Online Banking Security Policy

• Fraud Prevention
• Security Policy
• FAQs

Fraud Prevention

Your Online Banking log in details are important.  If you disclose them you may risk becoming a victim of fraud.

Criminals use a number of different methods to obtain your Online Banking details in order to defraud you.  A common method is by way of an email purporting to be from your bank, this is known as a Phishing email.  The email will state some reason which requires you to click on a link which will take you to a website.  The reason given may be to ensure continued access to your Online Banking facility or perhaps to verify that you have received some funds. If you do click on the link then you will be asked to enter some or all of your Online Banking details such as the full Personal Access Code (PAC) or numbers from your Code Card. We only ever ask for three random digits from your PAC in order to log in.  The website that you go to after clicking on the link will probably look very convincing and appear genuine (see Overview of Security below).  This site will not be genuine and will be provided by the fraudster. We will never request these details via email.

Should you receive such an email, please DO NOT follow the instructions, select the link or respond. We never ask customers to re-register security details by email.

Such e-mails are an attempt to obtain your Online Banking log in details in order to remove funds from your bank accounts. Should you receive an email like this, do not respond and contact us at 028 9034 6034.

Please Remember

Never reactivate your account or input your security information unless within the secure Phone or Online banking environment.

When you log in to Online Banking you will be asked to enter your registration number and three random digits, never all five, from your Personal Access Code (PAC) and the last four digits from one of the set of unique personal details provided by you at initial registration.

Always keep your log in details confidential

Our Online Banking website uses up to date security systems to protect our customers' financial and personal data. Your part in maintaining this confidentiality is to ensure that you keep your log in details secret.

We have a secure log in process and up-to-date encryption that prevents anyone from accessing your account online or viewing details whilst in transit between your PC and the bank server.

Security Policy

Introduction

Overview of Security

The Internet

Your Browser

Our Web Server

Caching

Cookies

Timeouts

Log Out

Summary

The following information is to help you understand more about the security features of Online Banking.

Introduction

The Internet is a collection of many computers linked together by a public network that spans the globe. It works by sending information from computer to computer across the network until the information reaches its destination. When data is sent from one computer to another, every computer in between has the possibility of looking at what is being sent.

This is not a problem for many of the activities that take place using the Internet. However, if we want to keep information private we must take extra precautions. The following information will help you to understand more about the security features of Online Banking and the best practices that will allow you to keep your information private.

Back to index

Overview of Security

Online Banking incorporates several layers of technology to ensure the confidentiality and integrity of its transactions across the Internet.

1. The SSL Protocol (Secure Sockets Layer) is used to encrypt (scramble) any information as it travels between your browser and the bank server, meaning that the information cannot be read whilst en-route. You can check to see if SSL is in use by looking for the padlock on the browser and by checking that the correct web address, starting with https: is shown in the browser address field.
2. Digital Certificates, electronic files which confirm the authenticity of a website, are used to allow you to verify that your browser is communicating with the bank web server.
3. A user's registration number, PAC (Personal Access Code), Code Card and other personal details are also used to authenticate customer log ins.

Once you read through the following sections you will see how easy it is to use the service in a secure manner.

Back to index

The Internet

The Internet is frequently illustrated as a cloud when shown as a picture. This is because it is not possible to control exactly what route is taken when information is communicated between one computer and another across the Internet.  Information may pass through many other computers on the internet as it travels between your computer and the bank web server
Back to index

Your Browser

To use Online Banking you must have access to the internet and have an internet browser installed on your computer. There are a number of different browsers available of which Microsoft Internet Explorer and Mozilla Firefox are the most popular. We recommend that you use the most recent version of your browser as it will provide you with better security and control features. Some older versions of browsers will not work with our service, as they do not support the required security features.

Online Banking is designed to work with all browsers that support frames and support the SSL protocol. It is advisable to use a more up to date version of your browser, as it should include these capabilities. In addition, more up to date versions will include updates, known as software patches, which help prevent criminals from accessing sensitive data from your PC. Most have an automatic update facility which ensures that new patches are applied as soon as they are available, it is wise to ensure this feature is enabled. The following section details some of the ways in which your browser can help you to keep your information secure.

Some browsers will also offer to remember your log in details.  It is not recommended that you take advantage of this offer especially if using a computer which is shared.

Back to index

Our Web Server

The bank has a computer or "web server" connected to the internet that deals securely with the requests for information and services you make using Online Banking.  This web server is also protected by layers of security including Firewall and Anti-Virus systems.
Back to index

Caching

Caching is the terminology used to describe the process of temporarily storing information either in your computer's temporary memory (RAM) or its hard drive so that is can be retrieved more swiftly if required again. When you view a page on the internet, your browser may keep a copy of that information in your computers' cache rather than have to request the information again from the web server.

Why worry about caching?

If your browser stores pages on your hard drive in order to promptly retrieve them at a later stage, it is possible the pages can be viewed by somebody else using the same computer. If you share a computer or your cache is stored on a shared hard drive then other people may be able to view details of your accounts.

