Absa Online utilises a number of security mechanisms to increase your online banking security to prevent online identity theft and other online fraud threats.

Online Security Noticeboard

  • Security Update

    SureCheck

    In line with our quest to provide our customers with secure and convenient access to our services, we will be updating our current RVN/TVN authentication process and replacing it with a new service called SureCheck

    SureCheck which will allow you to authenticate your transaction directly from your mobile device.

    The update will be done systematically; you will not be required to update or make any changes on your digital banking profile.

     

  • Immediate interbank payment (IIP) Changes

    Absa Online customers have the option of making immediate interbank payments, which make immediate payments possible to accounts at other financial institutions.

    These payments attract an additional fee, but eliminate the normal waiting period of 2 days when a payment is made to somebody holding an account at a financial institution other than Absa. In the event of an IIP, the beneficiary has immediate access to the money and, therefore, the payment cannot be reversed.

    These immediate payments may be delayed where such a measure is deemed necessary to prevent fraud. This is for the protection of our customers.

    You will receive two SMS messages: one to let you know when the IIP transaction is created and one to inform you when the transaction has been processed.

  • Important message from SARS

    SARS has changed the payment reference number (PRN) that must be captured for all SARS tax payments. The new PRN applies with immediate effect for the following registered Absa Listed

    Beneficiary Name
    Code
    SARS Assessed Tax - ITA 009 0027
    SARS Customs - CUS 009 0028
    SARS Pay As You Earn - PAYE 009 0030
    SARS Provisional Tax - PROV 009 0031
    SARS Retirement Fund Tax - RFT 009 0033
    SARS Dividends Without Tax  009 0034
    SARS Value Added Tax - VAT 009 0036
    SARS Air Passenger Tax - APT 009 0037
    SARS - Other Taxes And Levies 009 0048
    SARS Excise 009 0049

    Clients currently registered with the old reference number will be impacted by a change that is scheduled for 5 June 2014 when incorrect references will be removed. This means that clients will have to reregister with the correct tax reference.

  • The CAPTCHA added to the logon screen

    A new security feature has been added to the logon process for Absa Online (AOL).

    When you enter an incorrect access account number or PIN on the logon page, you will be taken to the original logon details screen, but with an added safety measure: the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). You will be asked to repeat a code displayed in a grey box underneath your normal logon details.

    This is to ensure that you are trying to access AOL and that it is not a computer-generated attempt.

  • No more direct debits on eFiling

    SARS has discontinued the functionality to pay via the debit order service.

    With this functionality clients were able to authorise SARS to collect the money owed directly from their bank on their behalf, which means that SARS is initiating the collection directly from their bank.

    Clients can use set up payment instruction via eFiling by following the attached steps:
    Below are the process steps for corporate clients:
    Alternative methods of payment available include:
    • Over the counter payments at a bank (Limited to R500 000)
    • EFT - electronic funds transfer using internet banking
    • At a specific SARS branch (including customs) [Limited to R100 000 for certain tax types]
  • SARS announcement

    Please note that SARS requires all financial institutions to report on all debit & credit interest earned, including all monthly debit and credit turnover on customer accounts as from 1 March 2013. Absa will be complying with this requirement.

    Please read the gazetted information below:

    NOTICE TO REPORTING INSTITUTIONS TO FURNISH BI-ANNUAL RETURNS OF INVESTMENT AND INTEREST WITH EFFECT FROM THE 2013 YEAR OF ASSESSMENT IN TERMS OF SECTION 69 OF THE INCOME TAX ACT, 1962 (ACT NO. 58 OF 1962)

    1. Notice is hereby given in terms of section 69 of the Income Tax Act, 1962, ("the Act"), that reporting institutions must furnish returns of moneys invested with, loaned to and deposited with the reporting institution and of interest received by or accrued to or in favour of any person from the reporting institution or from any business carried on by the reporting institution in the Republic during the period 1 March 2012 to 28 February 2013.

    2. Reporting institutions for purposes of this notice arc (a) Banks regulated by the Registrar of Banks in terms of the Banks Act, 1990 or the Mutual Banks Act, 1993; {b) Co-operative Banks regulated by the Co-operative Banks Development Agency in terms of the Co-operative Banks Act, 2007; (c) The South African Postbank Limited (Postbank) regulated in terms of the South African Postbank Limited Act, 2010; {d) Financial institutions regulated by the executive officer, deputy executive officer or board, as defined in the Financial Services Board Act, 1990, whether in terms of that Act or any other Act; (e) Companies listed on the JSE, and connected persons in relation to the companies, that issue bonds, debentures or similar financial instruments; (f) State-owned companies, as defined in section 1 of the Companies Act, 2008, that issue bonds, debentures or similar financial instruments; and (g) Organs of state, as defined in section 239 of the Constitution of the Republic of South Africa, 1996, that Issue bonds or similar financial instruments.

