What can you do?
Although we monitor the security of your accounts there are also things that you can do.
How to safely access the distance banking service
- When entering BSabadell electronic banking service, check that it correctly shows your name and surnames and the last date and time you connected.
- Remember that if you are registered with a service which adds accounts from another bank, this service may periodically access the Distance Banking services you have set, showing the date and time of the last access via this method. If you suspect that the date and time of the last access does not match your last session or access via the above service, immediately notify the Bank of this situation.
- When you are accessing Banco Sabadell website, check if you are doing so via a secure webpage. Check that the address (URL) starts with the prefix https, for example https://www.bancsabadell.com.
- If your browser uses a secure system of 128 bits, please ensure that when you access BS online the closed padlock icon appears and that the address bar is shaded in green. If the address bar is shaded red the page could be fraudulent. However, if you use browsers that do not support these functions, the address bar will not be shaded in.
Navigating with strong (128 bits) encryption
Make sure that you use a version of your preferred navigator that has strong encryption capacity (128 bits). A server that uses strong encryption will usually announce this on its pages, usually in a specific security section. If this is not the case you must have a navigator with strong encryption to verify the type of encryption that a determined server uses.
How to know if you are using communications with strong encryption?
In order to know whether you are exchanging information by means of strong encryption you must first observe whether the padlock at the bottom right hand corner of the window of your navigator is closed. Once this has been done:
- For Internet Explorer, by moving the mouse, place the courser over the padlock, leaving it there for an instant, until the length of the encrypted code appears. This should be 128 bits.
- For Google Chrome, click once on the padlock.
If you have a navigator that is enabled to use strong encryption you can also communicate in a secure manner with servers that do not have this characteristic. In this case it will automatically be used for communications of the type of encryption that is higher than that which is supported by the server, and the code length of the encryption will appear a value that is lower than 128 (normally 40 to 56 bits).
Checking the pages of an internet service
To ensure that you are not putting the security of your device at risk, it is important to ensure that the pages you are using are safe. The following steps show you how to do this:
- Check that the address (URL) of the pages starts with the prefix https:// and that your browser shows the locked padlock icon in the lower right of your window.
- Click on the padlock to see the digital certificate and check the identity of who is showing the pages which are going to collect your information.
Steps to check the pages in Internet Explorer or other browsers.
Firstly, check the address (URL), the issuer of the certificate and validity of the same. To check the identity of the issuer, click on the padlock and a new window will appear. Click on “See certificates” and a second window will open. In the “General” tab you will be able to verify who is issuing the certificate and who they are issuing it for. In the “Certification route” you can see if the certificate is valid.
Other browsers, the way of showing the certificate is similar in other browsers. Click the padlock and a new window will appear showing the identity of the issuer. Once you can see this new window, click on the more information link to verify the validity of the certificate and the webpage.
How to use your computer in a safe and secure manner
- Do not store on your PC programs whose origins are unknown
- Make backup copies and keep them up to date, so that in the event of an incident it is possible to recover information stored on the computer. Backup copies must be stored apart from the equipment that contains the original data, so that in the event of an incident, the copies are not also lost.
- Update your operating system. Some operating systems, such as Windows with its Windows Update function, have utilities for verifying the existence of operating system updates, including security updates. Make use of these utilities or periodically visit the manufacturer’s operating system Internet pages and update the system according to the security recommendations that appear there.
- Install a Firewall in your computer to block unauthorised access or third party internet access to your computer, as well as uncontrolled access (caused by a new virus, program or malicious code) between your computer and the internet
When the firewall notifies us of an attempted connection which has not been expressly authorised, we must indicate whether we wish to authorise it for our present purpose or if the connection is due to an external agent (attempted access via the internet, virus or similar).
- Update your browser. By using your browser as the main tool to access the internet you should follow the latest security recommendations in order to maintain it updated. You should periodically read the manufacturer’s recommendations and update your browser in accordance with their instructions.
- Take additional precautions when using public or shared computers. Only use public computers for queries which are not of a private nature. Remember you can be observed by others and even via electronic surveillance means.
How to use your e-mail in a safe and secure manner
- Do not trust e-mail messages that come from unknown sites or contain incoherent information
- E-mail messages which come from unknown addresses are highly likely to contain computer viruses or malware, especially when the subject line contains incoherent information (when it is written in an unfamiliar language or it is not related to the subjects commonly associated with the sender).
- You should remember that even if the message sender is known, when the subject we see is not coherent with the sender, the message could have been sent by a computer virus or malware, either from the sender’s own computer or from another infected computer which has stored their e-mail address.
Protect your access code
Remember that your access code is personal and non-transferable. You are recommended to remember the following guidelines in order to ensure your code is protected:
- Never give out your identifier and password (or other personal details) when requested by SMS, fax or e-mail, or via a link which does not lead to a secure address (an address that does not contain the prefix https://).
- Change your card’s PIN number regularly, and your access code for distance banking services.
- Refrain from noting down your codes or keys on paper (or any other physical medium). If so, refrain from storing them together with supplementary identification elements (cards).
- Refrain from choosing a number associated with your personal details, or with any other code which may be easily predicted by third parties (date of birth, telephone number, series of consecutive numbers, repetitions of the same digit, etc.).
- If you still do not use a digital signature, and continue using your personal codes card, refrain from letting any other person use your card, and also refrain from making a copy of the card. These cards are key to allowing you to conduct banking transactions.
- Ensure that you take full security and prevention measures with the mobile device where you have activated your Digital Signature. Protect access to it by using a password and ensure you store it safely.