Security Advisory

Electronic banking delivery channels ("e-banking") have made banking transactions simpler, faster and more convenient for everyone. With various channels such as the automated teller machine (ATM), mobile phone, and the internet, depositors can pay bills, transfer funds, inquire about account balance, or purchase mobile phone credits anytime, anywhere.

However, despite efforts by banks to ensure that e-banking transactions are safe and reliable, users must still be wary of deceptive methods and practices that may be committed using these channels. Some of these methods and practices aim to obtain your sensitive personal information for fraudulent purposes. Here are some tips that you can note in doing your e-banking transactions:

1. When selecting a Personal Identification Number (PIN), avoid numbers and letters that can be easily identified or associated with you. Do not use your initials, birth date, or telephone number.
2. Choose strong PINs and passwords.
   • Do not use a password that is easily guessed, like your telephone no., birth date, name of a family member, and other personal information.
   • Do not use sequential numbers (such as 12345) or the same digit more than twice (such as 12322) for your PIN.
   • Use a combination of lower & uppercase letters, numbers and special characters.
   • Do not recycle your PIN.
3. Memorize your PINs / Passwords. Do not write any of these or store it in mobile phone, computer hard disk or other insecure means.
4. Do not share your China Bank Savings Online Banking User ID, ATM Card No., PINs / Passwords. Do not share or disclose your PINs / Passwords to anyone.
5. Do not use the same China Bank Savings PINs / Passwords for other financial or non-financial web-based services, e.g. for Facebook, Gmail, online shopping and other online subscription services.
6. Change your PINs and Passwords on a regular basis or immediately if you suspect that it has been revealed.
7. If you have a hard time memorizing your PIN, try associating the numbers to words or events familiar to you.
8. Never give any information about your ATM card or PIN to anyone. For example, if you receive a call, supposedly from your bank or possibly the police wanting to verify your PIN, do not give that information. Notify the bank immediately.
9. Always log off when you leave your computer unattended, even for a short while.
10. Never leave your ATM card lying around the house or on your desk at work. No one should have access to the card but you. In case it is lost or stolen, notify your bank at once. You can either call the bank or, if you are enrolled in CBS Online, use the "Tag ATM Card as Lost/Stolen" option under "Requests".

1. Take note of your surroundings, particularly at night. Once you sense something or someone suspicious, do not use the machine at that time.
2. Make sure that no one, not even the next person waiting to use the machine - can see you enter your PIN at the ATM. Use your body or your hand to cover the ATM keyboard as you enter your PIN into the machine.
3. To keep your account information confidential, always take your receipts or transaction records issued by the ATM. Keeping ATM receipts can be helpful when confirming the data in your monthly statement. This is also a good way to guard against fraud and it makes record-keeping easier.
4. Wait till you get to an unexposed area before you count or visually display any money you received from the ATM. Thieves might be alerted at the sight of cash in your hand.
5. For drive-up ATM, make sure all passenger windows are rolled up and all doors are locked. If you leave your car and walk to the ATM, do not forget to lock the car and take your keys with you. Or do not leave your engine running.
6. When using the ATM at night, park close to the ATM in a well-lighted area. If possible, take another person with you. If the lights of the ATM are not working, don't use it.
7. If you are being followed by a car, drive straight to your nearest police station. If you're on foot, walk into the nearest place where people are gathered.
8. If you have concerns about the security at an ATM location, notify the bank.

Verify first with the officer of your branch of account if you receive emails or SMS ("text") messages that:

1. Ask you to enter or submit your bank account details or login information, or to visit a website to update your personal information;
2. Seem to come from a reputable source, such as your hardware, software, or internet service provider but is asking for your personal information or informing you of a prize you reportedly won
3. Contain attachments from an unfamiliar source; or,
4. Appear to come from the bank.

"Phishing" refers to fraud emails sent by syndicates to customers with the message that their CBS Online account is either locked or suspended or the system has been upgraded and customers have to unlock or reactivate their accounts by clicking on a link provided. Once customers click on the link, they are led to a site that asks them to input their user name and passwords which the syndicate then uses to make unauthorized transfer from the account.

To avoid being victimized by this modus operandi:

• Do NOT click on any link on these “phishing emails”. Most importantly, do not enter your username nor passwords on any of the link provided.
• China Bank Savings does NOT send any security advisory nor solicit details regarding online banking thru email and does NOT require the client to supply user name and passwords apart from transacting on the genuine CBS Online site.
• CBS Online does NOT require both login and transaction password simultaneously – the log in password is inputted first and the transaction password is required only when conducting financial transactions. “Phishing Sites” ask you to input both login and transaction passwords on the same page

If you receive similar "phishing email", kindly forward it to helpdesk.cbs@chinabank.ph or call our 24 Hour ATM Hotline at (632) 88847638, 88847878 and 88847622 from Monday to Sunday.

