Security Guidelines for Online Access

You need to protect yourself against the various identity theft threats. For more information on the different identity theft techniques read Identity theft and its perils. Following are some useful guidelines/tips for end-users to minimize security risks while transacting online.

1. Protect your computer by installing anti-virus, firewall, and anti-spyware programs and keep them up to date. Install operating system security updates automatically or as and when they are available.

2. Install and use newer versions of browsers like Internet Explorer and Firefox that have features for identifying and warning against known fake/phishing sites.
3. Do not access your account from public locations hence preventing situations where personal information can be intercepted, retrieved, or viewed by unauthorized individuals. Do not leave your computer unattended. Log-off or keep it locked when not in use. Log out from online banking and eCommerce sites immediately after use and close the browser window. Always, use a new browser window to browse any other site.

4. Use unique and hard to guess login information.

5. Use two sets of login information. One for banking, eCommerce, email etc kind of services and the other for less important services like online user groups, blogs etc. To the extent possible do not use more than two sets of login information (user id / password) across all services that you use. This will prevent the need to remember many sets of login information and also the need to write down the login information.

6. Do not write down or store login information anywhere. Doing so will rule out losing login information. If storing is absolutely unavoidable do so in a secure place without access to anybody else.

7. Do not share or disclose your password to anybody, be it a friend or family. Do not share your Debit / Credit cards with anybody.

8. Store the website address and phone numbers for all frequently accessed websites in a text file. Do not type the website address in the browser as this could lead to typing errors. Phishing sites can misuse such instances by having parallel websites that look similar to the genuine website. Copy the address from text file into the browser. Get the phone number from the local directory service.

9. Do not unnecessarily open ports on your firewall. When required open them only for the duration required by the particular program. Switch of internet connectivity from your computer when not in use, this will reduce the chances of misuse by remote computers.

10. Do not download files and programs from unknown sources. These files could be infected with virus, malware etc in addition to containing the information you need.

11. Check your account regularly for unauthorized activity. If your account is compromised, take swift action by informing the bank/website and your local cops. Immediately, change the login information for all your other services to avoid misuse.

12. Pay using credit cards for online purchases as they have stronger protection against personal liability claims than debit cards.

13. Verify email correspondence from bank. Do not respond to any emails with account or login information, even if the source of the email seems genuine. Do not access any links provided in emails as these could again take you to phishing web sites. Also, do not call phone numbers listed in these emails.

14. Review all privacy and policy information of your bank.