    3. Unless otherwise agreed in terms of paragraph 4, returns must be furnished by the following date~ (a) for the period 1 March 2012 to 31 August 2012,31 October 2012; and (b) for the period 1 March 2012 to 28 February 2013, 31 May 2013.

    4. The South African Revenue Service ("SARS") and a reporting institution may agree to different periods and dates for the submission of returns in respect of persons with years of assessment that do not end on the last day of February.

    5. The following information must be disclosed in the returns, unless SARS and a reporting institution agree otherwise In writing on good cause shown 5.1 Natural persons (a) Surname, first names, initials and date of birth; (b) Address details (physical or postal); (c) Identity number or passport number (including country of issue); (d) Tax reference number; (e) Account number; (f) Date the account was opened and date it was closed; (g) Closing balance of account at end of return period; 4 No. 35090 GOVERNMENT GAZETTE, 29 FEBRUARY 2012 (h) Interest received by, accrued to or in favour of the person from the reporting institution during the period covered by the return, other than interest on instruments and interest rate agreements that the reporting institution deals in and which interest the reporting institution does not report as interest for financial reporting purposes; (i) Monthly totals of all credits and debits to the account; and (j) Indicator of account verification status in terms of the Rnancial Intelligence Centre Act, 2001. 5.2. Other persons (a) Registered name; (b) Address details (physical or postal); (c) Reference number issued by the relevant regulatory authority, such as the Companies and Intellectual Property Registration Office (CIPRO), the Companies and Intellectual Property Commission (CIPC) or the Master of the High Court; (d) Tax reference number; (e) Account number; (f) Date the account was opened and date it was closed; (g) Closing balance of account at end of return period; (h) Interest received by, accrued to or in favour of the person from the reporting institution during the period covered by the return, other than interest on instruments and interest rate agreements that the reporting institution deals in and which interest the reporting institution does not report as interest for financial reporting purposes; (i) Monthly totals of all credits and debits to the account; and (j) Indicator of account verification status in terms of the Financial Intelligence Centre Act, 2001.

    6. Returns must be filed electronically with SARS.

    7. For purposes of this notice, any word or expression to which a meaning has been assigned in the Act bears the meaning so assigned.

    8. Further information may be obtained from the website: www.sars.gov.za
  • Absa's Online Security Measures

    Absa Online utilises a number of security mechanisms to increase your online banking security to prevent online identity theft and other online fraud threats.

    Your security is our priority, which is why we have a number of systems in place to ensure that your risk of being defrauded of all your money is reduced. This includes the following:

    1. A two-phase logon system

    You can only log on to the system if you have registered as a user with a personalised access account number and PIN. When logging on, the first screen requests your account number and PIN; the second screen requests certain randomly-generated characters of your selected alphanumeric password.

    2. Virtual keypad PIN input

    To avoid having your information being captured by keyloggers, enter the characters of your password and PIN with the on-screen virtual keypad, as opposed to typing them out using a keyboard.

    3. SMS alerts of Absa Online logon activity

    To ensure that you are kept abreast of all activity on your internet banking, every time you logon you will receive an SMS alert, free of charge. In the event that you have not logged on to internet banking, you will be able to alert us by calling the Fraud Hotline immediately.

    4. One-time verification passwords

    When creating a new beneficiary, changing transfer limits, or other kinds of sensitive transactions, a special one-time password, called a Random Verification Number (RVN), will be sent to your cellphone. You must type this into the indicated field for verification. Just before the payment is made, another one-time password will be sent to your cellphone, called a Transaction Verification Number (TVN) to confirm the transaction. These passwords can only be used once, and dramatically decrease the risk of being defrauded.

    5. Free antivirus software

    All Absa Online and Cellphone Banking customers can download free antivirus software.

    6. A personalised welcome message: Absa’s SurePhrase

    Once you have set up your personalised welcome message, it will display each time you logon to internet banking. This validates that you are on the valid internet banking website as it cannot be duplicated by fraudsters due to the personal nature of the phrase.

    7. Verisign Security Certificates to verify the encryption of the website

    Verisign, a public key certificate issuer, has endorsed Absa’s Online site as a secure and encrypted transactional banking site, and has issued Absa with a certificate to that effect. The Lock and Key icon that appears that the top or the bottom of your browser is indicative of this and you can click this icon for more information on the security certificate.

    8. Multiple firewalls to restrict access

    Our internet banking makes use of multiple firewalls to ensure that only clients with valid access credentials can access the service.

    9. Advanced Encryption Software

    We use the most advanced internationally accepted standards of encryption technology. At present, this is 128-bit encryption built into the browsers; therefore, it is always in your best interest to update your browser to the latest released version.

