Online Banking Security Measures

Commercial Bank of Ceylon PLC has implemented multiple layers of security for Online banking and is continuously upgrading it, to protect you from online frauds.

Secure sessions

• You will see that our URL address begins with https: which confirms that you have logged on to a secured site
• Padlock () symbol available in the right hand corner resembles the security certificate issued by a reputed company
• Be cautious about the last visited date and time shown in Commercial Bank Online for your information

Encryption

Secure Sockets Layer-SSL encryption technology is used within your Online banking session to encrypt your personal information before it leaves your computer in order to ensure no one else can read it.

Session time out

If you are inactive for a certain period of time while logged in to Commercial Bank Online, system will automatically log you out, to avoid unauthorised activities.

Automatic lock out

• Your user ID will be disabled or blocked by the system due to number of invalid log in attempts
• Unique user ID and password is given for proper identification
• You are identified the user ID and the correct password keyed in by you. It is vital that you do not share your password with anyone
• As a customer you are playing a vital role, you are requested to be vigilant and exercise caution while you are online with the bank.

Please adhere to the following recommendations to reduce the chance of an unauthorized person accessing your account

Access Commercial Bank Online the correct way

• Ensure you are accessing the authentic Commercial Bank website by typing the correct website address (http://www.combank.lk) in to your browser
• Check for security indications
• Make sure that you are on the secure Commercial Bank Online website before you enter sensitive information by verifying that;
• The website address begins with https: rather than http:
• The padlock () symbol appears on the bottom right hand corner of the web page. If you double click on this symbol it should provide you with digital certificate information pertaining to Commercial Bank with whom you have entered in to a secure session

Safeguard your password

• Change the initial password issued to you by the bank immediately to something that is difficult for someone else to guess
• Create a strong password by adopting the following
• At least eight characters with a combination of letters, numbers, lower case, and upper case
• Easy for you to remember, but difficult for others to guess
• Unique and must not be used for accessing other online services as in e-mail or internet access
• Avoid using dictionary words or personal information as in your child’s name, pet’s name, your date of birth, etc.... when choosing a password, as these can be easily guessed by someone else
• Do not create passwords using a combination of consecutive numbers or letters such as 12345678, abcdefgh or adjacent letters on your keyboard such as zxcvbnm
• Never disclose your password to anyone including bank staff and do not record them anywhere. Change the password immediately if you believe your password has been compromised
• Change your password regularly to minimize the risk of having your password being compromised
• Disable your browser's Auto Complete feature that remembers the data including your online password that you input Refer to your browser's Help function for details. Also avoid the option Remember my Password

Use a secure login

• Avoid accessing Commercial Bank Online from shared computers or public computers as in internet cafés, free wireless access points etc....
• Never change sensitive details such as your password when using public computers
• Protect your computer
• Ensure that no one has unauthorized access to the computer you use to Commercial Bank Online
• Install a reliable anti virus product and ensure it is updated regularly
• Configure your computer to obtain the latest security patches for your operating system
• Use a personal firewall to perform real time detection of malicious programs and intrusions
• Do not install free software from the internet or from unreliable sources

Precautions for emails

Online identity fraud also known as Phishing occurs when fraudsters pose as trusted organisations and send out emails to thousands of random email addresses, tricking you into downloading a virus or logging on to a fraudulent web site and disclosing sensitive information. To protect yourself against such fraud.

Do not respond to e-mail from anyone that asks for your personal information such as password, credit card details, account number, etc....

If you receive such a request, refrain from replying and contact the bank immediately

When contacting the bank, only do so through the Message to Bank function that is available in Commercial Bank Online

Do not click on hyperlinks embedded in emails or third party websites to access the Commercial Bank Online website

Be cautious on the phone. It’s easy for someone to pretend to be someone they’re not on the phone. Whether it’s someone who wants personal information on a particular customer, or someone who claims they need to verify one of your personal accounts, don’t give out information over the phone unless you can positively confirm the caller’s identity

Limit access to your computers

Your computer network needs to be password protected, of course, so that anyone who wanders through your office can’t just access your network. But you also need to consider issues of internal network access. Does every employee need to be able to access programs or databases that may contain sensitive information? Password protect these, too, and grant access on a need to know basis to help cut down identity theft.

Disconnect ex employees immediately

When employees no longer work for your business, you need to be sure that their access to your computer network and company data is cut off immediately

Other safety measures

Always note the date and the time you last logged on to Commercial Bank Online. If you find any discrepancies, change your password immediately and report it to the bank

Check your account statements and the bank balance regularly and notify the bank immediately if you discover any errors or unauthorised transactions

Avoid navigating to other websites while performing Online banking transactions

Never leave your computer unattended when performing Online banking transactions

Clear your browser's cache and history after each session so that your account information is removed, particularly if you are using a shared computer