1 - SGBS Online
Transcription
1 - SGBS Online
[SECURITY INFORMATION] SGBSONLINE RECOMMENDATIONS SECURITY – ONLINE BANK TRANSACTIONS Best practices IT security refers to the body of techniques and best practices to protect your computers and your interests in the use of IT services, such as online bank services of Société Générale de Banques au Sénégal. If the techniques and good practices have been developed by It security experts, you must know about and implement the easiest ones. Detection of a malicious act: contact our security services Do you think you are a cybercrime victim? Do you have any doubt of the nature of a received message? Contact our security teams as soon as possible: [email protected] +221 33 839 42 42 Protect own password A password is an important protection to carry out online transactions safely. Nevertheless, to ensure full protection, a password must comply with good practices listed below. ○ Choice of a password: a 6 digit password is intended to be entered on the virtual keyboard. Choosing a « strong » password shall protect from fraud attempts, passwords must not be trivial (repetition of digits or sequences of digits) and must not be easily identifiable by a third person (anniversary date). ○ Use of a password: only enter your code on the virtual keyboard of the secured access space of your online bank at the following address https://www.sgbsonline.sn - 1 -S.A. AU CAPITAL DE 10 000.000.000 FRANCS CFA - LSB N° P5 – SIEGE SOCIAL 19, AVENUE PDT LEOPOLD S. SENGHOR DAKAR – BP 323 – R.C DAKAR N° 7008 B NINEA : 0014051 – NITI : 206 020851-F - TEL : +221 33 839 55 00 –: 1 [SECURITY INFORMATION] SGBSONLINE Never communicate your password to anybody. We remind you that Société Générale de Banques au Sénégal shall never ask for your password. Log out after consultation : Authentication on online bank services shall initiate a consultation session of your customer space. The session enables you to browse pages and carry out some operations without having to authenticate yourself again. Though practical, such functionality may enable a user of your computer to browse and make some operations on your customer space without your knowledge. You must log out after consultation via « log out » button, closing the page or the browser shall not be enough. We remind you that any operation made in your name via your session cannot be denied Disable the auto-complete feature of the browser : Most internet browsers suggest that you save usernames and passwords used in the authentication forms, including your login username for online bank services. The auto complete feature of the username shall enable to access in the future your customer space without having to enter your username again. Though practical, the auto-complete feature of your username may allow a user to log in to your customer space without your knowledge You must disable the auto-complete feature of the browser. We remind you that any operation made in your name via your session cannot be denied Secure one’s computer : Before you browse on Internet, you must protect your computer from possible malicious attacks. You shoud therefore follow the following instructions : - 1 -S.A. AU CAPITAL DE 10 000.000.000 FRANCS CFA - LSB N° P5 – SIEGE SOCIAL 19, AVENUE PDT LEOPOLD S. SENGHOR DAKAR – BP 323 – R.C DAKAR N° 7008 B NINEA : 0014051 – NITI : 206 020851-F - TEL : +221 33 839 55 00 –: 2 [SECURITY INFORMATION] SGBSONLINE Update one’s operating system and one’s software: update one’s operating system and software * is paramount in order to protect oneself from malicious attacks. In fact, making up known security faults would make inefficient the most common attack techniques. Install an antivirus : an antivirus software, even a free one, must be installed in your computer. Such software shall protect you by identifying and blocking malicious applications installed in your computer. In addition, an antivirus software shall check the reliability of the files you download on Internet or you receive by e-mail. See also to update your antivirus solution. * In priority should be updated access-internet softwares (browser, mail box …) and widely known software (pack Office, suite Adobe, Java …) ● Check the reliability of the visited site Whether you consult a bank site or an e-commercial site, it is important to ensure that you are on an official and secured site before making any authentication operation or bank operation. Please follow these instructions so as to make sure of the reliability of the site you are visiting: ○Check the URL site on the address bar: an URL is the sole username of the web page you are consulting and which is visible on the address bar of your browser. Checking carefully your address shall enable you to identify any malicious site as its address shall inevitably display some differences from one official site (ex. www.particulier.sg.sn instead of www.particuliers.societegenerale.sn). ○ Check the address’ prefix : an official internet site of bank or commercial services, shall use some secured communication protocols with its customers. Make sure you browse on a site securing your communications; the prefix « https » must precede the site URL (instead of « http »). The full address of SGBS secured space is as follows: https://www.sgbsonline.sn o Check the security certificate: The certificate is used to ascertain that the site belongs to the Société Générale group. Your Internet browser shall enable to display the security - 1 -S.A. AU CAPITAL DE 10 000.000.000 FRANCS CFA - LSB N° P5 – SIEGE SOCIAL 19, AVENUE PDT LEOPOLD S. SENGHOR DAKAR – BP 323 – R.C DAKAR N° 7008 B NINEA : 0014051 – NITI : 206 020851-F - TEL : +221 33 839 55 00 –: 3 [SECURITY INFORMATION] SGBSONLINE certificate used on the page