Security Centre

Various security mechanisms have been put in place to safeguard you from any online security risks; such as online identity theft or online fraud.

To ensure your further safety while banking online, make sure you are aware of the following:

  • ATM Security

    When you complete your banking transactions at any ATM in South Africa, remain alert and vigilant, so that you don’t become a victim of fraud or crime.

    Using ATMs safely

    When you bank at any ATM across South Africa, you need to ensure that you are vigilant and aware of your surroundings when approaching the ATM and when you are busy transacting so that you don’t become a victim of crime or fraud.

    ATM safety tips

    • Choose a PIN number that’s difficult to guess. This means you shouldn’t use birthdates or other numbers that are easy to guess.
    • Memorise your PIN so that you don’t have it written down anywhere.
    • Approach an ATM only under the right conditions and always be aware of your surroundings.
    • Check the area for suspicious-looking people before you approach the ATM. Leave the ATM immediately if you don’t feel safe.
    • If you think the ATM is not working, cancel the transaction immediately and try to use another ATM.
    • When you enter your PIN, cover the keypad with your other hand so that you can make sure that no one else sees your PIN.
    • Always concentrate and keep your eyes on the screen when you are at an ATM.
    • Don’t worry when your card goes in to the ATM card slot slowly. This is a precautionary measure that stops fraudsters from inserting other objects into the ATM slot. Barclaycard Credit Carduses a unique anti card skimming software called Jitter, which sends a disrupted signal to any illegal skimming device, which prohibits the copying of data from banking cards and makes skimming impossible.
    • If you need help, don’t ask anyone other than a bank official. Never ask strangers or the ATM security guard for help.
    • Always be cautious of strangers who offer to help you at the ATM, they might be trying to distract you and take your card or get your PIN number.
    • You shouldn’t use an ATM if it looks like the card slot, keypad or screen has been tampered with.
    • Ensure you get your card back every time you use it and check that it is your card. This is especially important if someone disturbs you whilst at the ATM, as they may have swopped your card.
    • If your card is lost or stolen, or it gets retained or jammed, or somebody interferes with you while using an ATM, you should immediately call the Stop Card Line to report it and cancel your card.
  • Banking Scams

    Criminals will go to great lengths to steal your money – but the more aware you are, the less likely it will be that you will fall prey to internet or email phishing scams.

    While the internet can make life very convenient with services such as online banking and shopping, there is always the underlying security risk that criminals will abuse the internet to gain access to your personal information – such as banking details – and use this to steal your money.

    Here are some scams that you need to be aware of:

    Phishing Scams

    Fraudsters often send out emails claiming to be from a reputable organisation – commonly known as ‘phishing’ - many of which look very authentic as they make use of the Barclays Card logo and corporate colours to convince you that the email is legitimate.

    Often, the content of the email makes reference to your account being suspended, and the only way you can stop this suspension is to click on the link supplied and update your personal details. Although this link does not link to the real Barclaycard Credit Card website, these websites are usually designed to look exactly like the Barclaycard site, and it becomes difficult to differentiate between this site and the real site.

    Steps to avoid being a victim of phishing attacks

    Although we have a number of security measures in place to protect you, your awareness is the key to avoid being a victim of phishing attacks, so bear the following in mind when you receive an email claiming to be from Barclaycard Credit Card:

    • Never reply to these emails, and don’t click on any links
    • Never provide your personal details such as your PIN or account details via email or on any links within these emails. We already have information like your ID number, cell number and email address and will never ask for them via email
    • Never navigate to our site using a link from an email – always type in the address (www.barclaycard.co.za)
    • If you receive eStatements – read this info to make sure that you are opening a legitimate statement
    • Delete spam emails immediately. Even a request to remove your email address from the mailing list will confirm to the fraudsters that your email account is active, and could open you up to more attacks
    • Never open an email attachment unless you know who sent the message
    • Use the latest browsers which come with filters that alert you when you visit a website that contains potentially unsafe website
    • Barclaycard Credit Card will never send you a letter or e-mail requesting you to complete your personal details by clicking on a link in an e-mail

    Cellphone Banking Scam

    Watch out for this cellphone scam that enables fraudsters to conduct a SIM swop and gain access to your accounts.

    The Cellphone Banking scam is particularly scary because it enables fraudsters to personally receive your Random Verification Numbers and transfer money out of your account without you even being aware of it.

    Essentially what happens is:

    • You will receive an SMS from your “bank” stating that there is a problem with your account, and a consultant will be in contact with you shortly
    • A few minutes thereafter you will receive a call, and the consultant will ask you to confirm some details, and ask you for additional information such as your account number, the type of phone you use, and recent dialed numbers
    • They then perform a SIM swop at your cellphone provider which enables them to receive all your banking alerts – allowing them to transfer money to themselves

    Once you become aware of the fact that your cellphone is not working, the money will have been removed from your account.

    Vishing Scams

    We are all aware of phishing - and think twice before we click on any links in emails that could compromise our personal information. Unfortunately, fraudsters have very innovative ways of getting to your money - and Vishing is one of these ways.

