How to Use Online Banking Securely

Get to Know Phishing

Privacy of Internet Transactions

The United Overseas Bank (Thai) is committed to maintaining the best privacy practices as far as possible, to create the most secure internet banking environment for our customers. We encourage our customers to observe these best practices that are within their control as follows;

1. Gathering Customer Information
   We will use customers’ existing information to assist us for improving services and products that are of interest to our customers.
2. Handling of Customer Information
   We have established strict confidentiality standards for safeguarding information on our customers.
3. Disclosure of Customer Information
   Unless we have the customer's consent or as required by law, we will not disclose customer information to the third parties.
4. Enforcement on the third parties
   The third parties who provide us some services may have an access to customer information are required to observe our privacy standards.

UOB Internet Security Technology
We understand customer concerns for security when they make any transaction on the internet. We have therefore built a security system for online banking that safeguards the confidentiality of our customers' account information and their banking transactions. We use several different methods to protect customers' account and personal information as follows:

1. Firewalls: We have multiple levels of firewalls in place between our internal computer systems and the internet.
2. Encryption: Strong encryption protects customer information while browsing the internet. We use Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption to protect the confidentiality of customers' account details and transaction data. This SSL/TLS encryption is the commercially available security protocol for encrypting or scrambling data transmitted over the Internet. It is also currently recognized internationally to be of the high standard in encryption technology commercially available and is generally adopted by banks in Singapore and financial institutions worldwide.
3. Username and Password: Only your valid Username and Password which identify you uniquely, will allow you to log into our secure website(s). This ensures that only authorized users have access to our secure website(s).
4. • UOB shall provide security device (SecurePlus Token) and/or establish security procedures for some services that require such device.
   • You may use the Security Devices (SecurePlus Token) with the Username and/or Password for internet transaction with UOB which may be offered or made available by UOB, subject to the Bank’s terms and conditionsSecurity Devices (SecurePlus Token)
5. Automatic Log Out: As an additional security measure, our system may log you out of your internet banking session after a period of inactivity. We are committed to monitoring our internet security system constantly for potential situations that could compromise the security or the privacy of our customers and to exploring new technology continually to enhance our Internet security system.

Security Guidelines
Your Role in Safeguarding Your Personal Data And Account Information: You are responsible for keeping your online password confidential. Failure to do so shall expose you to the risks of fraud and loss. UOB shall not be responsible for losses suffered by customers as a result of:

• Input errors or misuse of its Internet banking services, both for negligent handling or sharing of Password;
• Leaving a computer unattended during an online session;
• Failure to immediately report known incidents of unauthorized account access

We strongly recommend that you always observe the following best privacy and security practices.

1. Managing Your Username and Password
   • Your Username and Password identify you when you use our internet banking services. If you wish to cancel the service, you will be required to inform us by calling the UOB Call Centre 0-2285-1555 or contact UOB branches convenient for you.
   • Ensure that nobody can see your password when you log in to the Bank’s system.
   • Ensure that you keep your Password confidential at all times and do not reveal it to anyone.
   • Do not allow anyone use your username and password, as you are responsible for all transactions undertaken with your username and password.
   • Do not base your password on your username or personal information such as your telephone number, birth date or the like.
   • Memorize your password and do not record it anywhere.
   • Change your password regularly.
   • Do not use the same character more than twice for your password.
   • Do not recycle your recently used password.
   • Change your password immediately if you suspect that someone knows it.
   • The same Password should not be used for different websites, applications or services particularly when they relate to different entities.
   • Do not select the option on your browser for storing or retaining user name and password
   Note: No staff members of the UOB Group should ever ask you for your Password for whatsoever reasons
2. Use of Security Devices (SecurePlus Token)
   • Do not allow anyone to keep, use or modify your Security Devices, as you are responsible for all transactions undertaken under your username and password.
   • Do not reveal the One-Time Password (OTP) generated by your Security Devices (SecurePlus Token) to anyone, as well as serial number of your Security Devices (SecurePlus Token).
   • Notify the Bank immediately through the customer service, if your Security Devices (SecurePlus Token) is lost, stolen or if you suspect that it is become known to anyone and used without your consent for suspension of service.
3. Take Precautions Against Your Password Keystrokes Being Captured: Follow the necessary precautions to protect your personal computer against viruses and other malicious programs. Aside from damaging and/or destroying data, viruses and malicious programs can capture your password keystrokes and other personal information and send them to another person without your consent. Precautions that you can take are as follows:
   • Install an effective personal firewall as well as anti-virus, anti-spyware and anti-Trojan horse software. These should be updated regularly.
   • Do not download any software from a website that is of doubtful origin.
   • Do not open any email or attachment that is from a source unknown to you. When in doubt, delete such email without opening it.
4. Log In Directly: If you wish to access a website belonging to UOB or its subsidiaries or associates, always personally and directly enter the relevant website address in the browser address bar, e.g. www.uob.co.th. Do not login through any hyperlink within emails.
5. Remember To Log Out: Always remember to logout of your internet banking session when you have completed your transactions or when you need to be away from your computer even for just a minute. Do not leave your computer unattended while internet banking transactions are being processed.
6. Clear Your Browser's Cache: You should clear the internet browser’s cache to ensure that your transactions will not be saved in the computer by the following methods:
   How To Clear Your Cache
   Internet Explorer (IE)
   
