• Minimise the use of attachments.
  • Copy and paste text as often as possible.
• Question unsolicited documents
  • Unsolicited bulk mail and commercial email can put you and your organisation at risk. Questioning it means not opening it, not passing it on, and notifying your system administrator immediately.
• Never respond to spam email
  • For a spammer, one "hit" among thousands of mailings is enough to justify the practice. Instead, if you want a product that is advertised in a spam email, go to a Web site that also carries the product, inquire there, and tell them you do not approve of spam methods and will not patronize a company that uses spammers.
• Never respond to the spam email's instructions to reply with the word "remove"
  • This is just a trick to get you to react to the email -- it alerts the sender that a human is at your address, which greatly increases its value. If you reply, your address is placed on more lists and you receive more spam.
• Never sign up with sites that promise to remove your name from spam lists
  • These sites are of two kinds: genuine AND spam address collectors. The first kind is ignored (or exploited) by spammers, and the second is owned by them. In both cases your address is recorded and valued more highly because you have just identified it as read by a human.
• Keep your virus protection up-to-date
• Question executable programs received via email
  • This is a common means for passing on viruses. Do not open them, do not pass them on, and notify your system administrator if you receive them.
• Disable macros on your machine
  • To do this, you will need to open the application. On Word 2000, select Tools, then select Macros, then select Security, and then checked High: Only signed macros from trusted sources will be allowed to run. Unsigned macros are automatically disabled
• Make sure that file extensions are viewable
  • This will alert you to files of the following types: .exe, .vbs, and .shs. To view file extensions in Windows select the Start menu, then select Settings, then select Control Panel, then select Folder Options, then select View, then UNCHECK the command that reads Hide File Extensions for Known file Types.
• Notify the person you received an infected file from
  • This helps them correct the problem within their system before passing the virus on to other users.
• Monitor your transactions.
  • Review your order confirmations, credit card, and bank statements as soon as you receive them to make sure that you are being charged only for transactions you made. Immediately report any irregularities.
• Don't reply to any e-mail that requests your personal information.
  • Be very suspicious of any business or person who asks for your password, PIN (Personal Identification Number), or other highly sensitive information.
• If you experience anything that arouses your suspicions, please intimate our call center representative on +971 4 3160316

You should always be aware of the security when using an ATM and should always follow these general tips to ensure your personal information is kept safe:

• Never disclose your Personal Identification Number (PIN) to anyone.
• Never write your PIN or Password on your ATM card or Credit card. Memorise your PIN or Password.
• Never use an ATM with a blank screen.
• Do not force your card into the card slot.
• Stand close to the ATM and use your body and hand as a shield to make sure nobody sees you keying in your PIN.
• Keep your hand over the card slot to make sure nobody can swap or take your card.
• Follow the instructions on the ATM screen carefully.
• Do not insert your card until asked to do so by the display screen.
• Only put in your PIN when the ATM tells you to do so.
• Avoid drawing cash late at night or when you are alone.
• Leave the ATM immediately if you don't feel safe or you are suspicious of individuals loitering around. Come back later or use another ATM.
• Never hurry when using an ATM. Make sure you are not distracted, intimidated or rushed into your transaction.
• Never accept help from strangers when using an ATM. Always be wary of strangers asking for help. While one distracts you the other steals your card and money.
• Do not count your cash in front of the ATM.
• Avoid using ATMs in secluded areas after dark.
• If the ATM retains your card, cancel it immediately.
• Never allow a bystander to call the toll-free number on your behalf - they could be tricking you into thinking your card has been stopped.
• Always check that it is your card you get back from the ATM.
• Be aware of the daily withdrawal limits on each of your cards and decrease them if necessary.
• When using your cards at ATM's be alert that there are no additional devices affixed on the card reader slot or keypad, and also ensure that no one can see you punch the PIN number on the ATM keypad.
• Report lost or stolen cheques, ATM cards, or Credit Cards as soon as you discover they are missing.

