i

Protecting yourself online

The internet makes it easy to manage your money from just about anywhere. Unfortunately it’s also a prime hunting ground for fraudsters. Here are some tips, guidelines and things to look out for to help keep yourself safe online.

If you think you’ve been targeted by an online or phone scam, please call us on 0800 327 863. We take security extremely seriously and will do everything we can to help.

Our online security systems

Online security is extremely important at ASB so we always use the highest industry standards to help keep your banking safe. We also constantly review our security to counter any new threats. 

When you log in

You need to use a unique username and password to log in to FastNet Classic Internet banking. If you (or someone else) tries to access your accounts without these, they will be allowed a certain number of attempts before access is suspended.

We also show the date and time of your last login so you always know that no one else has accessed your accounts. If you choose, you can also use Netcode at login. This means that you’ll be asked to enter a unique code whenever you log in to FastNet Classic.

While you're banking online

We only allow secure connections between your browser and our servers when you are banking online. This means that your information is scrambled before it travels over the Internet in a way that only we can unscramble.

ASB has selected two leading providers of certificate services, VeriSign (now from Symantec) and Entrust. You may find certificates from either of these providers on our sites.

FastNet Classic uses an Extended Validation (EV) SSL Certificate. This means that if you're using Internet Explorer 7 and above, your address bar will turn green when you visit FastNet Classic. This makes it easy for you to be sure you’re on the genuine ASB website.

To learn how to tell if a website connection is secure, visit the appropriate help page for your browser, for example:

You can also use Netcode as an extra layer of protection when making payments online.

Credit Card numbers in FastNet Classic

To improve your security, we have masked the first 12 digits of your credit card and only the last 4 digits will be displayed.

When you're finished

You’ll automatically be signed off from your account if it’s inactive for a set period of time. But it’s even more secure if you log off when you’ve finished your banking.

When you log off, all of the pages you visited in our online banking websites are automatically removed from your browsers cache. This means other users of that computer won’t be able to view your personal or account details by using your browser’s back button or searching the contents of the computer's hard-drive.

Security experts behind the scenes

Our dedicated security team investigates new technologies, monitors activity and responds promptly to any emerging security issues. We regularly use reputable independent consultants to audit the security of all our systems.

Contacting us on Twitter or Facebook

  • To protect your security and privacy, please do not share any personal or sensitive information on Twitter or Facebook. We may ask you to Private or Direct Message us with information if required.
  • Follow us on Twitter (@ASBBANK) so that we can send you Direct Messages if needed.

Our email policy

Email is a really handy way to communicate with customers, but we also do everything we can to protect you from email phishing attacks. That’s why we have a very clear policy on how we’ll communicate by email.

Emails from ASB will never:

  • Ask you to login to Internet banking from the email
  • Ask you to confirm any secure banking information (account or credit card details, password, PIN number or Netcode details)
  • Tell you we have lost any of your details
  • Say that someone else has logged into your account
  • Ask you to confirm your internet banking username or password

Our emails will always give you the option to opt out and not receive further communications via email.

Remember: If you have any concerns about an email you receive forward it to our dedicated email scam team on phishing@asb.co.nz.

FastNet Classic security tips

Choosing a password

When you first login to FastNet Classic you’ll need to choose a password that’s easy for you to remember, but hard for others to guess.

Here are some password tips to avoid:

  • Easily guessed letter or number combinations
  • Don’t use passwords from other websites - never use your FastNet Classic password on other sites.
  • Exclude personal information (e.g. birthdate, family, pet or street names).

Keep your password safe

Never write down your password or give it out to anyone.

Remember: ASB will never ask you for your Internet banking password.

It’s also a good idea to change your online password regularly. Just login to FastNet Classic, select ' My Settings' from the menu.

Register for Netcode

Netcode is an extra layer of security to help make sure it's really you using FastNet Classic Internet banking.

A Netcode is a unique number that can be texted to you (or generated on a Netcode token).

You can set Netcode up for when you login to your online banking or whenever you’re making certain transactions.

See how to register for Netcode now.

Logout from internet banking

You should always logout and close your browser window after you’ve finished using any Internet banking service. You should also logout if you’re leaving your computer – even for a short time.

If you do forget to logout you’ll automatically be signed off from your account if it’s inactive for a set period of time.

Internet security tips

Check website security

If you’re making any financial transactions online, you should look for the letters “https://” at the beginning of the web address.

