i

Protecting yourself online

The internet makes it easy to manage your money from just about anywhere. Unfortunately it’s also a prime hunting ground for fraudsters. Here are some tips, guidelines and things to look out for to help keep yourself safe online.

If you think you’ve been targeted by an online or phone scam, please call us on 0800 327 863. We take security extremely seriously and will do everything we can to help.

Our online security systems

Online security is extremely important at ASB so we always use security good practice to help keep your banking safe. We also constantly review our security to counter any new threats. 

When you log in

You need to use a unique username and password to log in to FastNet Classic Internet banking. If you (or someone else) tries to access your accounts without these, they will be allowed a certain number of attempts before access is suspended.

You may be presented with out reCAPTCHA security feature during this process. This is to discourage people trying to guess passwords or compromise your accounts.

You can also increase your security by requiring a Netcode at log in. When you log in, you'll be sent a Netcode, either through an SMS message, or from your Netcode token. You will need to enter that code when you log in, along with your username and password. It's another way to ensure that no one can access your ASB accounts without your knowledge.

Find out how to register for Netcode

While you're banking online

We only allow secure connections between your browser and our servers when you are banking online. This means that your information is scrambled before it travels over the Internet in a way that only we can unscramble.

ASB has selected a leading provider of certificate services, Entrust. You may find certificates from this provider on our sites by clicking on the padlock in the address bar.

ASB has chosen the leading security certificate provider, Entrust, to give us the most up to date security solutions for our website. You may see their certificate displayed on our site.

For added security, use Netcode as an extra layer of protection when you're making payments and transactions online.

Credit Card numbers in FastNet Classic

To improve your security, we have masked the first 12 digits of your credit card and only the last 4 digits will be displayed. This is an extra precaution to keep your information secure.

When you're finished

We'll automatically log you out after a certain amount of inactivity. But if you're finished, it's safer to make sure you log out manually.

Once you've logged out, all the pages you visited in our online banking websites are cleared from your browser's cache. This way no one can find your information through your browser's history or computer's hard drive.

To avoid your passwords being used without authorisation, never save them in your browser if you are ever prompted to do so.

Security experts behind the scenes

Our dedicated security team investigates new technologies and threats, monitors activity and responds promptly to any emerging security issues. We regularly use reputable independent consultants to audit the security of all our systems.

Contacting us on Twitter or Facebook

To protect your security and privacy, please do not share any personal or sensitive information on Twitter or Facebook. We may ask you to Private or Direct Message us with information if required.

If you are contacting us through Twitter, make sure to follow us (@ASBBank) to receive Direct Messages from us.

Our email policy

ASB uses email to keep you informed and up-to-date with what's happening with your accounts. To protect our customers from phishing and scam emails, we have a very clear policy on how we communicate via email.

Phishing emails will often try to get personal or account details from you. This is why ASB:

  • Might advise logging in to an account to complete an action, but will never give you a link to the log in page. Instead we'll encourage you to type www.asb.co.nz dirrectly into your browser and log in from there
  • Will always ask you to call us back on 0800 327 863
  • Will never ask you to confirm any secure banking information via email (account or credit card details, password, PIN number or Netcode details)
  • Will never claim to have lost any of your details and need you to re-send them
  • Won't claim that someone else has logged into your account
  • Won't ask you to confirm your internet banking username or password

Our emails will always give you the option to opt out and not receive further communications via email.

Remember: If you have any concerns about an email you receive forward it to our dedicated email scam team on phishing@asb.co.nz.

FastNet Classic security tips

Choosing a password

When you first login to FastNet Classic you’ll need to choose a password that’s easy for you to remember, but hard for others to guess.

Here are some password tips to consider:

  • Never use very simple passwords. Especially avoid using easily guess information like birthdates and pet names
  • Use a password of at least 10 characters; the longer, the better
  • Use pass phrases instead of passwords. For example il0vePeanu7Bu77er
  • Keep your passwords unique. Never use the same password for your banking as for your social media or email accounts
  • Regularly update your password. The ASB Mobile banking app makes changing your banking password easy. Keep safe and change them regularly.

Keep your password safe

Never write down your password or give it out to anyone.

Remember: ASB will never ask you for your Internet banking password.

Register for Netcode

Netcode provides a way to double-check that it's really you making certain online transactions from your accounts. It's a randomly created code, a bit like a temprary PIN, that we text you. Use Netcode for extra security when logging into FastNet Classic internet banking, authenticating a payment or transferring money overseas.

Find out how to register for Netcode

Logout from internet banking

You should always logout and close your browser window after you’ve finished using any Internet banking service. You should also logout if you’re leaving your computer – even for a short time.