    10. Website timeout and automatic logout

    If you have logged into internet banking and there is no activity in that session for a period of six minutes, you will be automatically logged out.

    11. 3-password failure resulting in account suspension

    If the incorrect PIN or password is entered three times consecutively, the internet banking service will be temporarily suspended and you will have to visit an Absa branch to reset your PIN and password.

     

  • Latest email phishing scam - be extra vigilant

    As consumers become savvier about phishing scams and protecting their personal information online, fraudsters become more and more devious in a desperate attempt to catch you out -and are now creating new email scams that are indistinguishable from valid bank communications.

    Realistic scam emails

    Although some scams are obviously fake, there are others that are so sophisticated they even have professionals checking them twice to be sure. This latest scam, especially, was concerning for the following reasons:

    • It appears to come from an Absa email address (i.e. @absa.co.za)
    • Images and content are copied from the website
    • The call centre number is real
    • The links to the products are legitimate

    Never click on a “download” link

    The only things that make it obviously fake is:
    • It isn’t personally addressed (e.g. Dear Mrs Smith)
    • And there is a link to an attachment that states “Download Attachment File

    Once you click on this download, you are taken to a spoof website where you are requested to input your personal details in order to claim your coupons and discounts.

    When in doubt, delete

    And although we know that you will receive communication from us, and that it won’t always be obvious that the email will be legitimate, we urge you to bear the following in mind:
    • Never click on links or attachments in any email and never enter your PIN or banking details on a banking site if you click on a link to get there. Rather enter www.absa.co.za directly into the browser and access Internet Banking from there
    • Don’t respond to these emails - by doing so you simply verify to the fraudsters that your email address is valid and they will target you again
    • When in doubt, delete the email or call the call centre for more information

     

  • Protect Yourself Online

    There are a number of security measures that you can practice whenever you use the internet for online banking or shopping to ensure that you are not the victim of internet fraudsters.

    Avoid online fraud attempts

    Many of us use the internet on a daily basis – for anything from shopping for groceries and gadgets to auctions and online banking. Although most of our online interactions are secure, there is always a risk that we could open ourselves up to online fraud attempts, such as identity theft.

    Measures to improve online security

    It is vital that you are aware of some measures that you can take to make you more secure online, such as:

    Always keep your personal access information secure, and change your PIN and passwords regularly. Never open on a link or an attachment within an email claiming to be from Absa as this may link to a fraudulent website or download a virus or keylogging software that will compromise your security. Please do not disclose your secret access credentials to any 3rd party, as this will allow them access to your online profile.

    Be aware that phishing scams have also been received through instant messaging systems such as GoogleTalk or Skype; as well as through Social Networking websites such as Facebook.When in doubt of the authenticity of a link or a claim, simply don’t click it.

    Install good quality security software and ensure that you have updated to the latest version of your browser. Most of the newer browsers have the inherent ability of detecting fraudulent websites.

    Don’t bank or shop online when using a public terminal such as those found in internet cafes, hotels, coffee shops or student labs. Keylogging software could be present on the computer, and will send all your personal information through to the fraudster, who could then use this information to clear out your account.

    Before you bank online, ensure that you are actually within the secure internet banking website. Once you visit www.absa.co.za and click on the Internet Banking link, you will be redirected to an available banking server. Once there, check the browser address. It should begin with ‘https://’ (not ‘http://’). Also check the browser for a closed lock and/or key icon – which should either be at the top or the bottom of the screen. When leaving your computer, always end the current session by closing your browser window, and never leave your computer unattended during an Internet Banking session.
     

  • Online Shopping and 3D Secure

    We are proud to introduce a more secure online shopping experience for you! You will now receive a One-Time-Password (OTP) that will only be valid for one transaction when shopping at a 3D Secure merchant, protecting your Absa Card against fraudulent online use.

    Online shopping safety tips

    Online shopping is quick, easy, and convenient - however, there are still some safety factors that need to be considered when using your credit card to make purchases online.

    • Only place an order with your credit card on trusted websites that are verified as secure sites (look for the lock image on the toolbar). 
    • On the Web page where you enter your credit card or other personal information, look for an "s" after ‘http://’ in the Web address of that page - it should read: ‘https://’. The encryption is a security measure that scrambles your data as it is entered.
    • Ensure that the website is authentic and secure by finding out what other shoppers say. Some websites such as epinions.com and bizrate.com have customer evaluations, which can help you determine a company's legitimacy.
    • Do not send emails that contain personal information such as your card number and expiry date.
    • Use good quality antivirus software – such as the free software we provide for our Internet Banking and WAP-based Cellphone Banking customers. 
    Secure, Verified by VISA and MasterCard SecureCode

    We all love the convenience of shopping online, but are concerned about the risks that may be involved. This is why technology, such as 3D Secure, has been designed – and protects you while you shop.

    What is 3D Secure?