You can also look for a padlock icon in your browser window. These things show that the communication between your browser and our systems is being encrypted. You can also double-click on the padlock to see the level of security being used.

Be careful with emails

Emails are like postcards. It’s easy for people to read anything you send. So you should always be careful sending personal information by email.

Emails are also a common way to spread harmful viruses or to trick you into revealing your personal details or Internet banking information. This is called phishing.

Secure your computer

When you connect to the internet, you open your computer up to various potential problems. But these simple solutions can help you keep it safe.

Install anti-virus software

Viruses and worms are malicious pieces of software that can attach to your computer and cause all sorts of problems. They can get in through email attachments, you could inadvertently download them from a website or even through software you install from a CD, DVD or USB drive.

Good anti-virus software will help protect your computer against this threat. Even if you already have anti-virus software, you need to regularly update it to stay safe. It’s also a good idea to regularly schedule full system virus scans of your computer. There are a number of reputable anti-virus software products in the market, including: Norton Anti-virus, McAfee, TrendMicro, Kaspersky and AVG.

Many of these companies provide full Internet Security software packages that include everything you need to keep a home computer safe. We recommend visiting their websites, doing your own research and talking to a computer savvy friend to help choose the best one for you.

Get anti-spyware software

Spyware is another type of file that can find its way onto your computer and tell other people what you’re doing online. In its worst form, spyware can be used to access personal information such as bank accounts or credit card details. Like anti-virus software, you should always use up-to-date anti-spyware software to help keep your information safe. Some of the major anti-virus products include anti-spyware. Other free anti-spyware products include: Ad-aware and Spybot.

Use a personal firewall

A personal firewall is your first line of defence between your computer and the outside world. It will help control who can access your computer and also protect you from viruses and any other unwelcome visitors. Modern versions of popular desktop operating systems typically have personal firewall features. Check that they are turned on if you don’t have another firewall product.

There are a number of reputable personal firewall products available, including: Norton Anti-virus, McAfee, TrendMicro, Kaspersky and AVG.

If you're on a budget, you can download free or low-cost firewall software from companies like Zone Labs.

Keep your software up to date

One of the most important ways to keep your computer safe is make sure it has all the latest security software updates. These updates are usually free and they’re released regularly to fix holes in a computer's operating system. You can either choose automatic software updates, or regularly check with your software vendor to find out if operating system updates are available.

Keep your browser up to date

The most important software to keep updated is your Internet browser (eg Google Chrome, Internet Explorer, Firefox or Safari). All of these major browsers release security patches and these are important patches that you need to apply. You should also update any other applications installed like Adobe Reader or browser components like Java or Adobe flash, to make sure they have the latest security patches.

Mobile and wifi tips

Beware of public or shared computers

Be extremely wary of using other computers or public accessible Wifi networks (e.g. in an internet cafe, library or university) to access online banking. It’s impossible to know if they have up to date protection and it’s also easy for other people to watch what you’re doing.

If you must access Internet Banking from a public computer or publicly accessible Wifi network we recommend enabling netcode at sign-on, and changing your Internet Banking password regularly.

Phones and mobile internet

If you have a smart phone you need to take care of the things you download in just the same way as your home computer. You should only install applications from trustworthy sources, always keep your phone software and applications up-to-date and set a PIN or password to protect your phone from unauthorised use.

If you ever think your phone has been compromised by malicious software, call 0800 327 863 to have your internet banking password reset.

Banking on your phone

If you use the mobile version of FastNet you’ll need to enter your access code and password as well as Netcode where applicable. It’s important to keep your access code and password safe – and also a good idea to make sure that you’re not being overlooked when using mobile banking (eg on the bus) or leave your phone unattended. To have added protection on your phone, it's also good practice to have a security PIN on your mobile phone.

Stay safe in social media

Social networking sites like Facebook, Twitter, Google+, MySpace, Foursquare and LinkedIn are a great way to keep in contact with friends and colleagues. But they also give cyber criminals another way of gathering information about you. To protect yourself while using these social networking sites:

  • Change your security settings to make sure your profile pages are only available to people you trust.
  • Never publish personal or sensitive information like your birthday, drivers license number, tax file number or bank account details.
  • Never publish personal details like your home address or phone number.
  • If you want to publish an email address, set one up that’s different than your usual home or work email address.
  • Access the official ASB Social Media accounts through the Twitter and Facebook logos on our site, if ever in doubt of being taken to a fake page and someone pretending to be us.