you are visiting. The certificate must have the following form : Specific Protections to Smartphones : The growing use of Smartphones and the increasing development of bank services on such platform introduce new risks for your security. The confusion between portable telephones and Smartphones is frequent; however Smartphones are not more or less computers you can call with. Security measures valid for computers (as mentioned previously) are therefore for Smartphones. However, specific protections must be applied to smartphones: Protect your telephone with a password (not trivial) and automate the screen lock in case of inactivity o See to apply all updates proposed by your system manager o Only download applications from official application site stores (ex. Apple Store, Google Play Store), at the risk of introducing malicious applications on your Smartphone o Do not unlock under any pretext the operating system of the Smartphone (ex. jailbreak, rooting), such practice shall increase your exposure to risks o Do not store any confidential data if they are not encrypted - 1 -S.A. AU CAPITAL DE 10 000.000.000 FRANCS CFA - LSB N° P5 – SIEGE SOCIAL 19, AVENUE PDT LEOPOLD S. SENGHOR DAKAR – BP 323 – R.C DAKAR N° 7008 B NINEA : 0014051 – NITI : 206 020851-F - TEL : +221 33 839 55 00 –: 4 [SECURITY INFORMATION] o SGBSONLINE Install an application antivirus software you will keep update We remind that it is essential to use the same precautions on a Smartphone as on a computer when you browse on Internet Security Measures Aware of security risks due to the sensitiveness of online bank services, Société Générale shall implement all security measures in the state of art in order to ensure an optimal security level. ● Mechanisms and authentication procedures Authentication is a key element of online bank service security. Such procedure, which gives you access to consultation and management of your accounts, shall enable the computer systems of Société Générale to formally identify you. Elements enabling to authenticate you are your username and password. The username is unique and is provided to you at subscription to online services. A password by default is allocated to you at subscription to online services and a password change form shall be submitted to you upon at first subscription. Authentication case by password A new password that you will choose shall be modifiable any time at the following address: https://www.sgbsonline.sn. The couple username, password shall enable you to access consultation and management of your accounts thanks to innovating system implemented by Société Générale. Never communicate your password to anybody. We remind you that Société Générale de Banques au Sénégal shall never ask for your password. Authentication case by virtual keyboard - 1 -S.A. AU CAPITAL DE 10 000.000.000 FRANCS CFA - LSB N° P5 – SIEGE SOCIAL 19, AVENUE PDT LEOPOLD S. SENGHOR DAKAR – BP 323 – R.C DAKAR N° 7008 B NINEA : 0014051 – NITI : 206 020851-F - TEL : +221 33 839 55 00 –: 5 [SECURITY INFORMATION] SGBSONLINE A new password that you will choose shall be modifiable any time at the following address: https://www.sgbsonline.sn. The couple username, password shall enable you to access consultation and management of your accounts thanks to innovating system implemented by Société Générale. The Virtual keyboard shall reinforce the password security by its recuperation by a malicious individual more complicated. Never communicate your password to anybody. We remind you that Société Générale de Banques au Sénégal shall never ask for your password. Communication encryption : Online bank services of Société Générale de Banques au Sénégal are based on the protocol of encryption communication SSLv3/TLS (Secure Socket Layer version 3 / Transport Layer Security). The encryption activation shall enable to strengthen HTTP communication which is now referred to as HTTPS (S: Secure/Sécurisé). The HTTPS protocol shall ensure that all the information exchanged on the site are confidential and accurate. Do not hesitate to check that you are visiting a secured site o The prefix « https » precedes the address of the site you are visiting o According to the browser you use, a lock logo displays on the status bar Case of « Extended Validation Certificate » (EV) - 1 -S.A. AU CAPITAL DE 10 000.000.000 FRANCS CFA - LSB N° P5 – SIEGE SOCIAL 19, AVENUE PDT LEOPOLD S. SENGHOR DAKAR – BP 323 – R.C DAKAR N° 7008 B NINEA : 0014051 – NITI : 206 020851-F - TEL : +221 33 839 55 00 –: 6 [SECURITY INFORMATION] o SGBSONLINE According to the browser you use, the address bar becomes green and displays a certification logo The full address of SGBS secured space is as follows: https://www.sgbsonline.sn Automatic log out procedure : For your security, after ten minutes of inactivity on the service, you will automatically log out. Thus, nobody can use the site in your place when you are missing without being first logged out. In order to log in again, you must enter again the username and password. You must log out at the end of your consultation via « log out » button We remind you that any operation made in your name via your session cannot be denied Traceability and archiving: For security purposes, the activity of your bank site is traced and filed 24/24 and 7/7, and this, with respect to banking regulation in force and in accordance with the laws on IT and individual liberty. Any default shall be subjected to in-depth analysis as well ad hoc procedures to ensure reliability and continuity of the service at any time. - 1 -S.A. AU CAPITAL DE 10 000.000.000 FRANCS CFA - LSB N° P5 – SIEGE SOCIAL 19, AVENUE PDT LEOPOLD S. SENGHOR DAKAR – BP 323 – R.C DAKAR N° 7008 B NINEA : 0014051 – NITI : 206 020851-F - TEL : +221 33 839 55 00 –: 7