    As opposed to the normal phishing procedure where you sent an email requesting you to click through to a page (that often looks exactly like the logon page of your bank but is under a fake URL), Vishing requires you to phone a telephone number to update your details or to avoid having your account closed.

    When you phone the number, an automated recording (or a real person) will take your call (using the name of the company concerned) and ask you to verify your information for security purposes. Often this includes your account number and your identity number. Alternatively, they call you directly posing as a consultant from the bank - and ask you the same questions. Once they have the information, they often put you on hold while they attempt to access your account and your money.

    As a rule of thumb: don’t click on that link and don’t call that phone number. If you are concerned and would like to speak to your bank, contact them via the usual channels. Phone the call centre using a verified number. Type in their website address directly - don’t click on URLs.

  • Banking Security

    SIM Swaps

    With the latest spike in SIM swap fraud, make sure you take all the precautions you can to avoid becoming a victim

    Most of us are attached to our cellphone - which is what makes the fact that fraudsters can take control of your financial future without ever laying hands on it even more terrifying. All they need is your personal information (ID, address, etc) and your cellular information (cell number, provider, etc) to request a new SIM for your number.

    How does a SIM swap work?

    Usually, if your SIM card is damaged or lost, all you need to do is go to your mobile operator with your ID and request a replacement. Fraudsters are taking advantage of this, inserting the newly acquired SIM card in one of their phones, and using it to intercept things such as your banking notifications and approval SMSes – allowing them to transfer large amounts of money out of your account without you even noticing.

    • The fraudster will approach your mobile operator pretending to be you. They may have a fraudulent copy of your ID and will request a new SIM card
    • Once approved, the old SIM card will no longer receive information and you may notice that your phone will not be getting signal. Some SIM swaps require you to turn off your phone

    Often, you will get a call from someone posing as a consultant from the mobile company requesting you to turn off your phone; or to confirm some of your personal details. Never supply any personal information to anyone over the phone.

    Once all this has happened, any NotifyMe alerts, payment confirmation and other SMSes will go to the fraudsters

    They may have my SIM, but how did they get my bank details?

    SIM swapping is usually phase two of a fraud attack. Initially, they will have sent you a phishing email (or other similar phishing attempt) to get all your banking details. They will also work toward getting your personal information and may even go as far as stealing your identity and create fraudulent ID documents. In order to use all of this gathered information, they need access to your phone – hence the SIM swap.

     

    What can I do?

    The first line of defence against SIM swaps is to protect your personal and cellphone account information from known or 3rd parties and websites (such as cellphone contract type, debit order dates, ID, addresses, transaction behaviour, etc)

    • Be vigilant and try stay aware of your cellphone’s network connectivity status. If you realise that you are not receiving any calls or SMS notifications, something may be wrong and you should make enquiries to be sure that you have not fallen victim to this scam
    • Some Mobile Network Operators send customers an SMS to alert you of an instruction to SIM swap – which means you can act and stop this fraud in its tracks by contacting your mobile operator immediately

    Do not switch off your cellphone in the event you are receiving numerous annoying calls, rather don’t answer the calls. This could be a ploy to get you to turn off your phone or put it on silent to prevent you from noticing that your connectivity has been tampered with

  • Online Security Measures

    Barclaycard Credit Card Online Security Measures

    With so many online security risks; such as online identity theft or online fraud threats out there, it is imperative that you take the necessary precautions to safeguard yourself. Barclaycard Credit CardOnline has various security mechanisms in place to ensure your online banking security.

    Here are some of the ways we are looking out for you:

    A two-phase logon system

    You can only log on to the system if you have registered as a user with a personalised access account number and PIN. When logging on, the first screen requests your account number and PIN; the second screen requests certain randomly-generated characters of your selected alphanumeric password.

    Virtual keypad PIN input

    To avoid having your information being captured by keyloggers, enter the characters of your password and PIN with the on-screen virtual keypad, as opposed to typing them out using a keyboard.

    SMS alerts of Barclaycard Credit Card Online logon activity

    To ensure that you are kept abreast of all activity on your online banking, every time you logon you will receive an SMS alert, free of charge. In the event that you have not logged on to online banking, you will be able to alert us by calling the Fraud Hotline immediately.

    One-time verification passwords

    When creating a new beneficiary, changing transfer limits, or other kinds of sensitive transactions, a special one-time password, called a Random Verification Number (RVN), will be sent to your cellphone. You must type this into the indicated field for verification. Just before the payment is made, another one-time password will be sent to your cellphone, called a Transaction Verification Number (TVN) to confirm the transaction. These passwords can only be used once, and dramatically decrease the risk of being defrauded.

    A personalised welcome message: Barclaycard Credit Card’s SureCheck

    Once you have set up your personalised welcome message, it will display each time you logon to online banking. This validates that you are on the valid online banking website as it cannot be duplicated by fraudsters due to the personal nature of the phrase.

    Verisign Security Certificates to verify the encryption of the website

    Verisign, a public key certificate issuer, has endorsed Barclaycard Credit Card’s Online site as a secure and encrypted transactional banking site, and has issued Absa with a certificate to that effect. The Lock and Key icon that appears at the top or the bottom of your browser is indicative of this and you can click this icon for more information on the security certificate.

