Before you use online services, you should read, note and use the following CASES security reflexes:
“Computer” CASES security reflex
 |
It is ideal if you can use a separate computer for your e-Banking / e-Commerce transactions. This reduces the risk of unauthorised persons attacking or accessing your computer.
|
 |
If you do not have a computer that you can use exclusively for e-Banking or e-Commerce, you should restrict access to this computer as far as possible. Set up several independent user accounts on the computer and configure the appropriate access rights. We advise you to set up a separate account with limited access rights for every user as well as an administrator account to manage the computer. This makes access more difficult for a potential attacker.
(More information can be found in the CASES article on « Gestion des comptes »).
|
 |
In order to keep a good overview of the applications installed on your computer and reduce the risk of infection, you should only install software that you actually need, that you know how it works and that you trust.
|
 |
You should only use Bluetooth when the connection is encrypted to ensure that information you enter via the keyboard and mouse cannot be intercepted.
(More information can be found in the CASES article on « Bluetooth » et / ou le dossier « Bluetooth»).
|
“Browser” CASES security reflex
|
Update your browser regularly to eliminate any security gaps.
|
|
Clear the content of the cache when you have completed your e-Banking or e-Commerce transactions. In this way you will not leave any traces that could be used by persons with malicious intentions.
(More information can be found in the « Nettoyer un ordinateur »).
|
|
Disable the "ActiveX“ function in your browser to prevent third parties installing applications without your knowledge via the Internet.
In the English version of Internet Explorer, this function can be found at:
Tools > Internet Options > Security > Custom level > Active X control and plug ins. Select “Disable“
|
|
Disable the "Enable integrated Windows Authentication” which saves your user name and password on the hard disk, although without significant protection.
In the English version of Internet Explorer, this function can be found at:Tools > Internet Options > Advanced > Enable integrated Windows Authentication. Uncheck the box.
|
 |
To avoid unnecessary risks, do not use any extra applications such as browser plug-ins.
|
 |
Never use beta versions of browsers as these are known to have many security gaps.
|
“Access data” CASES security reflex
|
Only you may know your access data such as your user name or password. Never disclose these to a third party. Never write your access data down.
If you do not follow this rule, at least keep the data separate and, above all, away from your desk or computer.
|
|
Never trust the appearance of an e-mail. One of the best known methods of deception is to send an e-mail that looks exactly like one from a trustworthy organisation asking you to enter personal information (passwords, credit card number etc.). Sometimes the recipient is also asked to click on a link that leads to a web site that looks confusingly similar to the official site. The scammer has only one purpose in mind - he wants to use your confidential data to access and misuse your accounts. The best protection, therefore, is to learn to detect scam e-mails.
(Pour plus d’informations consultez les règles de comportement CASES « (More information can be found in the» You can also take the test « Déceler les e-mails malveillants »).
|
|
Never save your access data on your computer. Anyone with access to this computer can misuse your data.
|
|
If a person discovers your password, the greatest risk is that this person will misuse your identity. Therefore choose as random a password as possible and follow the recommendations below:
- It should contain at least 8 characters (the more the better),
- It should consist of numbers, upper and lower case letters and symbols,
- It should not be a word that can be found in a dictionary,
- It should not relate to personal information,
- You should define a different password for every application and system,
- it should be random,
- You should change your passwords frequently, and no less than twice a year. The more important the application or system is for you, the more frequently you should change your password.
(More information can be found in the CASES article on « Les mots de passe »).
|
|
Some domain names are only registered for malicious purposes. It is therefore important for you to know the various types of attacks on domain names so that you can protect yourself. (More information can be found in the « Les noms de domaine »).
|
“E-Banking application” CASES security reflexes
|
Find out from your bank whether and how you can set limits for your banking transactions e.g. a maximum number of transactions per day or month, maximum amount etc. You can reduce the risk of scamming by applying limits providing your bank offers this option.
|
|
Make sure that the web site is secure. If you use payment services over the Internet or execute banking transactions online, you must make sure that the sites are secure.
Use the following five reflexes:
- The address line should contain “https”. Check that this is the case,
- On a secure web site, you will see a small padlock at the top or bottom of the page. Check that this is the case,
- The padlock must be closed. Make sure that this is the case,
- Double click on the padlock to make sure that a recognised certificate is associated with the closed padlock – the certificate will be displayed. Check the certificate display.
- The certificate must be valid.
You can find out whether this condition is met by checking the information in the certificate. The certificate contains information about the owner, the certification body and the expiry date. You should check each of these items of information and compare them with the web site you are visiting before you trust the connection.
(More information can be found in the « HTTPS" et la solution « Vérifiez qu’une page Web est sécurisée »).
|
|
If anything strikes you as strange during an e-Banking or e-Commerce session or if you notice a security risk, please inform your bank.
Examples of unusual processes:
- the session is interrupted,
- the session takes longer than usual and, for example, a download message is displayed.
|
|
If you see anything unusual or believe that your session is not secure, you can bar your e-Banking account yourself providing your bank offers this service.
Depending on the bank, there is a tab in the application named “Security” or “Options” on which you can carry out the barring process.
|
|
Quand une transaction est terminée, quittez toujours la session grâce au bouton log out / déconnexion. Si vous fermez simplement la fenêtre de l’application, la session qui, en fait, est toujours ouverte, peut être usurpée.
|
|
Make sure that you are not overlooked when you perform your e-Banking or e-Commerce transactions and be alert at all times.
Do not execute any e-Banking or e-Commerce transactions on public workstations such as Internet cafés or airports.
Public workstations and strange computers are never very secure.
(More information can be found in the CASES article on « Postes publics »).
|
 |
It is always risk to use a strange computer, regardless of what transactions you carry out. This may be an unknown computer, a colleague’s computer or even the computer in your office.
You can never know what has happened on the computer before you use it and who may have been working on it, or even tampered with it.
Whoever that may be, you should only ever use your own computer for e-Banking or e-Commerce transactions. |
Using the CASES security reflexes listed above will give you the best possible protection. You can test your knowledge with the e-pass test that has been specially developed by CASES for current or future users of online services.
|
