We take your security seriously and that is why we have a number of systems and security protocols in place to guard you while you do internet banking, and to make sure you are safe from identity theft or any other online threats. That way no matter where or when you logon, you know you are protected.
Absa’s internet banking is built using state-of-the-art technologies that provide a high degree of security. The security infrastructure comprises a firewall, intrusion detection systems (IDS), virus monitoring tools and many more. The security requirements have been implemented and audited by an international consulting firm, using internationally accepted standards and practices. Internet banking uses 128-bit digital certificate for encryption of the Secure Sockets Layer (SSL) session. SSL is the industry standard for encrypted communication and ensures that customers' interaction with the bank over the internet is secure. Besides technological solutions, security is also built into the login process. Internet banking enforces the use of a minimum 8-character password including alphanumeric plus special. We also use secret question and answer to protect your online banking details.
Our internet banking service is hosted on a secure 128-bit encrypted server. This means that any information you send us is encoded for your protection.
Secure Code is a feature that helps us to identify that it is really you making the transactions. It is a unique code that will be sent to your mobile phone via SMS.
When creating a new beneficiary, doing one-time transfers, or other kinds of sensitive transactions, a special one-time password (OTP), will be sent to your mobile phone. You must type this into the indicated field for verification. These codes can only be used once, and dramatically decrease the risk of being defrauded.
Internet banking logs you out if you are inactive for 5 minutes. This gives you added protection if you forget to log yourself out.
If the incorrect PIN or password is entered three times consecutively, the internet banking service will be temporarily suspended or locked and you will have to visit your preferred branch or call our Contact Centre on +254 (20) 3900000.
Virtual or dynamic keyboards are designed to reduce the risk of programs that download themselves to your computer and create keystroke log that can be used to gain access to your accounts. Virtual keyboards are an important component in securing your online banking experience.
- Avoid using shared computers when accessing Absa Online Banking.
- Avoid logging into Absa Online Banking or using critical passwords at internet cafes, libraries, and other public sites to avoid the risk of information being copied and re-entered after you leave.
- Change your passwords regularly.
- Contact Absa Contact Centre on +254 (20) 3900000 immediately if you suspect your online banking password has been compromised.
- Use a password on your computer to prevent unauthorised individuals from accessing your information.
- Disable the "AutoComplete" function of your browser.
- Always remember to log-off online banking and close your browser when you have finished.
While the internet can make life very convenient with services such as online banking and shopping, there is always the underlying security risk that criminals will abuse the internet to gain access to your personal information - such as banking details - and use this to steal your money.
How to recognise a phishing scam:
Don’t be caught out! Find out what you need to look out for to avoid becoming a victim.
Fraudsters often send out emails claiming to be from Absa (or other reputable organisations) – commonly known as ‘phishing’ - many of which look very authentic as they make use of the Absa logo and corporate colours to convince you that the email is legitimate.
Often, the content of the email makes reference to your account being suspended, and the only way you can stop this suspension is to click on the link supplied and update your personal details. Although this link does not link to the real Absa website, these websites are usually designed to look exactly like the Absa site, and it becomes difficult to differentiate between this site and the real site.
There are some recurring themes that you can look out for when you receive an email, including:
- Terrible grammar
- Strange email addresses/Unknown email addresses
- A request to click on a link in an email
Never reply to a spam email - This only confirms that your email address is active, and will spur the fraudsters on to send you even more spam.
Delayed phishing attacks:
In some cases, fraudsters may obtain your access credentials long before any attempt is made to defraud your account. It is very important to change your banking logon information such as your username and password regularly to prevent delayed phishing attacks.
Steps to avoid being a victim of phishing attacks:
Although we have a number of security measures in place to protect you, your awareness is the key to avoid being a victim of phishing attacks, so bear the following in mind when you receive an email claiming to be from Absa:
- Never reply to these emails, and don’t click on any links
- Never provide your personal details such as your PIN or account details via email or on any links within these emails. We already have information like your ID number, cell number and email address and will never ask for them via email.
- Never navigate to our site using a link from an email – always type in the address.
- Delete spam emails immediately. Even a request to remove your email address from the mailing list will confirm to the fraudsters that your email account is active, and could open you up to more attacks.
- Never open an email attachment unless you know who sent the message.
- Use the latest browsers, which come with filters that alert you when you visit a website that contains potentially unsafe website.
- Absa will never send you a letter or email asking you to complete your personal details by clicking on a link in an email.
We will automatically disable your access to internet banking if three incorrect attempts are made to log in using your details. This is to stop fraudsters making repeated attempts to log into your accounts.