    Multiple firewalls to restrict access

    Our online banking makes use of multiple firewalls to ensure that only clients with valid access credentials can access the service.

    Advanced Encryption Software

    We use the most advanced internationally accepted standards of encryption technology. At present, this is 128-bit encryption built into the browsers; therefore, it is always in your best interest to update your browser to the latest released version.

    Website timeout and automatic logout

    If you have logged into online banking and there is no activity in that session for a period of six minutes, you will be automatically logged out.

    3-password failure resulting in account suspension

    If the incorrect PIN or password is entered three times consecutively, the online banking service will be temporarily suspended and you will have to visit an Absa branch to reset your PIN and password.

  • Online Shopping and 3D Secure

    Introduce a more secure online experience for you! No up-front registration is required when shopping online at a 3D Secure merchant and no username and password to remember anymore. You will now receive a One-Time-Password (OTP) that will only be valid for one transaction when shopping at a 3D Secure merchant, protecting your Barclaycard Credit Card against fraudulent online use.

    Online shopping safety tips

    Online shopping is quick, easy, and convenient – however, there are still some safety factors that need to be considered when using your credit card to make purchases online.

    • Only place an order with your credit card on trusted websites that are verified as secure sites (look for the lock image on the toolbar).
    • On the Web page where you enter your credit card or other personal information, look for an "s" after ‘http://’ in the Web address of that page - it should read: ‘https://’. The encryption is a security measure that scrambles your data as it is entered.
    • Ensure that the website is authentic and secure by finding out what other shoppers say. Some websites such as epinions.com and bizrate.com have customer evaluations, which can help you determine a company's legitimacy.
    • Do not send emails that contain personal information such as your card number and expiry date.
    • Use good quality antivirus software – such as the free software we provide for our Internet Banking and WAP-based Cellphone Banking customers.

     

    Secure, Verified by VISA and MasterCard SecureCode

    We all love the convenience of shopping online, but are concerned about the risks that may be involved. This is why technology, such as 3D Secure, has been designed – and protects you while you shop.

    What is 3D Secure?

    3D Secure protects you, the cardholder, and the merchant by verifying your personal details during an online purchase, prior to the transaction being processed. It ensures an additional level of protection when shopping online. This service is now enhanced with OTP instead of a static username and password.

    What does OTP mean for you?

    Buying online is safer than you think with OTP. It’s designed to give your Barclaycard Credit Card an extra level of protection against unauthorised use when shopping online. You will now receive a OTP via SMS every time you make a purchase, and this password will only be valid for that transaction.

    How OTP works when you’re shopping online at participating 3D Secure merchants:

    1. Shop online and proceed to the checkout
    2. Input your 16 digit Barclaycard Credit Card number, Expiry date and CCV number when prompted
    3. You will then be asked for an OTP which you will receive via SMS on your registered cellphone number
    4. Finalise your purchase

    3D-Secure OTP benefits for you:

    • No need for registration and activation up-front
    • No need to remember a username and password
    • Reduces the risk of your 3D Secure password being compromised or phished
    • No need to phone to unblock 3D Secure passwords
    • Additional level of protection when shopping online

    Where can I find more information about 3D Secure?

    If you have any queries or questions about 3D Secure or need technical assistance, you can contact the 3D Secure Call Centre.

    3D Secure Call Centre

    +27 (0) 11 354 4058

  • Protect Yourself Online

    There are a number of security measures that you can practice whenever you use the internet for online banking or shopping to ensure that you are not the victim of internet fraudsters.
    Avoid online fraud attempts

    Many of us use the internet on a daily basis – for anything from shopping for groceries and gadgets to auctions and online banking. Although most of our online interactions are secure, there is always a risk that we could open ourselves up to online fraud attempts, such as identity theft.

    Measures to improve online security

    It is vital that you are aware of some measures that you can take to make you more secure online, such as:

    • Always keep your personal access information secure, and change your Card PIN and passwords regularly.
    • Never open on a link or an attachment within an email claiming to be from Barclaycard Credit Card, as this may link to a fraudulent website or download a virus or key logging software that will compromise your security.
    • Be aware that phishing scams have also been received through instant messaging systems such as Google Talk or Skype; as well as through Social Networking websites such as Facebook. When in doubt of the authenticity of a link or a claim, simply don’t click it.
    • Install good quality security software and ensure that you have updated to the latest version of your browser. Most of the newer browsers have the inherent ability of detecting fraudulent websites.
    • Don’t bank or shop online when using a public terminal such as those found in internet cafes, hotels, coffee shops or student labs. Key logging software could be present on the computer, and will send all your personal information through to the fraudster, who could then use this information to clear out your account.
    • Before you bank online, ensure that you are actually within the secure online banking website. Once you visit www.barclaycard.co.za and click on the Online Banking link, you will be redirected to an available banking server. Once there, check the browser address. It should begin with ‘https://’ (not ‘http://’). Also check the browser for a closed lock and/or key icon – which should either be at the top or the bottom of the screen.

    When leaving your computer, always end the current session by closing your browser window, and never leave your computer unattended during an Online Banking session.