You have to protect your information at all times be it over the internet or during your normal banking activities by simply following these tips:

• Protect your Password and Personal Information:
  • Do not use passwords that are easy to guess, e.g. your name, your date of birth, your telephone number(s), etc.
  • Use a combination of upper and lower case letters as well as numbers.
  • Do not use share your password with anyone and do not use the same password for other websites.
  • Change your password frequently and never write it down.
  • Always log into Internet Banking via our sites at the following addresses: www.emiratesnbd.com and not through other links.
  • Avoid logging into Internet Banking from Internet Cafes, Libraries or public sites.
  • Always close the window once you have logged out of your Internet Banking session.
  • Important: No one at Emirates NBD will ever ask you for your internet banking password. If someone does ask you for it, they do not represent the Bank and you should not under any circumstance provide this information.
• Protect your Computer and Internet session:
  • Never share your computer.
  • Use a password on your PC to prevent unauthorised access to your information.
  • Be wary of opening email messages from untrustworthy sources, especially if they contain attachments.
  • Do not reply to emails that request your personal information. They may appear to come from a trusted friend or business, but they are designed to trick you in disclosing sensitive personal information.
  • Use personal firewalls and anti-virus software.
  • Avoid downloading software such as screen savers, desktop themes, games, and other executable type programs from websites that are obscure or unidentifiable. These programs may contain Trojan viruses that would enable hackers to monitor or take over your PC.
  • Disable all unnecessary services running on your computer.
  • Always verify that the site is the genuine Emirates NBD site.
  • Do not leave your internet banking session unattended at any time.
  • Before you start your internet banking session, ensure that all other internet sessions are closed. If your internet banking session is open we recommend that you do not open other internet browsers at the same time.
  • Please contact our Customer Service Helpdesk on +9714 3160316 in case you receive fraudulent emails or require any assistance using our Internet Banking service.

• Contact your bank(s) and credit card issuers immediately to ensure the following are done:
  • Access to your accounts can be protected
  • Stop payments placed on missing cheques
  • Personal Identification Numbers (PINs) and Online Banking Passwords changed
  • Be sure to indicate to the bank or issuer all the cards and/or accounts potentially impacted, including your ATM cards and credit cards.
  • Review all recent transactions on your accounts linked to those cards. Additionally, ensure that no one has requested an address change, title change, PIN change, or ordered new cards or checks to be sent to another address when appropriate.
• Maintain a written chronology of what happened, what was lost, and the steps you took to report the incident to the various sources. Be sure to record the date, time, contact telephone number, person you talked to, and any relevant report or reference number and instructions.
• For further information or queries, please call 600 54 0000

• How does the BankNet session take place?

  A session is started when the authorised subscriber uses his or her browser to send a secure message via SSL to BankNet server. For this purpose he uses the customized password along with his User ID. The BankNet server verifies this data and responds by authenticating the customer and initiating session encryption.

  Once the BankNet session is securely established, Emirates NBD's computer processes and routes the transaction data using internal protocols. This prevents other Internet users from proceeding past bank's series of firewalls and filtering routers.

  BankNet protects financial transactions through a number of barriers that prevent unauthorized access. The first barrier is a system of filtering routers and firewalls, which separate the outside Internet from bank's internal network. The filtering router verifies the source and destination of each Internet packet, and determines whether or not to let the packet through. Access is denied if the packet is not directed at a specific, available service. In addition, the filtering router prevents many common Internet attacks.

  In addition, the firewall is the only server in the Bank's network that communicates via TCP/IP - the Internet's communication protocol. No internal Online transaction processing systems are reachable using TCP/IP. This prevents unauthorized users from accessing any transaction data from the Internet.

  The information is passed between the bank's main computer and the customer's PC after it is duly encrypted using the highest possible encryption.

• Why are security features necessary?

  Security is the first and foremost requirement of Online banking because the Internet is inherently unsecured. Millions of computers form a public network where communications can be intercepted. As data moves from sender to receiver, it almost always has to travel through several other connections. This is called routing. During routing, computers other than the sender and receiver can access the data. Even computers not directly involved in routing can access the data. Security is therefore a critical component of any Internet application

• What are the basic security risks of Internet communications?