1. Always keep passwords secured. Do not divulge this to others or keep a copy where it may be easily lost or stolen. Be cautious of the people behind you when typing your passwords in a public or crowded place.
2. Disable the `Auto-Complete' feature in your browser so it will not remember passwords. Always click "No" when requested/prompted to remember your password on a specific computer as shown below:
3. Practice Safe Surfing Habits. Refrain from accessing your online account on a public or shared computer/internet connection to prevent information theft. (e.g. public computer, public/unsecured WIFI connection). Clear your browser's cache and history after each Online Banking session so that your account information is removed, especially if you are using a shared computer.
4. Check if you are accessing the legitimate CBS Online site.
5. Always log off properly. Log off your account when not in use and always make sure to close your browser. Set a screensaver password or lock your computer.
6. Monitor your account activities regularly. Check your balances and transaction history online. This will help you detect fraudulent transactions quickly, if there’s any. This will help you detect unauthorized transaction immediately.

For your other queries about e-banking security, please contact your branch of account or our 24 hour ATM Hotline at (632) 88847638, 88847878 and 88847622 from Monday to Sunday.

1. Browser Security
   • Do not use links to access China Bank site as this may lead you to a duplicate website that looks exactly like the banks' site. Always type http://www.cbs.com.ph into your browser address bar to ensure that you are on the legitimate China Bank Savings website.
   • Always sign-on to CBS Online from the China Bank Savings public web site. The URL or web address of the China Bank Savings public web site is http://www.cbs.com.ph
   • Ensure that the Bank's web site address changes from http:// to https:// and that a security icon that looks like a padlock or key appears at the bottom of the sign-on page.
   • Check that you are in a secured/protected environment by right-clicking on the respective web pages with the security icon that looks like a padlock or key and select "Properties". You would see the details of the encryption under "Connection" - for example: SSL3.0, RC4 with 128-bit encryption (High); RSA with 1024-bit exchange.
   • Disable the `Auto-Complete' feature in your browser so it will not remember passwords. Always click "No" when requested/prompted to remember your password on a specific computer, as shown below:
   
   • Always log off properly. Do not simply close your browser by clicking on the "X" button at the top right corner of the webpage.
   • Clear your browser's cache and history after each Online Banking session so that your account information is removed, especially if you are using a shared computer.
   • Avoid accessing e-Banking from public or shared computers such as those at internet cafés and libraries.
   • Always use the latest Browser version with the most recent Security/Critical updates or patches installed.
2. Email Security
   • Do not open email attachments from strangers.
   • Delete and block junk or chain mails
   • Do not provide your account information and PIN/Password on scam or spam emails or little known or suspect websites. Scam or spam emails are fraudulent, spoofing, impostor, or phishing e-mails that trick one into providing sensitive personal information either on-the-spot by replying to the e-mail or including links to a fake/look-alike website to mislead customers to enter and disclose personal data or login.
   • Contact China Bank Savings immediately if you suspect you've been sent a fraudulent email.
   • Always scan email attachments for viruses before opening them.
3. Safeguarding and protecting your PC
   • Install an industry-recommended firewall (especially if you use a broadband connection) to protect against hackers and to control the flow of information, e.g., sensitive information to and from your computer. Update security patches or newer versions of the firewall on a regular basis.
   • Install anti-virus software to minimize the likelihood of your computer getting infected and protect against virus attacks that can seriously affect your computer's performance.
     • Configure the anti-virus software to automatically update the virus definitions regularly and to notify you when new updates are available.
     • Configure the anti-virus software to scan all in-coming and out-going emails
     • Perform a complete scan of your computer at least once a week.
     • Update the software with security patches or newer versions as soon as you are notified that a download is available.
   • Install anti-spyware software as protection against spying or Trojan horse programs.
     • Do a full system scan to detect any ad/spy-ware on a regular basis.
     • Update your software regularly.
   • Do not install software or run programs of unknown origin.
   • Make regular backup of critical data.
   • Consider the use of encryption technology to protect highly sensitive data.
   • Update your operating system, e.g., Windows, regularly with the latest patches to fix bugs and security flaws in the software on your computer.
4. Other General Security tips
   • Disconnect from the Internet when not in use
   • Log in regularly to monitor your transactions. Check Bank Statements.
   • Only use trusted websites when downloading "free" software; downloads are a common source of "spyware" infections.

For your other queries about e-banking security, please contact your branch of account or our 24 hour ATM Hotline at (632) 88847638, 88847878 and 88847622 from Monday to Sunday.