Follow these simple tips to enjoy a secured online banking experience:
- Avoid using shared computers when accessing Absa Internet Banking
- Avoid logging into Absa Internet Banking or using critical passwords at internet cafes, libraries, and other public sites to avoid the risk of information being copied and re-entered after you leave.
- Change your passwords regularly.
- Contact Absa immediately if you suspect your internet banking password has been compromised.
- Use a password on your computer to prevent unauthorised individuals from accessing your information.
- Disable the "AutoComplete" function of your browser.
- Always remember to log-off internet banking and close your browser when you have finished.
It is vital that you are aware of some measures that you can take to make you more secure online, such as:
- Always keep your personal access information secure, and change your PIN and passwords regularly.
- Never open a link or an attachment within an email claiming to be from Absa as this may link to a fraudulent website or download a virus or key logging software that will compromise your security.
- Be aware that phishing scams have also been received through instant messaging systems such as Google Talk or Skype; as well as through social networking websites such as Facebook. When in doubt of the authenticity of a link or a claim, simply don’t click it.
- Install good quality security software and ensure that you have updated to the latest version of your browser. Most of the newer browsers have the inherent ability of detecting fraudulent websites.
- Don’t bank or shop online when using a public terminal such as those found in internet cafes, hotels, coffee shops or student labs. Key logging software could be present on the computer, and will send all your personal information to the fraudster, who could then use this information to clear out your account.
- Before you bank online, ensure that you are actually within the secure internet banking website. Once you visit www.absaband.co.ke and click on the internet banking link, you will be redirected to an available banking server. Once there, check the browser address. It should begin with ‘https://’ (not ‘http://’). Also check the browser for a closed lock and/or key icon – which should either be at the top or the bottom of the screen.
- When leaving your computer, always end the current session by closing your browser window, and never leave your computer unattended during an Internet banking session.
A fraudster is able to perform an illegitimate SIM swap with your cellphone service provider by for example carrying a false copy of your identity document. This allows the fraudster full use of your cellphone account and to receive messages intended for you. They will also receive the confidential banking notifications and approval SMSs that the bank sends to customers. If they have already tricked you to give them your personal and account details, they can transfer money from your account without you knowing.
- Protect your personal, bank account and cell phone account information – also when you’re online.
- Immediately investigate when you notice that you are not receiving calls and messages.
- Keep your phone switched on – otherwise you will not notice when your SIM card has been swapped.
With the convenience of cellphone banking comes the responsibility of ensuring the security of your account:
- Don’t store your password or pin in clear text on your mobile device.
- Install antivirus software on your mobile device and scan your device regularly.
- Be wary that a 'jailbroken' device will weaken the security of your mobile device. The Absa App will not work on a jailbroken device.
- Enable the lock screen on your phone. A password or pin is always more secure than other lock-screen options.
- Turn off your wifi or data connections, when not in use.
- Use the latest software version.
- Be as vigilant on your smartphone or tablet as you would be on your computer.
- Don’t leave your tablet or mobile device unattended while you have your banking profile open.
- If your tablet or cellphone is stolen, remember to unlink it from your device access (this can be done on internet banking under your profile).
- Be careful when using public wifi or hotspots to do your banking.
Always remember to log out once you have finished banking.
Make sure you bank safely on your mobile device. We all use apps on the go — and with our app, it just became so much easier to get your banking done in those 'in-between' moments.
Keep these handy safety tips in mind when using an app:
- Read through the terms of the app and make sure that you understand the risks.
- Check what permissions the app is requesting.
- Download only apps from the authentic Apple App, Google Play, Windows App or Blackberry World stores.
If you doubt the legitimacy of the banking app, contact the bank on +254 (20) 3900000.
We will not ask you to confirm the following telephonically:
- Credit card expiry date
- 3-digit number on the back of the card
- Secure code/OTP number
- Your PIN (you will only be required to use your PIN or OTP number when transacting)
When we contact you, we will have your card number and you will only need to confirm a few digits.
If you receive a secure code/OTP and you are not transacting, please contact our Customer Service Line on +254 (20) 3900000.
Tips to avoid cheque fraud
Be especially vigilant when it comes to suspicious cheque deposits into your account, and take note of the following:
- Report lost, stolen or missing cheques immediately.
- Contact the Absa Customer Service as soon as you suspect fraudulent activity on your account.
- When filling out a cheque, never leave space in front of the name of the payee or the amount in figures. Draw a line through all unused spaces.
- Keep your chequebook in a safe place.
- Don’t sign blank cheques.