If you do forget to logout you’ll automatically be signed off from your account if it’s inactive for a set period of time.

Internet security tips

Check website security

If you’re making any financial transactions online, you should look for the letters “https://” at the beginning of the web address.

You can also look for a padlock icon in the address bar. These things show that the communication between your browser and our systems is being encrypted. You can also click on the padlock to see the level of security being used.

Be careful with emails

Emails are like postcards. It’s easy for people to read anything you send. So you should always be careful sending personal information by email.

Emails are also a common way to spread harmful viruses or to trick you into revealing your personal details or Internet banking information. This is called phishing.

Secure your computer

When you connect to the internet, you open your computer up to various potential problems. But these simple solutions can help you keep it safe.

Install anti-virus software

Viruses and worms are malicious pieces of software that can compromise your computer and cause all sorts of problems. They can get in through email attachments, you could inadvertently download them from a website or even through software you install from a CD, DVD or USB drive.

Good security software will help protect your computer against this threat, whatever your operating system. Even if you already have anti-virus software, you need to regularly update it to stay safe. It’s also a good idea to regularly schedule full system virus scans of your computer. There are a number of reputable anti-virus software products in the market, including: Norton Anti-virus, McAfee, TrendMicro, Kaspersky and AVG.

Many of these companies provide full Internet Security software packages that include everything you need to keep a home computer safe. We recommend visiting their websites, doing your own research and talking to a computer savvy friend to help choose the best one for you.

Get anti-spyware software

Spyware is another type of file that can find its way onto your computer and tell other people what you’re doing online. In its worst form, spyware can be used to access personal information such as bank accounts or credit card details. Like anti-virus software, you should always use up-to-date anti-spyware software to help keep your information safe. Some of the major anti-virus products include anti-spyware. Other free anti-spyware products include: Ad-aware and Spybot.

Use a personal firewall

A personal firewall is your first line of defence between your computer and the outside world. It will help control who can access your computer and also protect you from viruses and any other unwelcome visitors. Modern versions of popular desktop operating systems typically have personal firewall features. Check that they are turned on if you don’t have another firewall product.

There are a number of reputable personal firewall products available, including: Norton Anti-virus, McAfee, TrendMicro, Kaspersky and AVG.

If you're on a budget, you can download free or low-cost firewall software from companies like Zone Labs.

Keep your software up to date

One of the most important ways to keep your computer safe is make sure it has all the latest security software updates. These updates are usually free and they’re released regularly to fix holes in a computer's operating system. You can either choose automatic software updates, or regularly check with your software vendor to find out if operating system updates are available.

Keep your browser up to date

The most important software to keep updated is your Internet browser (eg Google Chrome, Internet Explorer, Firefox or Safari). All of these major browsers release security patches and these are important patches that you need to apply. You should also update any other applications installed like Adobe Reader or browser components like Java or Adobe flash, to make sure they have the latest security patches.

Mobile and Wi-Fi tips

Beware of public or shared computers

Be extremely wary of using other computers or public accessible Wi-Fi networks (e.g. in an internet cafe, library or university) to access online banking. It’s impossible to know if they have up to date protection and it’s also easy for other people to watch what you’re doing.

If you must access Internet Banking from a public computer or publicly accessible Wi-Fi network we recommend enabling Netcode at sign-on, and changing your Internet Banking password regularly.

Phones and mobile internet

If you have a smart phone you need to take care of the things you download in just the same way as your home computer. You should only install applications from trustworthy sources, always keep your phone operating system and applications up-to-date and set a PIN or password to protect your phone from unauthorised use.

If you ever think your phone has been compromised by malicious software, call 0800 327 863 to have your internet banking password reset, or change it yourself through FastNet internet banking or the mobile app.

Banking on your phone

If you use the mobile version of FastNet you’ll need to enter your access code and password as well as a Netcode, if enabled. It’s important to keep your access code and password safe – and also a good idea to make sure that you’re not being overlooked when using mobile banking (eg on the bus) or leave your phone unattended. To have added protection on your phone, it's also good practice to have a security PIN on your mobile phone.

Stay safe in social media

Social networking sites like Facebook, Twitter, Google+, Foursquare and LinkedIn are a great way to keep in contact with friends and colleagues. But they also give cyber criminals another way of gathering information about you. To protect yourself while using these social networking sites:

  • Change your security settings to make sure your profile pages are only available to people you trust.
  • Never publish personal information like your birthday, driver's license number, credit card number, tax file number or bank account details. This includes in photos as well as text posts. This is also valid for personal details like your home address or phone number.
  • If you want to publish an email address, set one up that’s different than your usual home or work email address.
  • Access the official ASB Social Media accounts through the Twitter and Facebook logos on our site, if ever in doubt of being taken to a fake page and someone pretending to be us.

