Security Information

What we’re doing to protect you

Our IT professionals work constantly to stay ahead of online threats, taking advantage of the most advanced technologies and established procedures to protect your data and financial assets.

Information Security

The Confidentiality, Integrity and Availability of information is critical to our clients and is therefore a key priority for EFG International. We host hundreds of thousands of individual records worldwide. The security of this information is of the utmost importance and we continually make sizeable investments to protect our information, IT systems, applications, infrastructure and processes.

More about Information Security

Privacy

Your personal and financial information is safely stored and all communications with the eBanking platform are encrypted. This ensures the confidentiality of your data from EFG systems to your browser. We also offer the SecureMail service, allowing you to exchange securely emails and documents with your Client Relationship Officer (CRO).

Digital certificates

The EFG eBanking website uses extended validity (EV) certificates to prove its identity to visitors. Such certificates require extensive verification, and provide the highest level of confidence about the authenticity of a website.

Identity verification

For added safety, EFG eBanking requires two levels of authentication to provide access to your eBanking account and to confirm your transactions:

• Your traditional username/password credentials.
• An electronically generated one-time password. This will prevent unauthorised access in the event that your username/password are disclosed.

Account lock out and session time out

To protect your account from password guessing, an account will be locked out if an incorrect password (or token code) is entered three times consecutively. You will then have to contact your CRO to reactivate it. In addition, you will be automatically disconnected from your eBanking session after 5 minutes of inactivity, to prevent anyone else from accessing your account in case you leave your computer unattended.

What you can do to protect yourself

There are a number of things you can do to protect your data and improve your online banking experience:

Website identity

Most of us have received an email purporting to be from a financial institution, exhorting us to click on a link to log-in to our online banking account, reset our password, and so on. It is usually pretty clear that these are phony. However, bogus websites can be more difficult to spot, as they often look exactly like their legitimate counterparts. You can make sure of website authenticity by looking at the address and by checking the certificate. The real web address, in fact, is not necessarily the one shown in the hyperlink which could redirect you to a website that has nothing to do with the real eBanking site. For this reason, you should never follow any link to access our eBanking and you should manually enter the address https://ebanking.efginternational.com in your browser or save it in your bookmark. Once you have entered the right address, it is also critical to verify the certificate. A valid certificate will in fact show you the real entity associated with the website you are connected to, and it will ensure that only that entity will be able to decrypt the exchanged information. There may be some differences in how browsers show that a certificate is valid (a closed padlock, address highlighted in green, etc.).

Antivirus

Malicious software can infect your computer in many ways. Viruses can be in email attachments or USB sticks; they can hide themselves in valid programs; or you can simply get infected by opening a web page within your browser. In most cases, antivirus software can provide protection; however, it is critical to keep it up to date with the latest virus definitions. Computer viruses are created on a daily basis, and the most dangerous attacks often draw on the most recent developments. Make sure your antivirus software is active and configured for automatic updates. In addition to 'real-time' protection, it should also be configured to perform a full scan of your computer on a regular basis.

Anti-spyware

Spyware is a type of programme that records information about your online behaviour, often to generate market research data but also sometimes to obtain personal information, passwords, credit card numbers and so on. In most cases they are downloaded and installed as part of a legitimate program without the user's knowledge. As spyware behaves in a different way from viruses, many antivirus tools are not effective in detecting them. It is therefore a good idea to install specific anti-spyware software.

Suspicious emails and attachments

Emails are a common method of carrying out scams or propagating viruses. You should always exercise care when opening a suspicious email and, should you have any doubt about the legitimacy of the message, avoid clicking on any link or downloading any attachment. Note that you should also be cautious when receiving an email from a person that you know, as it is very easy to forge the sender of an address in an email. Common sense is often the best means to spot a fraudulent message in those cases.

Patches and security updates

While viruses are intentionally developed for malicious activities, software vulnerabilities and bugs are defects involuntarily left by developers in an application or an operating system. Just like viruses, vulnerabilities might open doors for ill-intentioned people interested in your data. And just like viruses, new vulnerabilities are being discovered every day. This is why it is critical that you keep your operating system and your applications up to date by installing the latest patches and security updates. Many systems and applications offer an automatic updates feature and it is generally advisable to enable it.