  Sending data across a network involves three basic security risks:

  • Eavesdropping - intermediaries listen in on private conversations (one computer talking to another).
  • Manipulation - intermediaries change information in a private communication.
  • Impersonation - a sender or receiver communicates under false identification.
• How does security technology protect against these risks?

  Current browsers counter security threats with a network communication protocol called Secure Sockets Layer (SSL). SSL is a set of rules that tells computers the steps to take to improve the security level of communications. These rules are designed for the following:

  • - Encryption, which guards against eavesdropping
  • - Data integrity, which guards against manipulation
  • - Authentication, which guards against impersonation

  However, these effects protect your data only during transmission. That is, network security protocols do not protect your data before you send it. Just as you trust merchants not to share your credit card information, you must trust the recipients of your online data not to mishandle it.

• To what degree can SSL security protect me?

  SSL uses authentication and encryption technology developed by RSA Data Security Inc. The encryption established between you and a server remains valid over multiple connections, yet the effort expended to defeat the encryption of one message cannot be leveraged to defeat the next message.

  A message encrypted with 40-bit RC4 takes on average 64 MIPS-years to break (a 64-MIPS computer needs a year of dedicated processor time to break the message's encryption). The high-grade, 128-bit U.S. domestic version provides protection exponentially more vast. The effort required to break any given exchange of information is a formidable deterrent. Server authentication uses RSA public key cryptography in conjunction with ISO X.509 digital certificates.

• To what degree can Browser security protect me?

  The Internet is inherently unsecured. No security method can make claims of impenetrability.

  • Always use the latest versions of software. Regardless of vendor, users of network should always ensure that they have the latest version of an application. The discovery of a security flaw is one of the most significant reasons for vendors to release new versions of software.
  • Use the highest security version of your software. Customers who use Internet Explorer 3.02 can download the 128-bit add-on from the Microsoft web site. This software uses a 128-bit key that provides stronger security than the 40-bit key.
• How does BankNet security protect me?

  Emirates NBD is committed to provide the safest Online banking service to our valued customers so that all transactions involving financial and customer data are conducted in a safe and secure environment. Without thorough security, information transmitted over the Internet is susceptible to fraud and other misuse by intermediaries. Information travelling between your computer and a server uses a routing process that can extend over many computer systems. Any one of these computer systems represents an intermediary with the potential to access the flow of information between your computer and a trusted server. You need security to make sure that intermediaries cannot deceive you, eavesdrop on you, copy from you, or damage your communications.

  Adequate security features are in-built into our BankNet to protect our customers. We use 128-bit encryption, the highest encryption security currently available, which earlier was restricted to Canada and US, but are now available to Banks outside the US in selected countries. Additional security comes with the User ID and Password, which are provided to you by the bank to access your account. The information, which you enter, passes through 128-bit encryption.

  Microsoft Internet Explorer with 128-bit encryption uses:

  • Server authentication (thwarting impostors)
  • Privacy using encryption (thwarting eavesdroppers)
  • Data integrity (thwarting vandals)
  • Firewall is used to protect data in Emirates NBD's main computer and only authorised persons have appropriate access to the data in our system.
  • The SSL protocol delivers server authentication, data encryption, and message integrity. SSL is layered beneath application protocols such as HTTP, SMTP, Telnet, FTP, Gopher, and NNTP, and layered above the connection protocol TCP/IP. This strategy allows SSL to operate independently of the Internet application protocols.
  • With SSL implemented on both the client and server, your Internet communications are transmitted in encrypted form. Information you send can be trusted to arrive privately and unaltered to the server you specify (and no other).
• What are Firewalls and Routers?

  Firewalls and routers form a barrier between the Internet and our bank's main computer. All incoming traffic is routed to the firewall, which verifies the source and destination of each information packet. The firewall then changes the address of the packet before delivering it to the appropriate site within our internal network. This way, all internal addresses are protected, keeping the structure of Key's network a secret. Our firewalls record all activity with BankNet, including sign-ons, sign-offs, and access violations. This allows for quick identification of any suspicious activity.

• Do security features impose any limitations on the ability to access sites?

  The security protocol works as an adjunct to other protocols without limiting access capabilities. You can use your browser to bring either secure or insecure documents.

