Secure Online Banking FAQs - RaboDirect

The Digipass is a small hand-held device, much smaller and thinner than your mobile phone. You use it to:

• access your RaboDirect account(s)
• validate your transactions                 

The Digipass is the hardware that randomly generates the access codes you need to use your personal account. The Digipass itself has a five-digit PIN code to access it which you replace with your own personalised five-digit PIN code. 

You will receive detailed user instructions when you receive your Digipass. These explain everything you need to know in step-by-step detail.

The Digipass is a 'Random Number Generator' that creates one-time access codes. The codes are used to identify you as a user, log you on to your accounts and verify transactions. The Digipass gives you peace of mind knowing that your financial information is always protected.

Is a Digipass safer than a standard login code? 

Yes. The Digipass generates an electronic signature to help prevent any other person from accessing your accounts or transactions. Also, your Customer Number is never saved onto your computer. 
At RaboDirect, our security approach is based on what is known as two-factor authentication. The two elements are: 

1. Something you know: your Customer Number and PIN code; and 
2. Something you have: your Digipass. Your Digipass cannot be used without your PIN code, making it worthless to somebody else should it be lost or stolen.   

Therefore, even if someone gains access to your account details, they can't access the account without having BOTH your Digipass AND your PIN code. This is safer than a standard user name and/or password log in because if somebody else gains access to these, they can simply log in without requiring an external device (i.e. a Digipass). 

Once your Digipass is set up, simply select "Secure Login" (from the website) and follow the instructions on the computer screen.
Remember: always use your personalised five-digit PIN code. (Your initial five-digit PIN code is only ever used to set up your Digipass.) 

You will need:

• your Digipass
• your initial five-digit PIN code       

	Follow these steps:	Digipass will display:
1.	Press  on your Digipass.
2.	Enter your initial five-digit PIN code.
3.	Now enter your own new and unique five-digit PIN code.
4.	Re-enter your new PIN code to confirm.
5.	This confirmation message will display for a few seconds.
6.	Your Digipass is now ready to use and will display "APPLI" for a few seconds before automatically turning itself off.

The random numbers generated by the Digipass change every time. This means that the number can only be used once, within the specified time limit. That means your number becomes useless to would-be hackers. This significantly reduces the security risk associated with other forms of online security such as permanent access codes.

Note - RaboDirect will NEVER send you an email requesting your personal access details. If you ever receive such an email please notify us immediately. 

The Vasco Digipass security system used by RaboDirect offers New Zealand customers the highest levels of online banking security. Vasco has an international reputation through its work with more than 370 international financial institutions, approximately 1,700 blue-chip corporations and governments located in more than 80 countries.

Practically speaking, when you log into your accounts you need to know your individual Customer Number, have your Digipass to hand and know your PIN code. So even if your Digipass were to fall into the wrong hands it's worthless without the PIN code and your Customer Number.

You don't need any special software to use the RaboDirect online banking service and you can use your Digipass anywhere you want - that means you're not stuck to using just one computer. Coupled with the fact that it takes less than 10 seconds to use a Digipass, the whole system is simple and secure.

Yes. You can change your PIN code at any time. Here's how:

	Follow these steps:	Digipass will display:
1.	Press  on your Digipass.
2.	Enter your existing five-digit PIN code.
3.	Press  for two seconds.
4.	Enter a new five-digit PIN code.
5.	Enter your new five-digit PIN code again.
6.	Your Digipass is ready to use.

If your Digipass gets blocked

If you enter your PIN incorrectly five times the Digipass will display "Lock PIN" and a number. Simply call us on 0800 22 44 33 (+64 4 819 2870) and we will get you online again.

If your Digipass gets misplaced

We have a secure way of handling this. Print off the form Replace my Digipass [PDF 246KB]. Fill in the details as required and send it to us by fax, email, or post. The contact details for this are provided on the form. We will deal with your request quickly to get you back online.

If the answers in these FAQs do not resolve your problem, you can contact our Customer Contact Centre on 0800 22 44 33. Or send us an e-mail: info@rabodirect.co.nz 

Some RaboDirect transactions and orders require an eight-digit electronic signature. This is an added level of security to protect your money.

Simply follow the instructions on your computer screen - they will explain how to create an eight-digit electronic signature using your Digipass.

No. Remember, they need all three elements to gain access to your account.

Here are some security precautions anyone can adopt to increase their own levels of online security.

1. Protect your Digipass and PIN number

• Never divulge your account number or Digipass PIN code to anyone.
• Memorise your account number and Digipass PIN code. If you need to write them down, store them in a location separate from your Digipass or account numbers.
• Always keep your Digipass separate from your account number and your Digipass PIN code.
• Do not write your customer number or Digipass PIN code on a Post-It note and stick it to your computer.
• Notify us immediately if your Digipass is lost or stolen and we will issue you with a replacement Digipass and PIN code.  

2. Use RaboDirect Secure E-mail

Never send sensitive financial information to RaboDirect through regular e-mail. RaboDirect customers have access to secure-mail within our secure transaction site. You should use this e-mail function to communicate with our Customer Contact Centre if you want to include information pertaining to your account statements or account details.    

RaboDirect will NEVER send you an email requesting your personal access details. If you ever receive such an email please notify us immediately.

3. Use updated Anti-Virus Software

We strongly recommend that you protect your computer from viruses by installing and regularly updating firewall and anti-virus software. 