Be wary about short URLs

Short URLs can be really handy in social media because they’re easy to paste or type. Unfortunately, you have no real idea which site a short URL is linking to. This means there it as opportunity for abuse by cybercriminals and scammers.

ASB has set up a special short URL service (asb.co) so you’ll always know that our short URLs were created by us (eg. http://asb.co/dVr3Y8). If you receive an email that looks like it's from ASB, bust suspicious looking URLs, report it to phishing@asb.co.nz. If you accidentally click a suspicious link, change your banking password immediately by calling us at 0800 327 863.

Be careful around location services

More of us are adding GPS information to social media updates so that friends and colleagues can see where we are. This can be fun and very handy from time to time.

But criminals may also be able to use this information to see who is tweeting, where they are, what their interests are and more. It’s then relatively easy to use this information to craft a targeted attack. So always be wary about sharing location information with untrusted sources – and be extremely wary about contacting strangers online.

General tips for safer banking

We work very hard to keep your banking as safe as possible. But here are a few things you can do to keep it safe.

  • Keep credit cards, EFTPOS card and cheque book in safe places.
  • If someone knows your PIN, contact us immediately.
  • If you lose your cheque book or Netcode device, contact us immediately.
  • Check your bank statements regularly to make sure they match the transactions you made.
  • Never share, write down or tell anyone your PIN number, access codes or passwords.
  • Never store these codes in an unsecure file on your computer.
  • Remember: ASB will never contact you directly asking you to confirm your PIN, online username, online password or Netcode token serial number.
  • Never email credit card details or share them with someone you don’t know over the phone.
  • Never tell someone your credit card number or expiry date unless they are specifically required to buy something.

Credit and debit cards

  • Always sign your new card as soon as you get it.
  • Destroy any old documents or receipts that display your credit card number.
  • Always choose a safe PIN.
  • Use different PIN numbers for your different cards.
  • Cut any expired cards in half.
  • Make sure you get your card back after using it.
  • Never let anyone else use your card.
  • If you haven’t automatically received a reissued credit card before the current one expires please contact us immediately.

EFTPOS and ATMs

  • Never use an ATM or EFTPOS terminal that looks like it may have been tampered with.
  • Be careful when you use an ATM to make sure other people can’t see you enter your PIN.
  • Be wary of anyone offering to help - especially if your card has just been retained (eaten) by the ATM.
  • If your card has been retained by an ATM go to the nearest branch or call 0800 803 804 immediately.

Shopping online

  • Always check for a secure browser connection before entering credit or debit card details online. Look out for a URL that starts with “https” or a locked padlock or unbroken key in the bottom right of your browser window.
  • Never use your debit or credit card number as a form of ID.
  • Only enter your details if you are ready to make a purchase.
  • If you buy something online, print out a copy of the transaction for your records.
  • Before buying online, check that the online store has a return and refunds policy.
  • When using your card to buy things online, look for reputable Internet stores. If you are unsure, request more information from them about the company and the goods and services they are selling.

Cheques

  • Never pre-sign blank cheques in your cheque book.
  • Always cross non-cash cheques "NOT TRANSFERABLE" and cross out "or bearer".
  • Remember that a cash cheque can be redeemed by whoever is holding it – even if that’s not the person you intended.
  • Always keep a record of the cheque amount, date, and payee in the section provided for this in your cheque book.
  • Remember sending a One-Off Payment online is safer – and it’s faster too.

When you're overseas

  • Never leave travel documents, traveller's cheques or credit cards unattended.
  • Where possible use safety deposit boxes or safes to store these items rather than leaving them in your suitcase or room.
  • Consider traveller's cheques as a safe alternative to carrying large amounts of foreign cash.
  • Consider using a credit or debit card for making payments while overseas. You can always transfer money to your credit card to give it a credit balance if you’re worried about exceeding your limit.
  • If you lose your cheques or credit card, or your card is retained by an ATM, or you have any other banking security concerns, call us collect on +64 9 306 3000 immediately.

Contact and let us know before you go overseas, so that we know international transactions on your credit card are correct and not suspected as fraudulent transactions.

Phishing and online scams

One of the best ways you can help yourself stay safe online is to know the kind of things you should look out for. Here are some of the more common threats and internet scams.

Phishing

Phishing is the process of trying to get information by pretending to be a trustworthy organisation. In most cases fraudsters will send a fake company email asking for things like usernames, passwords or credit card details.

