While ALSAFWA has given the top priority to secure customer's accounts and personal information and provide them a secure environment, we still recommend our customer as an Internet user to be well aware of the best practices and use them. We have provided some basic tips and recommendations that can be followed to make your online e-trading experience safer and enjoyable. ALSAFWA's System Security Safe Online Practices Phishing /Spoof Email/Email Fraud Tips when using Public Computer ALSAFWA's System Security ALSAFWA has employed a range of security features for its Online E-trading Services. 1. Firewall: - It is the Virtual electronic fence that prevents unauthorized access to the ALSAFWA servers. 2. Encryption: - SSL stands for "Secure Sockets Layer". It is a protocol designed to enable applications to transmit information back and forth securely. Applications that use this protocol inherently know how to give and receive encryption keys with other applications, as well as how to encrypt and decrypt data sent between the two SSL has been universally accepted on the World Wide Web for authenticated and encrypted communication between the customer's computer and servers. ALSAFWA uses 128-bit encryption key to scramble all messages between your PC and all ALSAFWA online sessions. It is the strongest and more secure form of encryption that is most widely used worldwide. Some applications that are configured to run SSL include web browsers like Internet Explorer and Netscape, email programs like Outlook, and Outlook Express etc. These programs are automatically able to receive SSL connections. 3. Comtrust Digital Certificate Digital certificates are issued by certification authorities to authenticate a Web site or elements of Web sites. The certificate identifies the originator of the site, or element, and verifies that it has not been tampered with. When your Web browser is presented with a certificate, it will check to see if a legitimate certification authority issued the certificate. If there is a match, your session will continue. Otherwise, your browser will issue a warning and your safest action is to cancel your activity. 4. Two levels of Password for Financial Transactions Orders can be executed through Internet e-trading only by use of transaction password from the tokens in addition to the password used for logging in. All main transactional facilities on the website cannot be done without entering transactional password. 5. Virtual Keyboard For enhanced security against keystroke capturing, input of your username, password or PIN will only be allowed via the virtual keyboard using your mouse. The virtual keyboard is displayed with numbers (buttons) in random order, rather than the standard 0-9. 6. Timed Log-Off To further protect against unauthorized access to your accounts, our systems are designed to automatically terminate a secure online session if extended inactivity is detected. If your session is left idle the message will pop up after the specified time has elapsed, which will prompt you to either continue or terminate the session. Safe Online Practices Although ALSAFWA has employed state-of-art technologies and methodologies to make your online e-trading experience safer and enjoyable; it also recommends you to follow the best practices while trading online. 1. Password Protection Password verification is the mechanism used by computer systems and Web sites to check your identity. When you login to a secure Website using password, you are granted appropriate access to available services and resources. If someone else knows your password, he can access the same resources. In other words, whatever you can do when you are logged into a site, they can do too! We suggest you as our customer tips to protect your password : a. Change your password immediately after your first logon and there after at least once in a month. It is suggested to change both the passwords (Login and Transactions) b. To provide additional security for online financial transaction always create and maintain different passwords for Login and for Transactions. c. Do not share your password with anyone else, including family members, friends or Alsafwa staff. d. Always try to create complex and lengthy password that are difficult to guess. Do not create password that are obvious, like your name, family members name, address, telephone number, date of birth etc. e. Never use same password for different applications or services that you may use. f. If you feel that your password is known by another person you should change it immediately. g. If your login IDs or password automatically appears in the login page of a secure Web site, you should disable the auto complete function to increase the security of your information. 2. Site Security when you login to ALSAFWA web site successfully, your web browser will establish a secure connection between your computer and our Web servers. This will allow you to communicate with us privately and to conduct online transactions safely. In order to make sure that your browser has established a secure connection, look for a security symbol located at the bottom left or right hand corner of your browser. (see figure below) a. You may also check the address bar of your browser. If the Web site address starts with "https://" rather than the standard "http://", then the session is secured. Also note that the URL shown in browser is pointing to ALSAFWA �s genuine website. b. Click on the lock in your web browser to see the site� s security details. Make sure when you connect to ALSAFWA web site it shows following digital certificate. 3. Log Off Do not forget to log off and close your browser, when you are finished conducting online transactions or visiting secure Web sites. This will ensure that any information that is cached or stored on your computer or in your browser is erased. This will prevent others from being able to view this information later. Also never leave your PC unattended when you are performing the online transactions. 4. Anti Virus Software Computer viruses and worms like “Melissa " and " Code Red " are very dangerous as they can spread very quickly and create havoc on personal computers and corporate networks. You should always use up-to-date anti-virus software that is capable of scanning files and email messages for viruses. This can prevent your files from being corrupted or lost, as well as save you hours of frustration as you try to restore an infected computer system. 5. Firewall Any personal computer connected to the Internet that is not properly protected is vulnerable to a variety of malicious Internet intrusions and attacks. This is applicable to all cable modem, digital subscriber line (DSL) and dial-up users. However, cable modem and DSL users are particularly vulnerable because both connection methods provide "always-on" connection capability. The chances of a malicious individual entering your computer increases significantly the longer your computer is on and connected to the Internet. A role of firewall is to protect you from any intrusion. It creates a barrier between your PC and the other internet user. A firewall can be a hardware device, software application or it can be combination of both. Firewall is cable of preventing any malicious attacks and can block certain type of traffic (data) from entering your PC or network. If proper policy is set they can alert you if any tries to attack your computer. 