Internet security

You can browse the Internet safely if you take into account minimum precautions, especially when dealing with online banking or home banking. We offer the following recommendations:

Keep your PC’s operating system and the different programs you use to navigate, such as the Internet browser, up-to-date.

• It is very important to have antivirus software and that it is updated every day. Outdated antivirus software quickly loses its effectiveness because it cannot recognize new viruses.
• It is important that the antivirus software is well configured. Do not hesitate to use the service of professional technicians if you have any questions about the configuration.
• It is important that your antivirus software regularly scans your entire computer.
• The firewall is software that prevents unauthorized access to the PC from outside and warns you if there is an external attempt to access it. Just like the antivirus, a badly configured firewall is of little use. Do not hesitate to use the service of professional technicians if you have any questions about the configuration.
• Installing antispyware software is a good security measure, but, as always, you have to keep it up-to-date and well configured. Do not hesitate to use the service of professional technicians if you have any questions about the configuration.

Internet fraud

Knowing the most common types of fraud will help you avoid surprises.

• Be wary of e-mails with strange subjects or unknown senders.
• Be wary of e-mails asking for personal information, unless you know the sender’s identity in a reliable way.
• Viewing email through “Preview” is the same as opening the email. If you can avoid it, do not use ‘Preview’ because some viruses are activated when the mail is opened.
• If you suspect you have received a fraudulent email, please contact your bank.
• Your bank will NEVER ask you for your access credentials by email or any other means.

Andbank’s security solution

Andbank has the most advanced technology to guarantee the highest level of security and confidentiality in its management.

What is phishing and how to detect it

Increasingly, we use the Internet as a means to be informed, make online purchases, establish social relationships, carry out banking procedures, etc. in our day-to-day life. It is becoming increasingly difficult to imagine situations such as, for example, a person not having a mobile phone with Whatsapp to chat with, not having a profile created on a social network or not using the Google search engine to find information of interest.

Technology is evolving to make our lives easier, but its use exposes us to some risks, such as phishing, or the substitution of Internet services by cybercriminals. Unfortunately, there are people, gangs and mafias in general who try to trick you while surfing the Internet with your devices, to carry out various malicious actions.

What is phishing and what is its purpose?

Phishing is an attempt to impersonate: cybercriminals pose as a well-known and reputable company, institution or service to trick you into stealing your private data, access credentials or bank details. This fraudulent practice is based on social engineering and is widespread. Sometimes phishing is also used to infect devices with some kind of malware (malicious program).

How can a case of phishing get to us?

Most phishing cases are distributed via email because cybercriminals have a large number of email addresses that they have collected in a variety of ways. Therefore, it is relatively easy for them to use this medium to spread their phishing attacks. However, there are also other means of propagation such as:

• Social networks, through creating profiles and fake pages.
• Sending SMS/MMS messages to mobile phone numbers. This practice is known as Smishing.
• Telephone calls, both to mobile and fixed telephones.

What are the companies, institutions or services most commonly used in phishing?

There are many services that have been affected by phishing, from public institutions such as the Tax Agency and Postal and Telegraph Services, through State Security Forces and Bodies such as the Police, to private companies such as Dropbox, Microsoft, Apple, Iberia… and of course banking entities like us. Many entities have detected that their brand has been used by cybercriminals to try to steal passwords to access the online banking service, as well as other bank details (credit card number, CVV, card coordinates, PIN, etc.) of customers.

Being a victim of any type of phishing can cause serious problems, mainly privacy problems, but falling into the trap of bank phishing can be even more painful, as it could lead to a significant economic loss.

Secure passwords

Passwords or keys are a security mechanism that dates back to antiquity and are still one of the most frequently used security elements on the Internet today. A password is composed of a variable number of characters. The quality or strength of a password depends on the number of characters it has (the more characters the stronger it is) and the type of characters: numbers, letters, special characters, extended characters, etc. The greater combinations of types, the stronger it will be.

The password is the key to many services on the Internet, so the first lesson is that it must be safe enough to avoid security problems.

In addition, a password must always be kept secret or it would not make sense. It’s pointless to have passwords of fourteen alphanumeric characters, uppercase, lowercase and symbols, if it’s pasted on a Post-it on your computer screen in plain view of everyone.

Features of a good password

To be considered secure, a password must have the following characteristics:

• Secret. The password must be kept secret, a shared key is not secure.
• A password is considered robust when the probability of discovering it is minimal and the time and resources needed to obtain it is not profitable or viable. The necessary features to consider a robust password are:
  • Minimum length of ten characters.
  • It must contain lowercase, uppercase, numerals and symbols.
• It must be different from the default service or product and the same password must not be shared between different services (email password should be different from the bank’s, etc.).

Online safety tips

• Never give anyone your user, access and transaction signature codes.
• Change the access keys to the Online Banking service periodically.
• Do not write your Online Banking passwords on paper or any file that is not encrypted.
• Always access Online Banking by typing the email address in your Internet browser.
• Always check the date and time of the last connection to Online Banking as well as the number of accesses per month.
• Avoid accessing online banking from public computers.
• Always keep your personal computer’s antivirus up-to-date.

Mobile banking security tips

• Change the lock code periodically.
• Activate and set the automatic lock.
• Monitor Bluetooth or Wi-Fi connections. Configure it so that whenever you connect, you are prompted for permission.
• Make sure that downloaded messages and applications are of known origin.
• Install an antivirus on your mobile device. Find the one that best suits your needs and your use of it.
• Back up regularly.
• If your mobile device is lost or stolen, contact the telephone operator immediately for blocking.

Card security

At Andbank we safeguard the security of our clients’ cards to give them peace of mind. We are Andorra’s most pioneering bank in terms of card security:

1. All cards issued feature EMV (chip) technology.
2. Transaction monitoring to detect fraudulent transactions.
3. Protection against fraud every time you swipe your card with Andbank distributors.

Whenever you insert the card in Andbank cash dispensers, a unique process that protects it against fraudulent duplication is performed. This is why we suggest that you normally use any of the Andbank cash dispensers, especially if you have carried out transactions outside the Principality of Andorra.