Account privileges

Most of the day-to-day activities performed on a computer (surfing, running programmes or applications, and so on) do not require administrative privileges and can be safely carried out with a 'standard' account with limited privileges. Moreover, the impact of a virus or malware is generally much higher if executed by an administrative account and it would affect all the users on the system. For this reason, you should always try to use a standard account and only log in as an administrator when it is necessary (for example to install a new programme).

Secure wireless networks

Wireless networks offer a great opportunity for anybody in your neighbourhood to enter your network and potentially eavesdrop on your communications or access the data in your computer. In addition, any activity performed by a device connected to your wireless network would appear to be done by you - and in many countries you may be held legally responsible for it. Securing your wireless connection is imperative, and you should never assume that your neighbourhood are safe as some directional antennas are able to intercept your WIFI signal from miles away. You should never use an 'open' access point and never use weak authentication/encryption such as WEP which can be easily broken in a few minutes. You should use more robust algorithm, such as WPA2, with a very complex access code. Please refer to the vendor of your wireless equipment for instructions on how to enable WPA2.

Secure session and log out

Internet browsers often store data concerning your session. To minimise this to potential unauthorised access, you should start a new browser window for any eBanking session and close all other web pages while you are connected to your account. You should also avoid accessing your account from public places like internet cafes or kiosks, as you will lack control about what information is retained and where. To correctly terminate your session you should not simply close the browser. Instead, you should use the 'log out' button, and possibly clear the cache of your browser.

What should I be aware of when using Biometric Authentication service?

For security reasons, do not use jailbroken or rooted mobile devices. Upon the successful registration of the “Biometric Authentication” service on your mobile devices, any fingerprint or Face ID that being stored on your mobile device can be used for the purpose of the “Biometric Authentication” service. You must ensure that only your fingerprint or Face ID is stored on your mobile devices, and ensure the security of the security codes as well as the passwords or codes that you can use to store your fingerprint or Face ID and register the “Biometric Authentication” service on your mobile devices. You can cancel the “Biometric Authentication” service by disabling the option of Biometric Authentication Login via "Setting" after logging in Mobile Banking. Please note that after you cancel the “Biometric Authentication” service, your fingerprint or Face ID will be continuously stored on your designated mobile devices. You may consider cancelling the data at your own decision. If your fingerprint or Face ID record of your designated mobile devices has been changed, you are required to input your original pin code for the next login. Once successful, you can continue to use the “Biometric Authentication” service. You must not use “Biometric Authentication” if you have reasonable belief that other people may share identical or very similar biometric credentials of you. For instance, you must not use facial recognition for authentication purpose if you have identical twin or triplet siblings. You must not use “Biometric Authentication” if the biometric credentials you use are or will be undergoing rapid development or change.

Cyber crime

Cyber crime is on the rise and both the volume and sophistication of attacks is growing. It is more important than ever that you stay one step ahead of online criminals. The following tips can help you protect yourself, your information and your assets.

Tips to stay safe online

• Think before you click. The best thing users can do to protect themselves is simply to slow down. If something doesn’t seem right about an email, just delete it, preferably before you open it.
• Examine the link. Before you click on a link, try hovering your mouse over it. This will reveal the full address, which can expose signs of fraud. Misspellings in URLs are another good tip-off to a fake website.
• Don’t assume that a website is legitimate just because its URL starts with “https.” Criminals like to use encryption, too.
• Don’t open suspicious attachments. They may contain malware. And you should never type confidential information into a form attached to an email. The sender may be able to track the information you enter.
• Guard your financial information. Be wary of emails asking for account numbers, credit card details, wire transfers, and failed transactions. There’s no reason to share such information via message or an unsecure site.
• Turn on auto updates. This goes for your computer, smartphone and tablets. Up-to-date antivirus software goes a long way toward stopping malware.If you receive any suspicious communication that claims to originate from EFG, notify us immediately. Apart from the standard authentication process when you contact our service desk, EFG will never ask you to disclose credentials or personal information in either email or telephone conversations.