Caching secure pages

A secure page is a page which has been delivered to your browser using the SSL encryption protocol. Once your browser has established a secure session with the service, all pages will be secure pages. Under normal circumstances your browser will not cache these secure pages. The bank web server uses a standard command instructing browsers not to cache the secure pages. It is possible to override this command by using settings on your browser. We strongly advise that you do not configure your browser to cache secure pages. More recent versions of browsers allow you to do this while older versions may not have this option.

Back to index

Cookies

A cookie is a piece of information that the bank server gives to your browser once your browser has established a secure session. Without the cookie data, you would have to log in every time your browser requested any information from the bank web server.

When you hit the log out button to leave the service, the cookie data is deleted from the system therefore breaking the link between your PC and the bank web server. Selecting log out ensures that you securely terminate the service.

Back to index

Timeouts

If there is no service activity for five minutes then the session will expire and the browser will display a new page giving the option to exit or log in again.  Do not leave your computer unattended while signed onto the service, especially if using a public internet facility.

Back to index

Log out

Always finish your session by selecting log out. This will ensure that your session with the bank server has terminated securely.

Back to index

Summary

The purpose of this policy is to provide an overview of the security features of our Online Banking service. The following steps will help you to use our service with confidence.

• Ensure that you connect to the correct website address - http://www.firsttrustbank.co.uk/onlinebanking.
• Ensure that your browser indicates a secure session, check for the padlock and https at the start of the address.
• Ensure that you select log out when you finish.
• Keep your registration number and Personal Access Code (PAC) secret.
• Keep your code card safe and do not give it to anyone else.
• Take care of your information once it has been delivered to your browser.

 

We are keen to ensure that our customers are aware of the steps we have taken to provide a secure service and also the steps that they must take to securely use our service. Should you have any questions or feedback regarding the security of our service please phone our customer service advisers on 028 9034 6034 between 8.30am and 5.00pm Monday to Friday.

Back to index

FAQ's

• How do I know that I am dealing with the real Online Banking website?
• How does the bank know that they are dealing with me?
• How do I know my registration number and PAC are kept private?
• How do I know that my account details, funds transfer requests and other information are kept private?
• How do I know that the information sent by the bank is accurate and has not been changed en-route?
• How do I know that someone who uses the computer after me cannot see the information?

How do I know that I am dealing with the real Online Banking website?

 

• Firstly, it is important to ensure that the website address you connect to is correct, it is good practice to either type the address each time you need it or store it in your favorites. The legitimate website name is www.firsttrustbank.co.uk/onlinebanking.
• Secondly, you must ensure that your browser is indicating a secure session. The Digital Certificate that the bank server sends to your browser will allow your browser to uniquely identify the bank server and sets up the secure encrypted session. Your browser will warn you if the Digital Certificate is incorrect.
  

How does the bank know that they are dealing with me?

We rely on your log in credentials to ensure your session is authentic.

We simply ask for your registration number, randomly selected digits of your PAC and other personal details. Once you enter the correct information, the bank web server will verify the details and send you a copy of your account balances.

If you enter your PAC incorrectly three times you will be locked out of the service. Upon lock out a new PAC will be automatically re-ordered for you, and you should receive this within five working days. You must then call 028 9034 6034 to activate the service and change the PAC to a number of your choice.

As an additional security feature a "Code Card" will be required for certain transactions. The code card is simply a card that is ordered online through Online Banking. It is unique for every user. The system will randomly select one of the codes and you will be asked to enter it from the code card when using one of the services that needs a code card. 

How do I know my registration number and PAC are kept private?

When your browser and the bank web server are establishing a secure session they will exchange a secret code. This code is commonly called a "session key" and is known only to your browser and the bank web server. This session key is used to encrypt (scramble) all the data that passes between the two computers. Even though the data passes through other computers on the Internet it will make no sense to anybody who captures the information. Only your browser and the bank server will have the session key that can decrypt (unscramble) your information.

How do I know that my account details, funds transfer requests and other information are kept private?

Once the secure session is established, the session key described above is used to protect all data as it passes through the Internet including your statement details, funds transfer requests and bill payment requests. The information is decrypted only when it reaches your browser.

How do I know that the information sent by the bank is accurate and has not been changed en-route?

While it is important that your information is kept confidential when travelling across the Internet, it is also important that you know your information has not been tampered with. Part of SSL Protocol involves using a Message Authentication Code (MAC). If a message is tampered with in transit then your browser will not accept the message. Messages sent from your browser to the bank server are also protected in this manner.

How do I know that someone who uses the computer after me cannot see the information?

The security methods that have been outlined so far ensure that the information that travels across the Internet does so in a confidential and reliable manner. Once the messages reach your browser they are decrypted and can be viewed in the form of normal web pages.

Once the information has been decrypted you should be aware of how your browser deals with your web pages. It is particularly important to note if more than one person uses your browser. Log out properly and ensure your log in details are known only to you.

 

Back to top