    3D Secure protects you, the cardholder, and the merchant by verifying your personal details during an online purchase, prior to the transaction being processed. It ensures an additional level of protection when shopping online. This service is now enhanced with OTP instead of a static username and password.

    What does OTP mean for you?

    Buying online is safer than you think with OTP. It’s designed to give your Absa Card an extra level of protection against unauthorised use when shopping online. You will now receive a OTP via SMS every time you make a purchase, and this password will only be valid for that transaction.

    How OTP works when you’re shopping online at participating 3D Secure merchants:
    1. Shop online and proceed to the checkout
    2. Input your 16 digit Absa Card number, Expiry date and CCV number when prompted 
    3. You will then be asked for an OTP which you will receive via SMS on your registered cellphone number 
    4. Finalise your purchase
    3D-Secure OTP benefits for you:
    • No need for registration and activation up-front
    • No need to remember a username and password
    • Reduces the risk of your 3D Secure password being compromised or phished
    • No need to phone to unblock 3D Secure passwords
    • Additional level of protection when shopping online
    Where can I find more information about 3D Secure?

    If you have any queries or questions about 3D Secure or need technical assistance, you can contact the 3D Secure Call Centre.

  • Spyware Warning

    Computers and the internet are an integral part of our personal lives and the running of our businesses - which means that it has become increasingly important to understand the threats that we face when we interact online. Although many of us are vigilant, we often end up with viruses and spyware on our computers that compromise our online safety.

    What is spyware?

    Spyware is a type of malicious software that can infect computers, and collect pieces of information about the computer user without their knowledge. The spyware typically collects personal information that you may enter into a website (such as your banking details and log in information), but can also retrieve sensitive files that you may have saved on your computer.

    The information that the spyware gathers is then used to log into your bank accounts and defraud you, or make fraudulent online purchases. Depending on the circumstances surrounding such cases, the customer could be considered legally liable for such losses due to insufficient protective measures taken.

    How does spyware get downloaded onto my computer?

    On shared computers - such as those used in internet cafes - it is fairly easy for someone to install spyware software due to the fact that so many people have access to the machine, and they are not checked for spyware as regularly as your home computer would be.

    On your home computer, it is slightly more difficult for fraudsters to install the software - which is why spyware is most often sent via email, much like phishing scams. Within this email, they will include an attachment or link to a file that will automatically install the spyware onto your computer when clicked, and will then send the information captured to the fraudster when you access your bank accounts to the fraudster. Also be aware of browsing or downloading information from un-trusted websites, and infected portable storage devices such as memory sticks or portable hard drives that may contain spyware or viruses.

    Latest spyware tactics

    The latest spyware attack that fraudsters are using is also via email. The only difference is that the executable file is included as an attachment that says “Proof of Payment”, and has cleverly been disguised as a .PDF (which people generally consider to be harmless and can therefore be trusted).

    This latest spyware is more advanced than ever and is exceptionally difficult for many virus protection programmes to detect spyware.

    How do I avoid becoming a victim of spyware?
    • Ensure that you have the latest up-to-date Antivirus software installed. Absa offers our Internet Banking and Cellphone Banking customers free antivirus software each year (Download Trend Micro Maximum Security Antivirus 2012)
    • Never click on links or attachments on emails unless you are sure about their source
    • Be aware of using infected storage devices (such as memory sticks) which may contain a virus or spyware

    Always browse trusted websites, and only download from sites that you are sure are safe. Reckless browsing behaviour can result in your personal information being placed at risk and opening you up to becoming a fraud victim

  • Don’t be a victim of Phishing Scams

    Phishing scams are becoming increasingly sophisticated as fraudsters will stop at nothing to steal your money. Don’t be caught out and always keep these tips in mind

    Phishing Fraud: Be aware and avoid becoming a victim

    It is very easy to panic when you receive an email that says your account has been compromised. Fraudsters rely on this panic to ensure that their victims will react by clicking on links and entering their personal details to ensure that their money is secure. For this reason, whenever you receive an email, SMS or phone call that seems even slightly out of the norm, you should query it. Those five minutes could prevent you from becoming a victim of fraud. These tips will also come in handy:

    • Always check that you are on a secure website (watch out for “https” in the Internet Address bar at the top of your internet browser)
    • Always log off properly whenever you finish banking online
    • Signing up for NotifyMe will ensure that you are aware of all activity on your account the second it happens
    • Never reply to phishing scams - rather forward them onto your bank
    • Never open attachments on emails claiming to come from your bank - they could contain spyware that could track your keystrokes and gather your personal information

Need more help?

Let one of our consultants assist you.

Call our security centre on:

Fraud Hotline:

0860 557  557

3D Secure Call Centre:

+27 (0) 11 354 4058

Report phishing e-mails:

secmon@absa.co.za