on your phone in a way that can be understood by someone else
Not storing your home phone number and address under ‘home’ in the contact list (you wouldn't want a thief to be able to know your address and be able to check if you're home)
Be wary of voicemail and text message scams
Clicking on links in text messages can be risky - be careful

If you lose your phone report it to your mobile phone provider immediately. Make a note of your phone's IMEI number (dial *#06# to get it). This will make it easier for your phone company to disable a stolen phone.

What are people asking?

How does the BankNet session take place?

A session is started when the authorised subscriber uses his or her browser to send a secure message via SSL to BankNet server. For this purpose he uses the customized password along with his User ID. The BankNet server verifies this data and responds by authenticating the customer and initiating session encryption.

Once the BankNet session is securely established, Emirates NBD's computer processes and routes the transaction data using internal protocols. This prevents other Internet users from proceeding past bank's series of firewalls and filtering routers.

BankNet protects financial transactions through a number of barriers that prevent unauthorized access. The first barrier is a system of filtering routers and firewalls, which separate the outside Internet from bank's internal network. The filtering router verifies the source and destination of each Internet packet, and determines whether or not to let the packet through. Access is denied if the packet is not directed at a specific, available service. In addition, the filtering router prevents many common Internet attacks.

In addition, the firewall is the only server in the Bank's network that communicates via TCP/IP - the Internet's communication protocol. No internal Online transaction processing systems are reachable using TCP/IP. This prevents unauthorized users from accessing any transaction data from the Internet.

The information is passed between the bank's main computer and the customer's PC after it is duly encrypted using the highest possible encryption.
Why are security features necessary?

Security is the first and foremost requirement of Online banking because the Internet is inherently unsecured. Millions of computers form a public network where communications can be intercepted. As data moves from sender to receiver, it almost always has to travel through several other connections. This is called routing. During routing, computers other than the sender and receiver can access the data. Even computers not directly involved in routing can access the data. Security is therefore a critical component of any Internet application
What are the basic security risks of Internet communications?
Sending data across a network involves three basic security risks:
- Eavesdropping - intermediaries listen in on private conversations (one computer talking to another).
- Manipulation - intermediaries change information in a private communication.
- Impersonation - a sender or receiver communicates under false identification.
How does security technology protect against these risks?
Current browsers counter security threats with a network communication protocol called Secure Sockets Layer (SSL). SSL is a set of rules that tells computers the steps to take to improve the security level of communications. These rules are designed for the following:
- - Encryption, which guards against eavesdropping
- - Data integrity, which guards against manipulation
- - Authentication, which guards against impersonation
However, these effects protect your data only during transmission. That is, network security protocols do not protect your data before you send it. Just as you trust merchants not to share your credit card information, you must trust the recipients of your online data not to mishandle it.
To what degree can SSL security protect me?

SSL uses authentication and encryption technology developed by RSA Data Security Inc. The encryption established between you and a server remains valid over multiple connections, yet the effort expended to defeat the encryption of one message cannot be leveraged to defeat the next message.

A message encrypted with 40-bit RC4 takes on average 64 MIPS-years to break (a 64-MIPS computer needs a year of dedicated processor time to break the message's encryption). The high-grade, 128-bit U.S. domestic version provides protection exponentially more vast. The effort required to break any given exchange of information is a formidable deterrent. Server authentication uses RSA public key cryptography in conjunction with ISO X.509 digital certificates.

How does the BankNet session take place?

A session is started when the authorised subscriber uses his or her browser to send a secure message via SSL to BankNet server. For this purpose he uses the customized password along with his User ID. The BankNet server verifies this data and responds by authenticating the customer and initiating session encryption.

Once the BankNet session is securely established, Emirates NBD's computer processes and routes the transaction data using internal protocols. This prevents other Internet users from proceeding past bank's series of firewalls and filtering routers.

BankNet protects financial transactions through a number of barriers that prevent unauthorized access. The first barrier is a system of filtering routers and firewalls, which separate the outside Internet from bank's internal network. The filtering router verifies the source and destination of each Internet packet, and determines whether or not to let the packet through. Access is denied if the packet is not directed at a specific, available service. In addition, the filtering router prevents many common Internet attacks.