  Online forms can be secure if the submit action is an https:// URL to a secure server.

  You can save a secure document (though secure documents are not cached to disk among sessions). You can also view the HTML source of a secure document. Security affects the transmission of a document without affecting your ability to manipulate the document.

• How do I know when my browser is operating with security features?

  There are two ways to tell if your browser is operating with security features:

  • First, your Location Bar should show a Uniform Resource Locator (URL) that uses an https: address, as opposed to an http: address.
  • Second, the security lock will appear in the lower right corner of your browser window.
• Can I safely transmit personal information such as credit card numbers?

  You can enter your credit card number on a secure (https) form and transmit the form over the Internet to a secure Server without risk of an intermediary obtaining your credit card information.

  Secure communications does not eliminate all of an Internet user's concerns. For example, you must be willing to trust the server administrator with your credit card number before you enter into a commercial transaction. Security technology secures the routes of Internet communication; security technology does not protect you from unreputable or careless people with whom you might choose to do business.

  The situation is analogous to telling someone your credit card number over the telephone. You may be secure in knowing that no one has overheard your conversation (privacy) and that the person on the line works for the company you wish to buy from (authentication), but you must also be willing to trust the person and the company.

• What is encryption?

  Encryption is the scrambling of information for transmission back and forth between two points.

  When you send out a letter to your friend, you communicate in a language that both of you understand. Since, your language is understood by thousands of other people also, if someone else gets hold of your letter, he will not have any problem in understanding its contents. If you do not want anyone other than to whom this letter is intended, you must use a secret language or you must substitute each alphabet in your letter for some other alphabet, which only two of you will understand. Using a secret language or substituting one alphabet or word for another is called encryption and your letter is said to be encoded. To decode your letter, the receiver must have the same key that you used for encoding. To any other person who does not have this key, the message in the letter will not make any sense and will be garbage.

  Computers also use the same principle. The browser in your computer uses a string of numbers, characters and special keys and makes the encoding and decoding immensely complicated. Your computer and the one at the receiving end agree upon the keys to be used for encoding. These keys are based on a set of mathematical formulae called algorithms. When a computer encrypts a message, there are billions of key combinations to select from. However only one of the billions of combination will be correct. Only the computers on both ends of the transaction know what key combination is in use during that session. The sending and the receiving computers use a different key combination for each session and only these two computers know what key is used for the current session. So if anyone else tries to read your message, he will get meaningless string of numbers and characters only.

• What for encryption is used?

  Encryption finds its application in variety of transactions that involve sensitive matters and even for national security. Encryption is used for sending e-mail messages, sensitive documents and in electronic commerce such as credit card transactions and electronic banking

• How secure is encryption?

  The security provided by encryption is measured in terms of how long is the encoding key used by your computer for encryption. The level of encryption is measured in bits like 40-bit or 128-bit encryption.

  If the encryption has a 40-bit key, it means that there are 240 possible different combinations for solving the key. Similarly, for a 128-bit key, there are 2128 possible different combinations. In general, the longer the key, the longer it would take for someone without the correct decoder key to break the code.

• What's the difference between 40- bit and 128-bit encryption?

  The 40-bit encryption and the 128-bit encryption differ in their complexity and the key length. 40-bit encryption can use one of the 240 possible different combinations (1 followed by 12 zeroes) and 128-bit encryption uses on of the 2128 possible different combinations (3.4 followed by 38 zeroes). 128-bit encryption is exponentially more powerful than 40-bit encryption.

  According to Netscape, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times more powerful than 40-bit encryption.

• How do I differentiate between a 40-bit and 128-bit encryption?

  For Netscape browsers: The key at the bottom left-hand corner of your screen will have one tooth for 40-bit or two teeth for 128-bit.

  For Microsoft browsers: You can find out the level of encryption by using your browser menu bar. Select "File" then "Properties" then "Security."

  When you visit a site that requires encryption, your browser will display the symbol with a key or a lock. If you are not in a secure area, the key or lock will be broken.

• How strong is 40-bit encryption?

