Online Banking security overview
- Security overview
- How do I change my browser settings?
- What do I do if I think someone is using my accounts?
- What technologies are used to protect my data?
- How to tell if your data is encrypted
- Verify you are connected to the legitimate Westpac website
- Can I use a shared computer to do Online Banking?
- Recommended software requirements
- Security Tips
- Cookies and why are we using them
- Important tips for Netscape users
There are three main areas of security involved in Online Banking:
- The Bank
- the Internet
- your computer.
To ensure your personal information is kept safe we have built a secure connection between our bank systems and the Internet. This connection is secured by what is called a firewall.
Our security team constantly monitors our systems for suspicious activity and automatic alerts are generated if any abnormal activities arise. We also subscribe to services that regularly report on any potential vulnerability so we can take action to ensure new security risks are not opened.
When your account information is transmitted over the Internet, it is protected from unauthorised access by a method called encryption. Encryption is a technique of coding the information being sent using random mathematical 'keys' so that only you and the bank's systems can readily unscramble the information. These keys are generated each time you sign into Online Banking and are destroyed when your session is terminated (when you sign out). There is also a random token generated when signing in that your browser must always return to be able to talk to our system.
Your account details are protected by your customer number and password. We encourage you to change your password frequently.
Protection of my personal information
Types of fraud
It's important to be aware of the various ways your privacy could be compromised. Identity thieves are coming up with new and creative ways to do this, so always be careful with your personal information and have the details of your financial institutions handy so you can contact them immediately if you suspect fraud.
In the past, hoax emails have been sent to some customers from other financial institutions requesting they supply their Online Banking sign in details. Westpac will never ask for your customer number or password via email for Online Banking. If you receive such an email, do not respond and delete it immediately.
Other hoax emails request you to sign in to Online Banking at a false website.
Westpac has implemented rigorous security mechanisms to ensure that your information and accounts are protected. The latest strong encryption technologies have been used to protect your data when being sent over the Internet, and the Westpac Online Banking site uses public/private certificates to generate the security keys for your individual session. By doing this you can verify you are connected to the Westpac web site.
Access to your account information is controlled using your customer number and password and it is therefore very important for you to protect your password. As information sent between your browser and the bank is encrypted, it makes it very difficult for anyone to get your password from the Internet. It would be easier for someone to obtain your password by guessing an easy password (e.g. your birth date), or by stealing your password (if you had written it down), or by watching you type in your password.
You should choose a password that cannot be associated with some of your known personal information. Never disclose your password to anyone (not even someone claiming to be from the bank), and don't write it down or store it on your computer. Most importantly, change your password regularly.
What should I do to ensure my privacy is protected?
Always sign out of Online Banking. You must sign out of Online Banking to close the active session. If you do not sign out, but merely close the browser window the Online Banking session will remain active on the hard drive (for 7 minutes)
Close your browser at the end of each Online Banking session
Change your browser settings so that the secure pages you access are not saved on the hard drive
Regularly change your password
How do I change my browser settings?
If you have Microsoft Internet Explorer 4, start by selecting View
If you have Microsoft Internet Explorer 5, start by selecting Tools
Then follow these steps for both versions:
- Select Internet Options
- Choose the tab labelled Advanced
- Tick the boxes stating Do not save encrypted pages to disk and Delete saved pages when browser is closed (version 4) or Empty Temporary Internet Files folder when browser is closed (version 5)
- Click on OK
Please note: Netscape 6.2 and 7.0 are set by default to not save secure information on the hard drive
What do I do if I think someone is using my accounts?
You will need to contact our Customer Service Representatives immediately. As a precaution, you should verify all transactions viewed in Online Banking against paper-based statements issued on accounts. If necessary, you can order up to date statements. This should assist you in spotting any suspicious transactions.
What technologies are used to protect my data?
The secure connection between your browser and the Westpac Online Banking system uses a technology called Secure Sockets Layer (SSL). This is a well-respected technology developed by Netscape, Microsoft and RSA Inc that is supported by most browsers.
In the changing world of technology, Westpac understands that while this technology is suitable for today, newer technologies may provide stronger security, better efficiency and greater convenience in the future. Hence we are constantly reviewing newer technologies as they mature and become available.
How to tell if your data is encrypted
Check for the SSL secure connection symbol
When you sign into Online Banking a secure session will be established between your computer and the bank. You will not be able to connect to the Online Banking sign in page unless your browser connects with full 128-bit SSL encryption. You can confirm your Online Banking session is encrypted by the appearance of a symbol at the foot of the browser.
The following table shows the various symbols that appear in different browsers when the data is being encrypted. This symbol should always be displayed when using Online Banking:
|Data encrypted symbol||Data NOT encrypted symbol|
|Internet Explorer||None shown|
Check the strength of the encryption
You can also view the security details in your browser to confirm you have connected using 128-bit encryption.
Verify you are connected to the legitimate Westpac website
It is important for you to be certain that your browser has connected to the real Westpac Online Banking site.
Every time you connect to Online Banking, the service sends your browser a piece of information called a "digital certificate". This certificate securely identifies the site you are connecting to, and is used to establish the encrypted session. You can view the contents of the certificate when you first connect or at any other time that you connect.
For Microsoft Internet Explorer 5.01 and above, the certificate details can be obtained by double-clicking on the displayed on the status bar.
For Netscape Navigator, click on the on the status bar and click the Page Info button.