- Reconcile your bank statements regularly.
- To ensure that a cheque is paid into the intended beneficiary's account, the cheque must be marked with the words ‘Not Transferable’ between two transverse lines at the top of the cheque.
- Always keep your chequebook separate from your credit cards, ATM cards or any document that bears your signature.
- If you have to post a cheque, place it in a non-transparent or dark envelope without any staples/paper clips.
- Other payment methods are safe and convenient and can save on bank charges. These include internet banking, mobile banking, telephone banking, ATM payments, debit orders and future-dated payments.
- If you sell something, never release goods until the payment has cleared into your account.
- Never accept a faxed bank deposit slip as proof of payment. Details can easily be changed to reflect a higher value or to state that the deposit was made in cash.
When receiving cheques, be aware of the following:
- There should be no variation in the handwriting.
- The same pen should be used to complete the entire cheque.
- There should be no visible alterations.
Have you been asked to change the bank details for a client or supplier? This may be an attempt to defraud you.
Change-of-bank-account-details scam is clients receive requests, purporting to be from genuine clients or suppliers, asking them to change the bank details used for electronic payments.
These perpetrators go to the extent of diverting correspondence from the targeted business to verify the notification to one of them, who will then validate the instruction. Always make sure that it is indeed your supplier that you are communicating with.
If you believe you are a victim of this type of fraud, report it immediately to your relationship executive. Use the Absa Customer Service contact centre on +254 (20) 3900000 or visit the nearest police station.
Some recommendations to reduce the risks:
- The counterfeit invoice and covering letter may be printed on a scanned copy of the company’s letterhead and the logo may appear somewhat blurred.
- False confirming emails may be sent from almost identical email addresses, or addresses that differ from the genuine one by perhaps one letter that can be easily missed.
- Always confirm any request to change bank details with your usual contact.
- Instruct staff responsible for paying invoices to check invoices for irregularities and escalate suspicions to a known contact.
- Consider setting up designated single points of contact with companies to which you make regular payments.
- Shred your business and supplier invoices or any communication material that may contain letterheads.
- Don’t publish your bank account details on the internet, as this is company private information that can be used fraudulently.
- Consider reviewing previous requests to change account details to confirm they were genuine.
- To prevent your clients from acting on an instruction purporting to be from you, alert them to this type of fraud.
Minimise your risk of theft while travelling internationally:
When you travel internationally, you will need money to make purchases. To minimise your risk of your money being stolen, you should spread the risk across a Cash Passport, cash, and your credit card (if you have one).
Always bear the following safety tips in mind when travelling internationally:
- Carry any cash or credit cards as close to your body as possible. Popular options include a travel belt or a neck pouch.
- Be aware of scams where people ask you for money or assistance in order to see where you keep your wallet or purse.
- Keep the bulk of your money, together with vital documents, such as your passport and visa, in your hotel safe when you sightsee.
Spending options - Cash, Cash Passport, credit cards:
A Cash Passport is the perfect option for point-of-sale devices and cash withdrawals while abroad. It is pre-loaded with an amount of your choice (which can be added to at any stage), and is accepted worldwide at shops and ATMs displaying the Visa Electron sign. Cash is ideal for immediate purchases (such as drinks and food at the departure and arrival airports), as credit cards are not always accepted and are preferred for larger transactions.
Stay in touch with Absa while you travel:
To stay in touch with Absa and to keep an eye on your accounts back home and transact when needed, we advise you to register for mobile banking.
- Carry as little cash as possible.
- Pay your accounts electronically.
- Make use of mobile banking.
- Make use of internet transfers or ATMs.
- Alternate the days and times you deposit cash.
- Never make your bank visits public.
- Don’t openly display your money in the bank queue.
- Avoid carrying money bags or openly displaying deposit receipt books.
- Visit different branches to ensure your banking pattern is not recognisable.
- Consider a cash management service.
- Don’t pay wages in view of the public.
- Don’t use a company-branded vehicle to go to the bank.
- Use an electronic alternative to pay wages.
- Don’t make cash deposits on high-risk days.
- Let someone accompany you when you deposit.
- Let members deposit funds directly into the account.
- Arrange electronic pay-out to members’ accounts.
Online shopping is quick, easy, and convenient - however, there are still some safety factors that need to be considered when using your credit card to make purchases online:
- Only place an order with your credit card on trusted websites that are verified as secure sites (look for the lock image on the toolbar).
- On the web page where you enter your credit card or other personal information, look for an 's' after ‘http://’ in the web address of that page — it should read: ‘https://’. The encryption is a security measure that scrambles your data as it is entered.