In addition, the firewall is the only server in the Bank's network that communicates via TCP/IP - the Internet's communication protocol. No internal Online transaction processing systems are reachable using TCP/IP. This prevents unauthorized users from accessing any transaction data from the Internet.

The information is passed between the bank's main computer and the customer's PC after it is duly encrypted using the highest possible encryption.
Why are security features necessary?

Security is the first and foremost requirement of Online banking because the Internet is inherently unsecured. Millions of computers form a public network where communications can be intercepted. As data moves from sender to receiver, it almost always has to travel through several other connections. This is called routing. During routing, computers other than the sender and receiver can access the data. Even computers not directly involved in routing can access the data. Security is therefore a critical component of any Internet application
What are the basic security risks of Internet communications?
Sending data across a network involves three basic security risks:
- Eavesdropping - intermediaries listen in on private conversations (one computer talking to another).
- Manipulation - intermediaries change information in a private communication.
- Impersonation - a sender or receiver communicates under false identification.
How does security technology protect against these risks?
Current browsers counter security threats with a network communication protocol called Secure Sockets Layer (SSL). SSL is a set of rules that tells computers the steps to take to improve the security level of communications. These rules are designed for the following:
- - Encryption, which guards against eavesdropping
- - Data integrity, which guards against manipulation
- - Authentication, which guards against impersonation
However, these effects protect your data only during transmission. That is, network security protocols do not protect your data before you send it. Just as you trust merchants not to share your credit card information, you must trust the recipients of your online data not to mishandle it.
To what degree can SSL security protect me?

SSL uses authentication and encryption technology developed by RSA Data Security Inc. The encryption established between you and a server remains valid over multiple connections, yet the effort expended to defeat the encryption of one message cannot be leveraged to defeat the next message.

A message encrypted with 40-bit RC4 takes on average 64 MIPS-years to break (a 64-MIPS computer needs a year of dedicated processor time to break the message's encryption). The high-grade, 128-bit U.S. domestic version provides protection exponentially more vast. The effort required to break any given exchange of information is a formidable deterrent. Server authentication uses RSA public key cryptography in conjunction with ISO X.509 digital certificates.
To what degree can Browser security protect me?
The Internet is inherently unsecured. No security method can make claims of impenetrability.
- Always use the latest versions of software. Regardless of vendor, users of network should always ensure that they have the latest version of an application. The discovery of a security flaw is one of the most significant reasons for vendors to release new versions of software.
- Use the highest security version of your software. Customers who use Internet Explorer 3.02 can download the 128-bit add-on from the Microsoft web site. This software uses a 128-bit key that provides stronger security than the 40-bit key.
How does BankNet security protect me?
Emirates NBD is committed to provide the safest Online banking service to our valued customers so that all transactions involving financial and customer data are conducted in a safe and secure environment. Without thorough security, information transmitted over the Internet is susceptible to fraud and other misuse by intermediaries. Information travelling between your computer and a server uses a routing process that can extend over many computer systems. Any one of these computer systems represents an intermediary with the potential to access the flow of information between your computer and a trusted server. You need security to make sure that intermediaries cannot deceive you, eavesdrop on you, copy from you, or damage your communications.

Adequate security features are in-built into our BankNet to protect our customers. We use 128-bit encryption, the highest encryption security currently available, which earlier was restricted to Canada and US, but are now available to Banks outside the US in selected countries. Additional security comes with the User ID and Password, which are provided to you by the bank to access your account. The information, which you enter, passes through 128-bit encryption.

Microsoft Internet Explorer with 128-bit encryption uses:
- Server authentication (thwarting impostors)
- Privacy using encryption (thwarting eavesdroppers)
- Data integrity (thwarting vandals)
- Firewall is used to protect data in Emirates NBD's main computer and only authorised persons have appropriate access to the data in our system.
- The SSL protocol delivers server authentication, data encryption, and message integrity. SSL is layered beneath application protocols such as HTTP, SMTP, Telnet, FTP, Gopher, and NNTP, and layered above the connection protocol TCP/IP. This strategy allows SSL to operate independently of the Internet application protocols.
- With SSL implemented on both the client and server, your Internet communications are transmitted in encrypted form. Information you send can be trusted to arrive privately and unaltered to the server you specify (and no other).
What are Firewalls and Routers?