This certificate has been "digitally signed" by Verisign, the most recognised issuer of digital certificates in the world. Most browser software is written to automatically recognise any certificate "signed" by Verisign.
Check the fields of the certificate. The Issuer field should contain a reference to Verisign. The Subject field should always show the organisation as Westpac Banking Corporation.
Each certificate also has a "digital fingerprint" which is essentially a string of numbers. Like any fingerprint, this fingerprint is unique, and you can verify the fingerprint displayed in the certificate, by contacting the Westpac Online Helpline.
If the fingerprint displayed in your browser does not match the fingerprint you have written down, you may have connected to an illegitimate site. Do not continue, and do not enter your customer number or password.
For security purposes, Westpac will change its certificate at regular intervals. Likewise, you should regularly verify that the fingerprint displayed in your browser matches the fingerprint obtained, by contacting the Westpac Online Helpline.
Can I use a shared computer to do Online Banking?
A public (or shared) computer is any computer used by someone other than you. For example computers at; Internet cafes, libraries, schools, universities, shopping centres, hotels, airports, pubs, youth hostels, your friend's house even your flatmate's or shared work computers.
A public computer may not be as safe as a private computer. This is because public computers have an increased risk of:
- Exposure to viruses
- Unauthorised software being used on the computer
- The maximum security options not being used on the computer
When using shared computers we recommend you follow these steps to help safeguard your privacy:
- Be conscious of your surroundings and ensure no-one is looking over your shoulder at what you are doing
- Sign out of Online Banking by clicking on the 'Sign-out' symbol
- Close the web browser by clicking on the 'X' symbol - usually located at the top right hand side of your screen
Change your password as soon as you can after using a shared computer. You can do this by;
- Changing your password when you next sign-in on a 'trusted' secure computer, such as the computer you'd normally use for Online Banking.
- Seek re-issuance of your password when you next visit a Westpac branch.
If you're not sure about the security level of the public computer you're using we recommend finding a more secure computer or use Telephone Banking (where available).
Recommended software requirements
To use our Online Banking and ensure the highest level of security, the following browser and platform versions are recommended as a minimum.
|Win95||Win98||WinNT (SP6a)||WinME||Win2000 (SP2)||Win XP|
* We recommend that you have the latest service pack for your operating system.
We have tested many browser settings and the above versions are suggested to optimise your Online Banking experience. Other browser versions may have been tested but are not recommended.
If you are not using a browser version listed above, you may wish to download the latest version by choosing one of the links below. Please note that it may take up to several hours to download this software.
What can I do to ensure my data remains secure?
The following is a summary of checks you can make to ensure your data remains secure, as detailed in this security FAQ.
- Check your browser connects using 128 bit encryption
- Verify the fingerprint of the sign in page you connect to
- Never disclose your password to anyone. Do not write it down or store it on your computer
- Select a password that is difficult to guess and change it regularly
- Check your transactions carefully
The importance of using a virus scanner
As new computer viruses are being detected all the time, we recommend that you should always use the latest available virus scanners on your computer. Specialised viruses could capture password keystrokes or other confidential information from your Internet sessions. To protect your computer against such viruses we recommend that you use a reputable virus scanner and that you regularly obtain anti-virus upgrades as they become available.
Cookies and why are we using them
What is a cookie?
A cookie is a message sent to your browser by a web server (in this case, Westpac's web server). Your browser stores the message in memory. This message is then sent back to the web server each time your browser requests a page.
Why are we using cookies?
We are using cookies in Westpac Online Banking as part of the identification process to ensure that a secure session is commenced each time you sign into the service. The Westpac web server will send a cookie to your browser each time you sign into Online Banking. This cookie will be used to determine that you are who you say you are and provide you with your confidential account information.
The myths about cookies
We are using cookies to offer increased security when accessing Online Banking. You should note that despite common myths about cookies, any cookie that we send to your PC cannot read your hard drive, obtain any information from your browser, command your computer to perform any action, be sent to any site other than Westpac or be retrieved by any site other than Westpac.
What are the main types of cookies?
- Session Cookies - this type of cookie only lasts as long as your browser session or until a request is received from the web server you are connecting to
- Persistent Cookies - this type of cookie is stored on your hard disk until it expires. The web server you are connecting to will set the expiry date
Westpac Online Banking uses session cookies, which will only be present whilst you are connected to Online Banking. The cookie will be sent from the Westpac web server when you sign into Online Banking and will last for 1 hour or until you sign out of Online Banking.
Important tips for Netscape users
Are you using Netscape Version 4.72 or below?
Netscape has advised that your browser has a vulnerability, which could allow secure data via an SSL connection to be intercepted.
Netscape suggest that you upgrade your browser to the latest version immediately.
What version of Netscape are you currently using?
To find out what browser version you are currently using, select the Help menu in your browser and then select the About option. Please note that this issue only effects customers using Netscape Navigator version 4.05 and below. If you are using Netscape Communicator 4.73 you will retain access to Internet Banking and you will not need to upgrade your browser.
Netscape Version 4.05
If you are using Netscape Version 4.05 and have not upgraded your browser since 31 December 1999 you will receive an additional Netscape security message box when attempting to access Online Banking. This will advise that your browser certificate has expired. After clicking continue you will be redirected to a warning page on the Westpac website. You will be able to sign in from this page however you will continue to receive the Netscape security message box every 2 minutes whilst in a secure site. Netscape suggest that you upgrade your browser immediately to avoid this issue.