Be wary about short URLs

Short URLs can be really handy in social media because they’re easy to paste or type. Unfortunately, you have no real idea which site a short URL is linking to. This means there it as opportunity for abuse by cybercriminals and scammers.

ASB has set up a special short URL service (asb.co) so you’ll always know that our short URLs were created by us (eg. http://asb.co/dVr3Y8), but other than those, you should only click on a shortened URL if its sent by someone you trust. If the site you arrive at seems strange, shut it immediately.

Be careful around location services

More of us are adding GPS information to social media updates so that friends and colleagues can see where we are. This can be fun and very handy from time to time.

But criminals may also be able to use this information to see who is tweeting, where they are, what their interests are and more. It’s then relatively easy to use this information to craft a targeted attack. So always be wary about sharing location information with untrusted sources – and be extremely wary about contacting strangers online.

General tips for safer banking

We work very hard to keep your banking as safe as possible. But here are a few things you can do to keep it safe.

  • Keep credit cards, EFTPOS card and cheque book in safe places.
  • If someone knows your PIN, contact us immediately.
  • If you lose your cheque book or Netcode device, contact us immediately.
  • Check your bank statements regularly to make sure they match the transactions you made.
  • Never share, write down or tell anyone your PIN number, access codes or passwords.
  • Never store these codes in an unsecure file on your computer.
  • Remember: ASB will never contact you directly asking you to confirm your PIN, online username, online password or Netcode token serial number.
  • Never email credit card details or share them with someone you don’t know over the phone.
  • Never tell someone your credit card number or expiry date unless they are specifically required to buy something.

Credit and debit cards

  • Always sign your new card as soon as you get it.
  • Destroy any old documents or receipts that display your credit card number.
  • Always choose a safe PIN.
  • Use different PIN numbers for your different cards.
  • Cut any expired cards in half.
  • Make sure you get your card back after using it.
  • Never let anyone else use your card.
  • If you haven’t automatically received a reissued credit card before the current one expires please contact us immediately.

EFTPOS and ATMs

  • Never use an ATM or EFTPOS terminal that looks like it may have been tampered with.
  • Be careful when you use an ATM to make sure other people can’t see you enter your PIN.
  • Be wary of anyone offering to help - especially if your card has just been retained (eaten) by the ATM.
  • If your card has been retained by an ATM go to the nearest branch or call 0800 803 804 immediately.

Shopping online

  • Always check for a secure browser connection before entering credit or debit card details online. Look out for a URL that starts with “https” or a locked padlock or unbroken key in the bottom right of your browser window.
  • Never use your debit or credit card number as a form of ID.
  • Only enter your details if you are ready to make a purchase.
  • If you buy something online, print out a copy of the transaction for your records.
  • Before buying online, check that the online store has a return and refunds policy.
  • When using your card to buy things online, look for reputable Internet stores. If you are unsure, request more information from them about the company and the goods and services they are selling.

Cheques

  • Never pre-sign blank cheques in your cheque book.
  • Always cross non-cash cheques "NOT TRANSFERABLE" and cross out "or bearer".
  • Remember that a cash cheque can be redeemed by whoever is holding it – even if that’s not the person you intended.
  • Always keep a record of the cheque amount, date, and payee in the section provided for this in your cheque book.
  • Remember sending a One-Off Payment online is safer – and it’s faster too.

When you're overseas

  • Never leave travel documents, traveller's cheques or credit cards unattended.
  • Where possible use safety deposit boxes or safes to store these items rather than leaving them in your suitcase or room.
  • Consider traveller's cheques as a safe alternative to carrying large amounts of foreign cash.
  • Consider using a credit or debit card for making payments while overseas. You can always transfer money to your credit card to give it a credit balance if you’re worried about exceeding your limit.
  • If you lose your cheques or credit card, or your card is retained by an ATM, or you have any other banking security concerns, call us collect on +64 9 306 3000 immediately.

Contact and let us know before you go overseas, so that we know international transactions on your credit card are correct and not suspected as fraudulent transactions.

Phishing and online scams

One of the best ways you can help yourself stay safe online is to know the kind of things you should look out for. Here are some of the more common threats and internet scams.

Phishing

Phishing is the process of trying to get information by pretending to be a trustworthy organisation. In most cases fraudsters will send a fake company email asking for things like usernames, passwords or credit card details.

These emails can look very real. Sometimes they make offers or money, refunds or ‘essential’ updates to try and get you to act.