- Ensure that the website is authentic and secure by finding out what other shoppers say. Some websites such as epinions.com and bizrate.com have customer evaluations, which can help you determine a company's legitimacy.
- Do not send emails that contain personal information such as your card number and expiry date.
- Use good quality antivirus software.
When you do your banking at any of our Absa ATMs, always ensure that you remain alert and vigilant so that you don’t become a victim of fraud or crime.
ATM safety tips:
- Choose a PIN that’s difficult to guess.
- Memorise your PIN so that you don’t have it written down anywhere.
- Approach an ATM only under the right conditions and always be aware of your surroundings.
- Check the area for suspicious-looking people before you approach the ATM.
- If you think the ATM is not working, cancel the transaction immediately.
- When you enter your PIN, cover the keypad with your other hand so that no one else sees your PIN.
- Always concentrate and keep your eyes on the screen when you are at an ATM.
- If you need help, don’t ask anyone other than an Absa bank official.
- Always be cautious of strangers who offer to help you at the ATM.
- You shouldn’t use an ATM if it looks like the card slot, keypad or screen has been tampered with.
- Ensure you get your card back every time you use it and check that it is your card.
- If your card is lost or stolen, or it is retained or jammed, or somebody interferes with you while using an ATM, you should immediately call Absa Customer Service Contact Centre on +254 (20) 3900000 to report it and cancel your card.
What is Phishing?
Phishing is one of the most common forms of social engineering. Chances are you have already seen quite a few phishing emails, and you might not even know it.
Some phishing emails are easy to spot – like the ones claiming to be from the Prince of Nigeria who needs your help laundering millions of dollars. Others – like emails that claim to be from your bank or someone you work with – are much harder to detect.
These days, spam – or unsolicited email – makes up over 70 percent of all email traffic. Most spam email gets caught and filtered before we even see it. Phishing emails, however, make it to our inbox much more often because attackers take more time to carefully create emails that look authentic. Hackers who send phishing emails are usually trying to accomplish one of three things:
- Getting you to click on a link to malicious websites
- Getting you to open a malicious attachment that contains malware, or
- Getting you to provide sensitive information, like your PIN and password
These are all methods that hackers can use to take control of your information, steal your identity, or gain access to your company’s networks, systems, applications and data. Falling for a phishing attack is handing over your keys to the safe.
What is Vishing?
Vishing is a telephonic fraud tactic that works similar to Phishing. The fraudster would contact you telephonically, pretending to be a bank representative or other authoritative person, who requires information such as your ID number, banking details and login credentials to your online banking profile, in order to solve a problem or prevent your account from being closed. Vishing is difficult to trace especially now that fraudsters can mask their numbers, leading a victim to believe that the call is from a legitimate source or by diverting their number to a legitimate number. Clients can protect themselves by always being vigilant and never sharing theirPIN, password, passcode, and transaction verification or card CVV number with anyone.
- Be conscious of the fact that fraudsters are masking their telephone numbers in order to manipulate a client into believing that the call is from their bank or authorized personnel.
- Be aware that fraudsters are diverting their telephone number to the banks fraud hotline and requesting clients to call back on their number to verify that it is the banks fraud department. DONOT call the number displayed on your phone screen and call the Absa Customer Care Contact Centre to report the suspicious activity.
- Be suspicious of any caller who asks for login information and passwords over the phone. Absa will not request your PIN, password, passcode, and transaction verification or card CVV number.
- Never share personal and confidential information with anyone over the phone.
- If you receive a phone call requesting confidential or personal information, do not respond and end the call immediately.
- If you receive an OTP on your phone without having transacted yourself, be alert that the fraudster has used your personal information to make purchases online. DONOT provide the OTP telephonically to anybody. Contact the bank immediately to report fraud.
- Be alert if you lose mobile connectivity under circumstances where you are usually connected, contact your service provider immediately to verify if you have been SIM swapped or number ported. Banks use your cellphone number to verify your identity and for you to verify high risk transactions. If you are a victim of SIM Swap or Number Porting Fraud, call our Absa Customer Service Contact Centre on +254 (20) 3900000 promptly to have your online banking service suspended.
SMiShing, or SMS Phishing, occurs when a fraudster sends a text message to an individual's cellphone in an attempt to get them to divulge personal or sensitive information. Similar to Phishing or Vishing, a SMiShing attack usually requires the victim to respond by clicking on the link provided, in order to either update their security, or to unlock their account. The SMiShing URL gets shortened using bit.ly URL in certain cases and are sent to multiple recipients using different cellphone numbers.