  40-bit encryption is not as powerful as 128-bit encryption. But this still requires a lot of dedicated effort to break. When the length of the key is increased by one bit, the amount of effort required for breaking the code doubles. However, as the power in the hands of the potential criminals increases, it is necessary to use a more complex and longer key for secure transmission of data electronically. This is being provided by 128-bit encryption.

• How does BankNet protect customer information and account data?

  In BankNet, customer information and account data is protected by two independent security protocols: data encryption and a verifiable Password. When customers use BankNet, they are first prompted to enter their Password . The EB computer will not send any account information to the customer's computer unless the Password associated with the User ID has been correctly entered. All information that passes between Emirates NBD and the customer's computer is put through data encryption.

• How do I know if my banking session is encrypted?

  Your banking session data is encrypted when the appears in the lower left corner of your screen in Netscape's Navigator, and when the appears in Microsoft's Explorer.

  If you're using a version of Netscape Navigator with domestic-grade encryption running, a will appear in the lower left corner of your screen.

  When not in a secure session, Netscape's appears broken and Microsoft's is not shown

• What type of encryption do I need?

  You need to use a browser with 128-bit encryption for using BankNet.

• Why BankNet Requires 128-Bit Encryption?

  Emirates NBD is concerned about the security of your transactions. Our success as a financial institution depends on our ability to manage these systems safely and to continue to earn your trust as our customer. By requiring 128-bit encryption, we are assuring the highest level of commercially available security for your financial transactions.

• What is a browser and what does it do?

  A browser is a software used use to surf the Web. In the absence of a browser you cannot visit a Web site and view its contents, graphics and other information.

• What makes one browser more secure than another?

  Browsers offer varying degrees of security, particularly in regard to encryption:

  • Some browsers allow you to encrypt information, so that the information is scrambled as it passes over the Internet.
  • Some browsers offer more secure forms of encryption than other browsers do.
  • Even the same version of a browser can come with different levels of encryption. Netscape Navigator 3.0, for example, comes with either 40-bit encryption or the more secure 128-bit encryption.
• How do I know if my banking session is encrypted?

  Browsers indicate that they are in a secure, encrypted mode by displaying an icon in the lower portion of your browser as follows:

  • Netscape navigator: A key icon in the lower left hand corner
  • Microsoft Internet Explorer : A lock icon in the lower right hand corner.
• How do I know the level of encryption in a browser?

  Netscape Navigator 1.1X distinguishes its browser using 128-bit encryption with an icon with 2 keys and Netscape Communicator 4.0 and Microsoft Internet Explorer do not distinguish between 40-bit and 128-bit encryption on the browser screen.

  However, with Netscape Communicator 4.0, you can click on the icon to determine what level of encryption is being used for a particular Web page.

  All acceptable browsers do provide detailed information on security levels in "Properties" or "Document Information" from the browser's menu bar. See you browser's help or documentation for more information.

• I want to bank online. What security capabilities must my browser have?

  Browsers offer varying degrees of security, particularly in regard to encryption:

  • Encryption Your browser must have 128-bit encryption.
  • No storage of account information

  Your browser must not automatically store information viewed from BankNet into your hard disc unless you specifically download the information.

• Where to Learn More about Internet Security and Electronic Commerce?

  The following is a list of sites you can browse for additional information concerning Internet security:

  Using RSA Public Key Cryptography:

  Learn more about Banking Online banking Security systems:

• What is WAP GAP?

  During the wire less communication from PDA to Emirates NBD secured web server, the request goes via WTLS protocol from PDA to service provider Wapgateway and using SSL from Wap gateway to Emirates NBD site. The interport communication which happens at the wap gateway during this translation is often termed as WAP GAP.

• What is WTLS?

  WTLS is called Wireless transport layer security.

  You can use any WAP device (mobile phones or PDAs) to access this service via any WML browser, which supports WTLS. For higher-grade security, use WTLS with 128-bit encryption to transport information to your device. Ensure that your WAP device supports such encryption.

  Customers should make sure to turn on the security function of his/her WTLS-enabled WAP phone or PDAs in order to secure WTLS encryption during transmission.