Typically a phishing email will ask you to click on a link that takes you to a fake website. Once there, you are prompted to ‘login’ to internet banking or provide personal details. They use this site to capture your information so they can use it fraudulently.

If you think you’ve received a phishing email:

  • Don’t click on any links within the email or reply to it
  • Forward the email to our dedicated email scam team at phishing@asb.co.nz
  • Delete the email from your inbox, your sent box and your deleted items folder.

If you think you’ve been taken to a phishing site:

  • Close your browser immediately
  • Empty your browser cache and clear your browse history
  • Perform a virus scan on your computer using anti-virus software
  • Call us on 0800 327 863 if you have any concerns

If you think you’ve entered your details in phishing site:

  • Call us immediately on 0800 327 863 and we’ll reset your FastNet Classic password.

SPAM offers

These ‘junk mail’ offers generally involve free or extremely cheap deals that are sent as email. The goal is usually to get money or personal details from you. Some attempt to get you to download keylogger software that can track everything you type and send it on to the scammer.

  • If you don’t know who sent an email, it’s probably best to delete it.
  • In New Zealand it’s against the law to send unsolicited emails so you can also report these emails as spam.

Domain Name Renewal

If you receive a renewal for your Internet Domain name, check carefully that it’s from the correct registrar. Another scam is to send a notice for a domain name that’s very close to yours and hope that you don’t notice the difference.

  • Always double-check before paying for anything online.
  • If you have questions or complaints about anything to do with a New Zealand “.nz” domain, check out the web-site of the NZ Domain Name Commission.

Trojans

Trojans are little bits of software that infect a web browser and have the ability to modify pages, transaction content or even insert additional transactions. This can all happen in a completely covert fashion invisible to both the user and host application.

  • Keep an eye on online transactions.
  • If something seems a bit strange, investigate further.

Viruses and Worms

A virus is a software program that copies itself when it’s triggered. Usually that’s when you download it, or open an unusual file. Once triggered, a virus can be destructive and do things like overwriting the files on a computers hard drive. A worm is like a virus that actively looks for ways to spread itself to other computers. This means worms can spread extremely quickly.

  • Only download files from reputable sources and be wary about opening files that look different or unusual.
  • A good anti-virus software will help protect you from viruses and worms.

Other things you should look out for

Money Mules

Occasionally you may be offered the chance to send and receive money on behalf of someone else. This may well be a money laundering scheme and if you take part you could be breaking the law.

People who get caught up in this type of thing are known as ‘money mules’. Mules can be recruited in many ways including spam emails, recruitment websites and even newspaper ads. Once recruited mules receive funds into their account, which they then withdraw and send overseas, usually minus a commission payment. The mule is the easiest part of the chain to track down and supplying any information to the fraudsters could put them at risk from identity fraud.

  • Be wary about receiving money from people you don’t know online.
  • Remember: if it looks too good to be true it probably is.

Overpayment

A scammer could send you a cheque or an Internet Banking payment for something, but ‘accidentally’ pay too much. They may then ask you for a refund of the difference, which they hope you’ll pay before you discover that the original cheque is worthless.

  • Be extremely careful about financial transactions with people you don’t know.
  • If you’re using TradeMe, consider using services like ‘SafeTrader’.

Card skimming

This is a hi-tech way of copying information from the magnetic strip on your bank cards. Once copied, this information can be downloaded onto another card and used to make purchases on your account.

Skimming devices can be very subtle so the best way to avoid skimming is by:

  • Swiping the card in the machine yourself.
  • If you do hand your card over, keep it in your sight at all times.
  • Use a chip card like an ASB Visa Debit card.

Identity Theft

If someone dishonest gets hold of your old bank or credit card statements they can use that information to steal money. So always keep important documents safe and destroy them (ideally by shredding them) before you throw them out.

  • Never leave important documents or statements lying around – especially if you live in a flat or other shared accommodation.  

Phone Scams

This is where someone calls you and says that they are from a reputable company, business and may ask you to login to your computer, as “their system has reported it as having a virus”, or even directly ask you for your card PIN.

They may sound very convincing, so remember:

  • You can insist for their name and number and can call them back.
  • Or simply hang up on them.

ASB will never call you directly and ask you to confirm your banking password, or the PIN number to your accounts or Credit Card.

Further reading

You can read more about scams at the NZ Goverment's Consumer Protection site.

Banking with ASB Protecting yourself online