The SMiShing link requests the following information:
- Account number
- Full password and
- Cellphone number
Please do not click on these links and divulge any personal information.
If a fraudster has a false copy of your identity document, they can perform an illegitimate SIM swap with your cellphone service provider. The fraudster now has full use of your cellphone account and will receive messages intended for you. They will also receive the confidential banking notifications and approval SMSs that the bank sends to customers.
If they have already tricked you to give them your personal and account details, they can transfer money from your account without you knowing. If Absa becomes aware of a SIM swap, a temporary hold is placed on your account to allow you to authenticate yourself.
If the SIM swap was legitimate, you can wait out the 36 hours or authenticate yourself by calling our Contact Centre on +254 (20) 390000. Once you have been verified as the actual Absa customer, the hold will be lifted.
Watch out for this cellphone scam that enables fraudsters to port your number and gain access to your accounts.
Fraudsters port the victim’s number from one cellphone service provider to another. Some cellphone service providers send SMSs for the account holder to confirm that they are transferring to another service provider. When these confirmation messages are ignored, the porting goes through and the fraudsters have access to the victim’s cellphone messages, including the approval SMSs that the bank sends to customers.
If they have already tricked you into giving them your personal and account details, they can transfer money from your account without you knowing. Always keep your cellphone switched on and don’t ignore messages from your service provider.
Be aware and pay special attention to all messages received from your network service provider regarding Twin SIM functionality.
Do not switch off your phone. Take note of any logon notifications when you are not logging on to internet banking yourself.
Card skimming occurs while you are making a payment or withdrawal (at a restaurant, garage, ATM or retailer). The criminal either has direct access to your card (to process the payment) or the device is attached to the slot of the ATM. All Absa ATMs have Jitter technology that makes your card shudder slightly when you insert it into an ATM as an added safety feature.
This is in place so that if a card skimming device is present, it will only capture scrambled data. Card skimming devices are generally smaller than a deck of cards, and are hand-held (often fitting snugly into the palm of the hand); which is why people are not aware of what is happening until they are defrauded at a later stage.
What can you do to avoid being scammed?
Always keep an eye on your card when making a transaction; and scrutinise your bank statements to ensure that you spot and report irregular transactions that may occur on your account.
What should you do if your card is skimmed?
If your card has been skimmed, you need to contact your bank immediately and ensure that your card is blocked. This will ensure that the criminals can’t do any more transactions using your account details. The bank may ask you to:
- Change your PIN
- Cancel the card (and issue you a new one)
- Sign an affidavit or provide additional information (depending on the circumstances surrounding the skimming)
Will I be reimbursed?
Depending on your bank or the means used to remove the funds from your account, your bank may reimburse you. Each case is individually assessed and circumstances of the loss are considered to determine if any claims will be refunded.
If a 'fraudulent' transaction has taken place where your card is used together with your PIN, the transaction is usually identified as authentic, and you will not be reimbursed. Never keep your PIN number and card together; rather memorise your PIN.
If you receive an email with an offer that seems too good to refuse, it probably is a 419 scam.
We have all received those badly-spelled, lengthy emails that tell you in detail how you have won the lotto; or that they will give you large sums of money in return for helping them; all they need are your bank details or some cash. It may sound like an opportunity you can’t miss — but be wary of offers like these.
What is a 419 scam?
A 419 scam usually consists of a letter, email, SMS or fax that tells the intended victim that they will receive a large sum of money due to something like winning the lottery, a job offer, a joint venture or an inheritance. The sender then requests your bank account information so that they could transfer the money into your account, with the additional request that you send money to “help the transfer along”. Many people send thousands before they realise that they have been taken in by a scam.
What does a 419 scam look like?
If you receive an SMS or email, and you are not sure if it is a 419 scam, there are some markers that you can look out for:
- There are large amounts of money promised, usually in dollars or pounds, for your help.
- The letters are usually sent by someone claiming to be on a high level of authority (a prince, lawyer, bank official, doctor, or government official).
- There is often emotional bribery involved, with an illness or a death being mentioned as motivation to help.
- You will generally be asked to communicate by email.
- Authenticity is often boosted by the presence of attachments such as tax clearance certificates.
- They are generally full of grammar and spelling mistakes; and if they contain links to websites, these are generally also full of spelling mistakes and non-standard language (such as using all capital letters).
I have received a 419 scam email — what do I do with it?
Firstly, do not reply. These emails are sent out in bulk to a number of email addresses in the hope that someone falls for the scam. These should be deleted immediately.