Firewalls and routers form a barrier between the Internet and our bank's main computer. All incoming traffic is routed to the firewall, which verifies the source and destination of each information packet. The firewall then changes the address of the packet before delivering it to the appropriate site within our internal network. This way, all internal addresses are protected, keeping the structure of Key's network a secret. Our firewalls record all activity with BankNet, including sign-ons, sign-offs, and access violations. This allows for quick identification of any suspicious activity.
Do security features impose any limitations on the ability to access sites?

The security protocol works as an adjunct to other protocols without limiting access capabilities. You can use your browser to bring either secure or insecure documents.

Online forms can be secure if the submit action is an https:// URL to a secure server.

You can save a secure document (though secure documents are not cached to disk among sessions). You can also view the HTML source of a secure document. Security affects the transmission of a document without affecting your ability to manipulate the document.
How do I know when my browser is operating with security features?
There are two ways to tell if your browser is operating with security features:
- First, your Location Bar should show a Uniform Resource Locator (URL) that uses an https: address, as opposed to an http: address.
- Second, the security lock will appear in the lower right corner of your browser window.
Can I safely transmit personal information such as credit card numbers?

You can enter your credit card number on a secure (https) form and transmit the form over the Internet to a secure Server without risk of an intermediary obtaining your credit card information.

Secure communications does not eliminate all of an Internet user's concerns. For example, you must be willing to trust the server administrator with your credit card number before you enter into a commercial transaction. Security technology secures the routes of Internet communication; security technology does not protect you from unreputable or careless people with whom you might choose to do business.

The situation is analogous to telling someone your credit card number over the telephone. You may be secure in knowing that no one has overheard your conversation (privacy) and that the person on the line works for the company you wish to buy from (authentication), but you must also be willing to trust the person and the company.
What is encryption?

Encryption is the scrambling of information for transmission back and forth between two points.

When you send out a letter to your friend, you communicate in a language that both of you understand. Since, your language is understood by thousands of other people also, if someone else gets hold of your letter, he will not have any problem in understanding its contents. If you do not want anyone other than to whom this letter is intended, you must use a secret language or you must substitute each alphabet in your letter for some other alphabet, which only two of you will understand. Using a secret language or substituting one alphabet or word for another is called encryption and your letter is said to be encoded. To decode your letter, the receiver must have the same key that you used for encoding. To any other person who does not have this key, the message in the letter will not make any sense and will be garbage.

Computers also use the same principle. The browser in your computer uses a string of numbers, characters and special keys and makes the encoding and decoding immensely complicated. Your computer and the one at the receiving end agree upon the keys to be used for encoding. These keys are based on a set of mathematical formulae called algorithms. When a computer encrypts a message, there are billions of key combinations to select from. However only one of the billions of combination will be correct. Only the computers on both ends of the transaction know what key combination is in use during that session. The sending and the receiving computers use a different key combination for each session and only these two computers know what key is used for the current session. So if anyone else tries to read your message, he will get meaningless string of numbers and characters only.
What for encryption is used?

Encryption finds its application in variety of transactions that involve sensitive matters and even for national security. Encryption is used for sending e-mail messages, sensitive documents and in electronic commerce such as credit card transactions and electronic banking
How secure is encryption?

The security provided by encryption is measured in terms of how long is the encoding key used by your computer for encryption. The level of encryption is measured in bits like 40-bit or 128-bit encryption.

If the encryption has a 40-bit key, it means that there are 240 possible different combinations for solving the key. Similarly, for a 128-bit key, there are 2128 possible different combinations. In general, the longer the key, the longer it would take for someone without the correct decoder key to break the code.
What's the difference between 40- bit and 128-bit encryption?

The 40-bit encryption and the 128-bit encryption differ in their complexity and the key length. 40-bit encryption can use one of the 240 possible different combinations (1 followed by 12 zeroes) and 128-bit encryption uses on of the 2128 possible different combinations (3.4 followed by 38 zeroes). 128-bit encryption is exponentially more powerful than 40-bit encryption.

According to Netscape, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption.
How do I differentiate between a 40-bit and 128-bit encryption?

For Netscape browsers: The key at the bottom left-hand corner of your screen will have one tooth for 40-bit or two teeth for 128-bit.