These emails can look very real. Sometimes they make offers or money, refunds or ‘essential’ updates to try and get you to act.

Typically a phishing email will ask you to click on a link that takes you to a fake website. Once there, you are prompted to ‘login’ to internet banking or provide personal details. They use this site to capture your information so they can use it fraudulently.

If you think you’ve received a phishing email:

  • Don’t click on any links within the email or reply to it
  • Forward the email to our dedicated email scam team at phishing@asb.co.nz
  • Delete the email from your inbox, your sent box and your deleted items folder.

If you think you’ve been taken to a phishing site:

  • Close your browser immediately
  • Change your banking password immediately by calling us at 0800 327 863
  • Empty your browser cache and clear your browse history
  • Perform a virus scan on your computer using anti-virus software
  • Call us on 0800 327 863 if you have any concerns

If you think you’ve entered your details in phishing site:

  • Call us immediately on 0800 327 863 and we’ll reset your FastNet Classic password.

SPAM offers

These ‘junk mail’ offers generally involve free or extremely cheap deals that are sent as email. The goal is usually to get money or personal details from you. Some attempt to get you to download keylogger software that can track everything you type and send it on to the scammer.

  • If you don’t know who sent an email, it’s probably best to delete it.
  • In New Zealand it’s against the law to send unsolicited emails so you can also report these emails as spam.

Domain Name Renewal

If you receive a renewal for your Internet Domain name, check carefully that it’s from the correct registrar. Another scam is to send a notice for a domain name that’s very close to yours and hope that you don’t notice the difference.

  • Always double-check before paying for anything online.
  • If you have questions or complaints about anything to do with a New Zealand “.nz” domain, check out the web-site of the NZ Domain Name Commission.

Trojans

Trojans are little bits of software that infect a web browser and have the ability to modify pages, transaction content or even insert additional transactions. This can all happen in a completely covert fashion invisible to both the user and host application.

  • Keep an eye on online transactions.
  • If something seems a bit strange, investigate further.

Viruses and Worms

A virus is a software program that copies itself when it’s triggered. Usually that’s when you download it, or open an unusual file. Once triggered, a virus can be destructive and do things like overwriting the files on a computers hard drive. A worm is like a virus that actively looks for ways to spread itself to other computers. This means worms can spread extremely quickly.

  • Only download files from reputable sources and be wary about opening files that look different or unusual.
  • A good anti-virus software will help protect you from viruses and worms.

Other things you should look out for

Money Mules

Occasionally you may be offered the chance to send and receive money on behalf of someone else. This may well be a money laundering scheme and if you take part you could be breaking the law.

People who get caught up in this type of thing are known as ‘money mules’. Mules can be recruited in many ways including spam emails, recruitment websites and even newspaper ads. Once recruited mules receive funds into their account, which they then withdraw and send overseas, usually minus a commission payment. The mule is the easiest part of the chain to track down and supplying any information to the fraudsters could put them at risk from identity fraud.

  • Be wary about receiving money from people you don’t know online.
  • Remember: if it looks too good to be true it probably is.

Overpayment

A scammer could send you a cheque or an Internet Banking payment for something, but ‘accidentally’ pay too much. They may then ask you for a refund of the difference, which they hope you’ll pay before you discover that the original cheque is worthless.

  • Be extremely careful about financial transactions with people you don’t know.
  • If you’re using TradeMe, consider using services like ‘SafeTrader’.

Card skimming

This is a hi-tech way of copying information from the magnetic strip on your bank cards. Once copied, this information can be downloaded onto another card and used to make purchases on your account.

Skimming devices can be very subtle so the best way to avoid skimming is by:

  • Swiping the card in the machine yourself.
  • If you do hand your card over, keep it in your sight at all times.
  • Use a chip card like an ASB Visa Debit card.

Identity Theft

If someone dishonest gets hold of your old bank or credit card statements they can use that information to steal money. So always keep important documents safe and destroy them (ideally by shredding them) before you throw them out.

  • Never leave important documents or statements lying around – especially if you live in a flat or other shared accommodation.  

Phone Scams

This is where someone calls you and says that they are from a reputable company, business and may ask you to login to your computer, as “their system has reported it as having a virus”, or even directly ask you for your card PIN.

They may sound very convincing, so remember:

  • You can insist for their name and number and can call them back.
  • Or simply hang up on them.

ASB will never call you directly and ask you to confirm your banking password, or the PIN number to your accounts or Credit Card.

Further reading

You can read more about scams at the NZ Goverment's Consumer Protection site.

ASBProtecting yourself online