    Tips when using Public Computer

Document Sample
    Tips when using Public Computer Powered By Docstoc
					While ALSAFWA has given the top priority to secure customer's accounts and personal information and provide
them a secure environment, we still recommend our customer as an Internet user to be well aware of the best
practices and use them.

We have provided some basic tips and recommendations that can be followed to make your online e-trading
experience safer and enjoyable.

       ALSAFWA's System Security
       Safe Online Practices
       Phishing /Spoof Email/Email Fraud
       Tips when using Public Computer

ALSAFWA's System Security
ALSAFWA has employed a range of security features for its Online E-trading Services.


   1. Firewall: - It is the Virtual electronic fence that prevents unauthorized access to the ALSAFWA servers.

   2.   Encryption: - SSL stands for "Secure Sockets Layer". It is a protocol designed to enable applications to
        transmit information back and forth securely. Applications that use this protocol inherently know how to give
        and receive encryption keys with other applications, as well as how to encrypt and decrypt data sent
        between the two SSL has been universally accepted on the World Wide Web for authenticated and
        encrypted communication between the customer's computer and servers.
        ALSAFWA uses 128-bit encryption key to scramble all messages between your PC and all ALSAFWA
        online sessions. It is the strongest and more secure form of encryption that is most widely used worldwide.
        Some applications that are configured to run SSL include web browsers like Internet Explorer and Netscape,
        email programs like Outlook, and Outlook Express etc. These programs are automatically able to receive
        SSL connections.

   3. Comtrust Digital Certificate
      Digital certificates are issued by certification authorities to authenticate a Web site or elements of Web sites.
      The certificate identifies the originator of the site, or element, and verifies that it has not been tampered with.
      When your Web browser is presented with a certificate, it will check to see if a legitimate certification
      authority issued the certificate. If there is a match, your session will continue. Otherwise, your browser will
      issue a warning and your safest action is to cancel your activity.

   4. Two levels of Password for Financial Transactions
      Orders can be executed through Internet e-trading only by use of transaction password from the tokens in
      addition to the password used for logging in. All main transactional facilities on the website cannot be done
      without entering transactional password.

   5. Virtual Keyboard
      For enhanced security against keystroke capturing, input of your username, password or PIN will only be
      allowed via the virtual keyboard using your mouse. The virtual keyboard is displayed with numbers (buttons)
      in random order, rather than the standard 0-9.
   6. Timed Log-Off
      To further protect against unauthorized access to your accounts, our systems are designed to automatically
      terminate a secure online session if extended inactivity is detected. If your session is left idle the message
      will pop up after the specified time has elapsed, which will prompt you to either continue or terminate the
      session.




Safe Online Practices

Although ALSAFWA has employed state-of-art technologies and methodologies to make your online e-trading
experience safer and enjoyable; it also recommends you to follow the best practices while trading online.

   1. Password Protection
      Password verification is the mechanism used by computer systems and Web sites to check your identity.
      When you login to a secure Website using password, you are granted appropriate access to available
      services and resources. If someone else knows your password, he can access the same resources. In other
      words, whatever you can do when you are logged into a site, they can do too!

       We suggest you as our customer tips to protect your password :

   a. Change your password immediately after your first logon and there after at least once in a month. It is
      suggested to change both the passwords (Login and Transactions)
   b. To provide additional security for online financial transaction always create and maintain different passwords
      for Login and for Transactions.
   c. Do not share your password with anyone else, including family members, friends or Alsafwa staff.
   d. Always try to create complex and lengthy password that are difficult to guess. Do not create password that
      are obvious, like your name, family members name, address, telephone number, date of birth etc.
   e. Never use same password for different applications or services that you may use.
   f. If you feel that your password is known by another person you should change it immediately.
   g. If your login IDs or password automatically appears in the login page of a secure Web site, you should
      disable the auto complete function to increase the security of your information.