For Microsoft browsers: You can find out the level of encryption by using your browser menu bar. Select "File" then "Properties" then "Security."

When you visit a site that requires encryption, your browser will display the symbol with a key or a lock. If you are not in a secure area, the key or lock will be broken.
How strong is 40-bit encryption?

40-bit encryption is not as powerful as 128-bit encryption. But this still requires a lot of dedicated effort to break. When the length of the key is increased by one bit, the amount of effort required for breaking the code doubles. However, as the power in the hands of the potential criminals increases, it is necessary to use a more complex and longer key for secure transmission of data electronically. This is being provided by 128-bit encryption.
How does BankNet protect customer information and account data?

In BankNet, customer information and account data is protected by two independent security protocols: data encryption and a verifiable Password. When customers use BankNet, they are first prompted to enter their Password . The EB computer will not send any account information to the customer's computer unless the Password associated with the User ID has been correctly entered. All information that passes between Emirates NBD and the customer's computer is put through data encryption.
How do I know if my banking session is encrypted?

Your banking session data is encrypted when the appears in the lower left corner of your screen in Netscape's Navigator, and when the appears in Microsoft's Explorer.

If you're using a version of Netscape Navigator with domestic-grade encryption running, a will appear in the lower left corner of your screen.

When not in a secure session, Netscape's appears broken and Microsoft's is not shown
What type of encryption do I need?

You need to use a browser with 128-bit encryption for using BankNet.
Why BankNet Requires 128-Bit Encryption?

Emirates NBD is concerned about the security of your transactions. Our success as a financial institution depends on our ability to manage these systems safely and to continue to earn your trust as our customer. By requiring 128-bit encryption, we are assuring the highest level of commercially available security for your financial transactions.
What is a browser and what does it do?

A browser is a software used use to surf the Web. In the absence of a browser you cannot visit a Web site and view its contents, graphics and other information.
What makes one browser more secure than another?
Browsers offer varying degrees of security, particularly in regard to encryption:
- Some browsers allow you to encrypt information, so that the information is scrambled as it passes over the Internet.
- Some browsers offer more secure forms of encryption than other browsers do.
- Even the same version of a browser can come with different levels of encryption. Netscape Navigator 3.0, for example, comes with either 40-bit encryption or the more secure 128-bit encryption.
How do I know if my banking session is encrypted?
Browsers indicate that they are in a secure, encrypted mode by displaying an icon in the lower portion of your browser as follows:
- Netscape navigator: A key icon in the lower left hand corner
- Microsoft Internet Explorer : A lock icon in the lower right hand corner.
How do I know the level of encryption in a browser?

Netscape Navigator 1.1X distinguishes its browser using 128-bit encryption with an icon with 2 keys and Netscape Communicator 4.0 and Microsoft Internet Explorer do not distinguish between 40-bit and 128-bit encryption on the browser screen.

However, with Netscape Communicator 4.0, you can click on the icon to determine what level of encryption is being used for a particular Web page.

All acceptable browsers do provide detailed information on security levels in "Properties" or "Document Information" from the browser's menu bar. See you browser's help or documentation for more information.
I want to bank online. What security capabilities must my browser have?
Browsers offer varying degrees of security, particularly in regard to encryption:
- Encryption Your browser must have 128-bit encryption.
- No storage of account information
Your browser must not automatically store information viewed from BankNet into your hard disc unless you specifically download the information.
Where to Learn More about Internet Security and Electronic Commerce?

The following is a list of sites you can browse for additional information concerning Internet security:

Using RSA Public Key Cryptography:

Learn more about Banking Online banking Security systems:
What is WAP GAP?

During the wire less communication from PDA to Emirates NBD secured web server, the request goes via WTLS protocol from PDA to service provider Wapgateway and using SSL from Wap gateway to Emirates NBD site. The interport communication which happens at the wap gateway during this translation is often termed as WAP GAP.
What is WTLS?

WTLS is called Wireless transport layer security.

You can use any WAP device (mobile phones or PDAs) to access this service via any WML browser, which supports WTLS. For higher-grade security, use WTLS with 128-bit encryption to transport information to your device. Ensure that your WAP device supports such encryption.

Customers should make sure to turn on the security function of his/her WTLS-enabled WAP phone or PDAs in order to secure WTLS encryption during transmission.