4. Activate a Pop-Up Window Blocker

Blockers are often part of anti-virus and firewall Internet security packages. When you have installed your pop-up blocker you may want to adjust the setting to allow pop-up windows in websites that you trust and need to access.

5. Scan your computer for Spyware regularly

You can eliminate potentially risky pop-up windows by removing any spyware or adware installed on your computer. Spyware and adware are programs that look in on your web viewing activity and potentially relay information to a disreputable source. Perform an Internet search for "spyware" or "adware" to find free spyware removal programs. 

As with a pop-up blocker, you will want to be sure that your removal program is not blocking, or removing, wanted items, and if it is, consider turning it off for some websites.
 
6. Avoid downloading programs from unknown sources

Downloads may contain hidden programs that can compromise your computer's security. Likewise, e-mail attachments from unknown senders may contain harmful viruses.

7. How to contact us if you have any questions or concerns

At RaboDirect, we maintain the highest security standards and ensure your money is protected at all times. However, if you have any misgivings or require advice on secure online banking, please contact our staff in our Customer Contact Centre by info@rabodirect.co.nz or phone 0800 22 44 33.

Our website has been built for Internet Explorer version 5.5 (Service Pack 2) and higher. If you don't have this browser version, you can download it from http://windowsupdate.microsoft.com. 

Mac users can access the website using Internet Explorer 5.1.7 (Mac OS 8.1 to 9.x) or 5.2.3 (Mac OS X). You can find these at: http://www.microsoft.com/mac.

We also support Firefox Version 1.5 and above.  You can download this from http://www.mozilla.org.

To help safeguard your computer from viruses, trojans and spyware we recommend that you take the following precautions. These precautions will protect your computer when using the internet and email in general.

• Seek professional advice for the installation and maintenance of third party software installed on your computer
• Ensure that the latest anti-virus software is installed and run regularly on your computer
• Consistently update your Operating System with the latest security patches
• Update your browser with the latest security patches
• Install a firewall
• Install anti-spyware software & regularly scan your computer

Firewalls are a set of related programs, located at a network gateway server, designed to prevent unauthorised entry into a computer or network. Further software has been utilised to monitor suspicious activity and automatic alerts are generated if abnormal activities are detected. In addition, Rabobank subscribes to monitoring services that regularly report on potential vulnerability.

There are many companies to choose from who specialise in software to safeguard your computer from viruses, trojans and spyware, although you should talk to your computer supplier for the best software for you. The following are a few such companies:

• AVG: http://www.avg.com.au/
• Mcafee: http://www.mcafee.com
• Symantec: http://www.symantec.com

Viruses are malicious programs that spread from one computer to another through sharing of "infected" files e.g. when infected emails are opened. Viruses can render computers inoperable and can damage files.

A trojan is a malicious program that can appear to be harmless, such as a game demonstration. Trojans can damage your important data files. A combination of firewalls and anti-virus software can protect your computer from trojans.

In many cases, users unknowingly install Spyware when they download free software. Spyware is used to track web surfing habits. This valuable marketing information is then sold to third parties. In the process of tracking web surfing habits, confidential information such as passwords etc is also captured.

Please contact our staff in our Customer Contact Centre by emailing us at info@rabodirect.co.nz or phone 0800 22 44 33, Monday - Friday 8am-7pm.

The fake email can look very realistic but there are tell-tale signs that they are not genuine.

• Firstly, RaboDirect will never ask you to reconfirm your Customer Number, Digipass PIN code or bank account numbers by email or by telephone. If you receive an email or a telephone call requesting confidential information this should immediately raise your suspicions and you should contact us immediately.

• Check the URL address carefully on the website. It might look similar to the usual online banking URL that you use, but there will be some subtle differences. Look out for the padlock icon to determine if you are in an encrypted secure session. A message saying something along the lines of 'Error! Hyperlink reference not valid.' is also a tell tale sign that something is not right.

• Look out for obvious grammatical errors or misspellings. Sometimes these errors are deliberate - they can help get around spam filters, but often they are simply the result of poor spelling and grammar on behalf of the fraudsters.

• The layout of the email and logos may make you suspicious.  If you hover your mouse over links in the email you probably won't point to your bank's website but to some other third party website unknown to you.

• Does the email address you personally by name? If not, this can also raise suspicions. We won't send you an email starting with 'Dear Customer', for example.

• The tone of the email is urgent encouraging you to immediately take the action requested in the email such as verifying your online banking security details.

The New Zealand Department of Internal Affairs has posted some good examples of fake emails to help you identify whether or not the one you have received is genuine. 

If you receive an email that appears to be from RaboDirect, but you are unsure if it is genuine, contact us before potentially compromising your online security. It's better to be safe than sorry.

• First of all, don't panic.

• Do not respond to the mail. This is important because the fraudster will then know that your email address is real working one.

• Do not click on any links in the email. You could unwittingly download spyware programs to your computer by doing so.

• Contact your bank. They will probably already be aware of the email by the time you contact them.

There are many ways that criminals harvest emails. Sometimes they can hack into a database to steal them, other times they just buy lists from disreputable marketing companies. Another way is to try and guess email address using automated programs.

If you receive a phishing email, you may think that the fraudster knows that you bank with the bank they have targeted. They generally don't know this. By casting their net far and wide they hope to catch some real bank customers. Often, you will receive similar emails from banks you are not a customer of from the same fraudsters.