6. Software Update The software that you use to connect to internet itself can impact the security of your online transactions. You should visit the websites of software vendor to check the security bulletins that warn you about various security bugs or holes that may impact the software and the web browser you are using. It is import to check for the software patches and updates for your operating systems too. Phishing /Spoof Email/Email Fraud Internet E-TRADING is a safe way to manage your stock portfolio. However, there are Internet fraudsters around who will try to gain access to your accounts by e-mailing you and prompting you to disclose your on-line e-trading security details to them. Please note that Alsafwa will never send such e-mails that ask for confidential information. If you receive an e-mail requesting your Internet trading security details, you should not respond. ‘Phishing ' refers to the practice of fraudsters 'fishing' for your details in order to find out and misuse sensitive personal and financial information. Criminals may, for instance, make identical copies of existing corporate websites, or send scam e-mails to elicit a response from you and trick you into divulging your personal information. Although there is no single way to recognize whether you have received spoofed email - as the fraudsters are deceptive, there can be few signs to guess the emails reality. Signs of Spoof/ Phishing email a. Senders Email ID: Spoof email may include a forged email id in the from line. Never rely on the from field of an email as it can be altered very easily. b. Account Status Threat or Urgency: Most of the times spoof email you receive will try to tell you about the threat that your account is jeopardize and you will not be able to transact on website unless you send the account information immediately. It may also claim that Alsafwa is updating its database. c. Links: While many emails have links (urls ) included within it, please remember that this link will take you to fake website. It may look very similar to Alsafwa’s actual URL but there can be spell mistakes which are not easy to detect. So do not click on this URL. Always type in the URL in the address bar to avoid connecting to any fake website. d. Request for personal information: Requests that you enter sensitive personal information such as a User ID, Password or Alsafwa account number, by clicking on a link or completing a form within the email are a clear indicator of a Spoof email The good thing about this emails is that you are in control - you can protect your personal financial information by ignoring the spoof altogether. You should never provide contact, sign-in or other sensitive personal information in an email. Tips when using Public Computer When you use internet cafe� to do online e-trading there is always a chance of your information getting stored on the PC you used and may be accessed by other people who can perform transaction on your behalf. Below are the few tips you should follow in order to protect yourself when transacting at public places. Always use Virtual Keyboard for Passwords Remove Your Activities Track Protect Your Passwords Extra Caution File Sharing Always use Virtual Keyboard When you are transacting online using public computer there is risk that there is some program running in background which is trying to capture the keystrokes and hence he may get your password, in order to avoid password from being recorded you should always use Virtual Keyboard provided on the login page. Remove Your Activities Track When you use an Internet browser, it stores data of the site and web pages you visited. When you finish with surfing or transacting online do not forgot to clear your activity track by using following simple steps: Internet Explorer Users: ( i ) Click Tools > Internet Options. On the General tab, click Delete Files and Delete Cookies. Then click Clear History. Netscape Navigator Users: ( i ) Before using internet, Click Edit and Preferences. (ii) Click the arrow next to Navigator and select History. On the right, find Browsing History. Change Remember Visited Pages to 0. (iii) Click on the arrow next to Privacy and Security. Select Disable Cookies and Disable Cookies in Mail and Newsgroups. (iv) Once you finished surfing/transacting online, click Edit and Preferences. Click the arrow next to Navigator. Click Clear History and Clear Location Bar. (v) Go to Privacy and Security on the left side and click the arrow. Select Cookies. Click Manage Stored Cookies. On the stored Cookies tab, click Remove All Cookies. (vi) Now go to Advanced, in the left-hand panel. Click the arrow and click Cache. Click Clear Memory Cache and Clear Disk Cache. Protect Your Passwords Browsers also save passwords. In order to ensure that no one can track your surfing or grab your passwords with saved data clean your browser using following option. Internet Explorer Users: (i ) Click Tools > Internet Options. On the Content tab, click AutoComplete. Uncheck the four boxes. (ii) When you finish surfing, again click Tools > Internet Options. Go to the Content tab and click AutoComplete. Click Clear Forms and Clear Passwords. Netscape Navigator Users: (i ) Before browsing, Click Edit and Preferences. Click the arrow next to privacy and Security. Click Passwords. Clear the box next to Remember Passwords. When you finish browsing, click Passwords again, under Privacy and Security. Click Manager Stored Passwords. Select the Passwords Saved tab and click Remove All. (ii) Netscape has a feature similar to AutoComplete. It saves data entered into forms. To disable that, under Privacy and Security, click Forms. Uncheck �Save form data from Web pages when completing forms�. When you finish browsing, return to the Forms page. Click Manage Stored Form Data. Click Remove all Saved data. Extra Caution Public computers may be secure. But one can never be sure of what has been done on a public machine. Approach these machines with care. Avoid performing sensitive business transactions from these machines. File Sharing Some shared computers allow you to install software on them, making them vulnerable to virus attacks or malicious programs such as keystroke logging programs. If you have any concerns about the security of a shared computer, don't hesitate to ask the administrator about the steps they have taken to protect their computers. Created By Sameer Ullah Darail Head Of Information Technology & Communication. P.O. Box: 185085 Dubai, U.A.E Office AlNoor Tower Qanat Ul Qasbah , Sharjah UAE Office. Tel: +971 4 3289111 OR +971 6 5190866 Mobile:+971509488915 Fax: +971 4 3319229 Email: email@example.com website: www.alsafwa.ae ISLAMIC FINANCIAL SERVICES OUR WORKING HOURS IS FROM :- 9 AM TO 4 PM SUNDAY THRU THURSDAY.
Pages to are hidden for
" Tips when using Public Computer"Please download to view full document