   • Select 'Tools'
   • Select 'Internet Options'
   • At ‘Browsing History’ click ‘Delete’
   • Select the item you wish the delete, then click 'Delete' to confirm
   Google Chrome
   
   • Select 'setting' from the Menu bar
   • Select 'Clear browsing data' from History menu
   • Select ‘Cached images and files’ then click ‘Clear browsing data’ for confirmation
   Firefox
   
   • Select 'Tools' from the Menu bar
   • Select 'Clear recent history’
   • Select time you wish to delete the data
   • Select the data you wish to delete
   • Click ‘Clear now’ to confirm
7. Avoid Sharing Personal Computers (PCs): Avoid using shared PCs or public PCs such as those in cyber cafes to perform any internet banking transactions. If it is necessary to do so, always check thoroughly that the PCs are free from viruses and make sure that you clear the browser's cache after you complete your transaction.
8. Update Your Browsers: You should update your browsers and application software to support SSL/TLS encryption or a higher encryption standard.
9. Verify The Authenticity Of The UOB Group Internet Banking/Transaction Website(s): We provide a Secure Zone icon (as symbolized by a 'padlock' icon) within our Internet banking/transaction web pages for your verification of its authenticity. To verify the authenticity of the UOB Group Internet banking/transaction website(s), look for the Secure Zone icon on the web page, click it, and ensure that 'United Overseas Bank Ltd' is displayed as a part of UOB's VeriSign Secure Server ID from https://digitalid.verisign.com. There are two ways by which you can verify that you are logging in to a secure web page :
   1. Check that the UOB Group Internet banking/transaction website address changes from http:// to https:// and that a security icon (as symbolized by a lock or key) appears around the address bar. These indicate that the web page on which you are online uses encryption technology. You can double click the security icon to view information pertaining to the security certificate for the web page.
   2. You can also verify that you are in a secure web page by right click the mouse on the web page then select Properties or View Page Info. Result may vary by the browser that you are using
10. Inform Us Immediately of Suspected Invasion of Your Privacy or of Unauthorized Transactions
    • If you suspect that your privacy has been violated or that your account(s) has/have been accessed by unauthorized persons, please change your password immediately and contact us by calling the UOB Call Centre 0-2285-1555 for the respective services. Check your account statements to see if any transaction has been performed without your authorization. Should there be any unauthorized or unusual transactions, please notify us immediately. You should check your account statements regularly.
11. Email Security
    As information submitted via email is not encrypted during transmission, it is important that you do not give your personal information as well as identifying any confidential information or banking or other instructions in your enquiries and/or comments. If you receive any suspicious email or falsely claiming as an email from UOB, please notify us immediately.
12. A cookie is a small text file that a website can send to your browser, which may be stored in your computer. We use cookies in some of our pages to collect information about users of our website and the information that we collect is then used to ensure a more personalized service for our users. You can adjust settings on your browser so that you will be notified when you receive a cookie. Should you wish to disable the cookies associated with these technologies, you may do so by changing the settings on your browser. However, by doing so, you may not be able to use certain functions or enter certain part(s) of our websites.
13. Additional Recommended Good Practices to Safeguard your Online Security
    • Remove file sharing in your computer, especially when you have internet access via public connection or a similar set-up.
    • Make regular backup of critical data.
    • Consider the use of encryption technology to protect highly sensitive data. Do not install junk software or run programs of unknown origin.
    • Delete junk or chain emails.
    • Do not open email attachments from strangers.
    • Do not disclose personal, financial or credit card information to suspicious websites. Do not use unreliable computer or device.

Beware of Android Phone Malware

Currently, there is a new “malicious software” (malware) targeting consumers using Android smartphones, and we would like to remind you to be careful when performing online credit card transaction in order to avoid becoming a victim.

This malware works by spreading through mobile applications that are downloaded and installed from unreliable sources. Once they are downloaded onto your smartphone, the malware will attempt to access your credit card information. Then, it will use your credit card information to make online purchases, and block the SMS One-Time-Password (OTPs) to your smartphone so that these online purchases can be completed.

The screenshots below are examples of how the smartphone can be infected by the malware.

You would receive a message via WhatsApp (or LINE) about the application updates or expiry from untrusted sources which resulted in malware being installed on smartphones

Then, the malware will show a fake system upgrade screen (see screenshot below) to prevent user from seeing the SMS OTP (while blocking the SMS OTP), so that the fraudster would successfully make the online purchases.

What can you do to protect yourself from the Malware:

Don’t

1. Do not click on any button or hyperlinks from messages and emails if you are unsure of the source.
2. Do not download apps from unreliable websites, since the apps may bring risks of malwares. Only download or install apps from only trusted sources (such as the Google Play Store).
3. Do not jailbreak your phone’s operating system, since it makes your phone more susceptible to malware.
4. Do not provide credit card information unless you are making a purchase on your own. If it is necessary to make any payment for Android mobile application, it should be made only to trusted sources

1. Be cautious if a screen on your smartphone suddenly pops up and asks for your confidential information such as your credit card, especially if you did not initiate any related activity.
2. Update the operating system of your phone regularly, since these updates will be able to fix problems and provide new features for better protection.
3. Install anti-malware application from trusted sources. These anti-malware apps normally are able to detect and remove malware.
4. Set a password for your smartphone use in order to prevent any authorized use.