   2. Site Security
      when you login to ALSAFWA web site successfully, your web browser will establish a secure connection
      between your computer and our Web servers. This will allow you to communicate with us privately and to
      conduct online transactions safely. In order to make sure that your browser has established a secure
      connection, look for a security symbol located at the bottom left or right hand corner of your browser. (see
      figure below)




   a. You may also check the address bar of your browser. If the Web site address starts with "https://" rather
      than the standard "http://", then the session is secured. Also note that the URL shown in browser is pointing
    to ALSAFWA �s genuine website.




b. Click on the lock in your web browser to see the site� s security details. Make sure when you connect to
   ALSAFWA web site it shows following digital certificate.




3. Log Off
   Do not forget to log off and close your browser, when you are finished conducting online transactions or
   visiting secure Web sites. This will ensure that any information that is cached or stored on your computer or
   in your browser is erased. This will prevent others from being able to view this information later. Also never
   leave your PC unattended when you are performing the online transactions.
    4. Anti Virus Software
       Computer viruses and worms like “Melissa " and " Code Red " are very dangerous as they can spread very
       quickly and create havoc on personal computers and corporate networks. You should always use up-to-date
       anti-virus software that is capable of scanning files and email messages for viruses. This can prevent your
       files from being corrupted or lost, as well as save you hours of frustration as you try to restore an infected
       computer system.

    5. Firewall
       Any personal computer connected to the Internet that is not properly protected is vulnerable to a variety of
       malicious Internet intrusions and attacks. This is applicable to all cable modem, digital subscriber line (DSL)
       and dial-up users. However, cable modem and DSL users are particularly vulnerable because both
       connection methods provide "always-on" connection capability. The chances of a malicious individual
       entering your computer increases significantly the longer your computer is on and connected to the Internet.
       A role of firewall is to protect you from any intrusion. It creates a barrier between your PC and the other
       internet user. A firewall can be a hardware device, software application or it can be combination of both.
       Firewall is cable of preventing any malicious attacks and can block certain type of traffic (data) from entering
       your PC or network. If proper policy is set they can alert you if any tries to attack your computer.

    6. Software Update
       The software that you use to connect to internet itself can impact the security of your online transactions.
       You should visit the websites of software vendor to check the security bulletins that warn you about various
       security bugs or holes that may impact the software and the web browser you are using. It is import to check
       for the software patches and updates for your operating systems too.




Phishing /Spoof Email/Email Fraud

Internet E-TRADING is a safe way to manage your stock portfolio. However, there are Internet fraudsters around
who will try to gain access to your accounts by e-mailing you and prompting you to disclose your on-line e-trading
security details to them. Please note that Alsafwa will never send such e-mails that ask for confidential information. If
you receive an e-mail requesting your Internet trading security details, you should not respond.

‘Phishing ' refers to the practice of fraudsters 'fishing' for your details in order to find out and misuse sensitive
personal and financial information. Criminals may, for instance, make identical copies of existing corporate websites,
or send scam e-mails to elicit a response from you and trick you into divulging your personal information.

Although there is no single way to recognize whether you have received spoofed email - as the fraudsters are
deceptive, there can be few signs to guess the emails reality.




Signs of Spoof/ Phishing email

    a. Senders Email ID: Spoof email may include a forged email id in the from line. Never rely on the from field of
       an email as it can be altered very easily.
    b. Account Status Threat or Urgency: Most of the times spoof email you receive will try to tell you about the
         threat that your account is jeopardize and you will not be able to transact on website unless you send the
         account information immediately. It may also claim that Alsafwa is updating its database.

    c.   Links: While many emails have links (urls ) included within it, please remember that this link will take you to
         fake website. It may look very similar to Alsafwa’s actual URL but there can be spell mistakes which are not
         easy to detect. So do not click on this URL. Always type in the URL in the address bar to avoid connecting
         to any fake website.

    d. Request for personal information: Requests that you enter sensitive personal information such as a User ID,
       Password or Alsafwa account number, by clicking on a link or completing a form within the email are a clear
       indicator of a Spoof email




The good thing about this emails is that you are in control - you can protect your personal financial information by
ignoring the spoof altogether. You should never provide contact, sign-in or other sensitive personal information in an
email.




Tips when using Public Computer

When you use internet cafe� to do online e-trading there is always a chance of your information getting stored on
the PC you used and may be accessed by other people who can perform transaction on your behalf. Below are the
few tips you should follow in order to protect yourself when transacting at public places.

Always use Virtual Keyboard for Passwords

Remove Your Activities Track

Protect Your Passwords

Extra Caution

File Sharing




Always use Virtual Keyboard
When you are transacting online using public computer there is risk that there is some program running in
background which is trying to capture the keystrokes and hence he may get your password, in order to avoid
password from being recorded you should always use Virtual Keyboard provided on the login page.




Remove Your Activities Track
When you use an Internet browser, it stores data of the site and web pages you visited. When you finish with surfing
or transacting online do not forgot to clear your activity track by using following simple steps:
Internet Explorer Users:
( i ) Click Tools > Internet Options. On the General tab, click Delete Files and Delete Cookies. Then click Clear
History.


Netscape Navigator Users:
( i ) Before using internet, Click Edit and Preferences.
(ii) Click the arrow next to Navigator and select History. On the right, find Browsing History. Change Remember
Visited Pages to 0.
(iii) Click on the arrow next to Privacy and Security. Select Disable Cookies and Disable Cookies in Mail and
Newsgroups.
(iv) Once you finished surfing/transacting online, click Edit and Preferences. Click the arrow next to Navigator. Click
Clear History and Clear Location Bar.
(v) Go to Privacy and Security on the left side and click the arrow. Select Cookies. Click Manage Stored Cookies. On
the stored Cookies tab, click Remove All Cookies.
(vi) Now go to Advanced, in the left-hand panel. Click the arrow and click Cache. Click Clear Memory Cache and
Clear Disk Cache.



Protect Your Passwords
Browsers also save passwords. In order to ensure that no one can track your surfing or grab your passwords with
saved data clean your browser using following option.

Internet Explorer Users:
(i ) Click Tools > Internet Options. On the Content tab, click AutoComplete. Uncheck the four boxes.
(ii) When you finish surfing, again click Tools > Internet Options. Go to the Content tab and click AutoComplete.
Click Clear Forms and Clear Passwords.

Netscape Navigator Users:
(i ) Before browsing, Click Edit and Preferences. Click the arrow next to privacy and Security. Click Passwords.
Clear the box next to Remember Passwords. When you finish browsing, click Passwords again, under Privacy and
Security. Click Manager Stored Passwords. Select the Passwords Saved tab and click Remove All.

(ii) Netscape has a feature similar to AutoComplete. It saves data entered into forms. To disable that, under Privacy
and Security, click Forms. Uncheck �Save form data from Web pages when completing forms�. When you finish
browsing, return to the Forms page. Click Manage Stored Form Data. Click Remove all Saved data.


Extra Caution
Public computers may be secure. But one can never be sure of what has been done on a public machine. Approach
these machines with care. Avoid performing sensitive business transactions from these machines.




File Sharing
Some shared computers allow you to install software on them, making them vulnerable to virus attacks or malicious
programs such as keystroke logging programs. If you have any concerns about the security of a shared computer,
don't hesitate to ask the administrator about the steps they have taken to protect their computers.
                             Created By

                       Sameer Ullah Darail

        Head Of Information Technology & Communication.

                    P.O. Box: 185085 Dubai, U.A.E

          Office AlNoor Tower Qanat Ul Qasbah , Sharjah UAE

            Office. Tel: +971 4 3289111 OR +971 6 5190866

                       Mobile:+971509488915

                        Fax: +971 4 3319229

                    Email: sameer@alsafwa.ae

                     website: www.alsafwa.ae




                       ISLAMIC FINANCIAL SERVICES




OUR WORKING HOURS IS FROM :- 9 AM TO 4 PM SUNDAY THRU THURSDAY.