What security measures exist to protect my data?

We are very conscious of protecting the security of its customers' information. We have taken several steps to ensure the confidentiality of your personal and account information.

A number of security features exist to ensure communication between the Bank and its customers is secure. These include:

• robust firewall technology to prevent unauthorised access to the Bank's systems;
• a security team that constantly monitors the system for suspicious activity;
• the generation of automatic alerts when abnormal activities occur;
• 128 bit data encryption to protect your password, account details and other sensitive information, including any messages sent via Secure Email, from being accessed by an unauthorised party;
• a short time-out limit that automatically logs you off and ends your session; and
• a choice of security tokens to provide a second level of authentication when logging on to Internet Banking.

We take every available viable security measure to provide a secure environment in which to perform your banking.

[ Back To Top ]

Do joint account holders, such as my spouse, have to sign up individually to access the service?

In order to prevent unauthorised access to your account(s), we require all customers to register individually and to be issued with a unique access ID and PIN. Under no circumstances should your PIN be disclosed to a third party.

[ Back To Top ]

What do I do if I forget my access ID and PIN?

The Internet Banking service allows customers three attempts to enter the correct access ID and PIN. If you do not succeed within three attempts, your account access is automatically blocked. If you forget your password or enter the password incorrectly three times and have your access revoked, phone Internet Banking Support Services on 1300 651 839.

Once a service consultant has confirmed your identity, a temporary PIN will be provided for you to access the service. You are then required to select your own unique PIN, which should be used for subsequent login to Internet Banking.

[ Back To Top ]

Can I allow other people to access my accounts via Internet Banking?

You may nominate a third party to be an authorised signatory on a bank account. Authorised Signatory access allows an authorised customer to operate and transact on your linked account(s) in the same way that you can.

Please remember that every individual customer will be issued with an access ID and PIN. Under no circumstances should your personal access ID and PIN be disclosed to a third party.

If you would like another person to have access to one or more of your accounts, phone Internet Banking Support Services on 1300 651 839 or visit your local branch.

[ Back To Top ]

Can I use the same password for Phone and Internet Banking?

The access ID you are issued can be used to access both Phone and Internet Banking services, however the passwords are different. Phone Banking uses only numeric characters, while Internet Banking uses alphanumeric characters.

[ Back To Top ]

What can I do to ensure the protection of my banking details?

Please ensure you abide by the following checks to ensure your banking details remain secure:

• Ensure your browser connects at 128 bit encryption.
• Never disclose your access details to a third party. Do not write them down or store them on your computer.
• Select a PIN that is difficult to guess and change it regularly. Do not use your date of birth or mother's maiden name, as these may be easily obtained from public sources.
• Never leave your computer unattended while logged on to Internet Banking.
• Check your transactions carefully before sending them.
• Always sign out when you have finished your Internet Banking session.
• Purchase and activate an Internet Banking security token.

Working remotely from home or the office involves a broad range of information security risks. In addition to the obvious threat of equipment theft, there are also significant risks to the information contained on portable equipment. It is necessary to use business centres with great care as confidential information or data can be input onto equipment that is not under your control.

When using a computer at an Internet cafe, a hotel, a motel (either in room or in a business centre/computing facility provided for the use of guests or others) or in a similar location, you should ensure you know if your computer and phone access details are recorded and take appropriate steps to maintain confidentiality of that information.

[ Back To Top ]

What should I do if I suspect a third party is accessing my account(s) without my permission?

If you suspect a third party is or has accessed one or more of your accounts, you should immediately phone Internet Banking Support Services on 1300 651 839. We will put an immediate stop on your account and investigate the situation. Following the investigation, you will be issued with a temporary PIN that will need to be changed when you next use the service.

[ Back To Top ]

Why does my Internet Banking session automatically time-out?

This security feature exists to reduce the chance of an unauthorised party gaining access to your personal information. If you leave your Internet Banking session idle for too long, your session will be terminated and you will be required to log on again.

[ Back To Top ]

I receive the message 'Root Certificate has expired.' Is my Internet Banking session still secure?

From 7 January 2003, browser support for VeriSign Australia issued Global server certificates is:

• Microsoft Internet Explorer 5.01 (build number 5.00.2920) or later; and
• Netscape Navigator and Communicator 4.6 or later.

If you are using an earlier browser, when logging on to Internet Banking you may encounter a dialog box indicating the root certificate has expired. You have the option of continuing and if you select to do so, you will still be provided with an encrypted session.

Although you can continue to use your current Internet browser with exactly the same level of security you have had in the past, we recommend you take the opportunity to upgrade to a later version to avoid the dialog box prompt each time you log on to Internet Banking.

[ Back To Top ]

What are security patches and do I need them on my computer?

Security patches are generally software updates issued by Internet browser and operating system manufacturers to correct a security weakness identified in their software.

We recommend you update your computer with the latest security patches applicable to your computer. Information about these can usually be obtained from your software manufacturer (eg. Microsoft), computer supplier, reputable computer retailer or consultant and your Internet Service Provider (ISP).

[ Back To Top ]

Internet cafes and other computers - are you at risk?

The use of computers at Internet cafes for Internet Banking has become increasingly popular, particularly for people travelling within Australia and overseas.

The use of these or any computer that is not your own can be an added risk, as you may not know what firewall protection it has or whether the computer contains malicious viruses or trojans.

Users should satisfy themselves as to the security of any computer they use for Internet Banking and if they are not convinced that they are protected, we warn against the use of such terminals.

[ Back To Top ]

Malicious attempts to access your account.

We would like to warn our Internet Banking customers that hoax emails have recently been sent to customers of other Australian banks. These emails are sent to random email addresses attempting to trick customers into revealing their account and Internet Banking logon details.

How does it work?

Hoax emails would appear to be from Rural Bank, asking you to click on a link to log on to Internet Banking and reactivate your logon or account details. It may ask you to provide your access ID, Personal Identification Number (PIN) or other financial details.

The link would redirect you to an imitation website that looks similar to the Rural Bank website. Any details provided on this site may then be collected and used without your knowledge.

How do I protect myself?

1. Never follow links to Rural Bank Internet Banking from an email you have received.
2. Always log on to Rural Bank Internet Banking by entering www.ruralbank.com.au in the address bar of your Internet browser, or by bookmarking our homepage or login page address in your Favourite list.
3. Rural Bank's authentic Logon page always features a small yellow padlock at the bottom right hand corner of your Internet browser and the address bar displays https://bank.ruralbank.com.au/banking/RBLIBanking/.
   The padlock symbol indicates that the page currently being viewed has additional security. You can double click on it to confirm that the certificate of authenticity has been issued to .bank.ruralbank.com.au.
   You should immediately be suspicious of any phone call, email or correspondence that asks you to disclose your banking details. An Rural Bank staff member or representative will never, for example, ask you for your PIN (although in some circumstances we might ask you to verify your access ID).

[ Back To Top ]

What is the purpose of data encryption?

Data encryption is used as a means of disguising messages sent from one computer to another computer to obscure its meaning. We employ the highest level of encryption available via Secure Socket Layer (SSL) encryption to protect your banking and transaction details.

Visible indicators that your are securely connected include:

1. The 'padlock' symbol usually displayed in the bottom left hand corner of your browser screen at and after logon (as displayed in the Microsoft Internet Explorer example below):

You can double click on it to confirm that the certificate of authenticity has been issued to .bank.ruralbank.com.au.

2. The Rural Bank Internet Banking address in the address bar of your Internet browser. This is displayed prefixed by https as shown in the following example:

Note: This address bar may not be visible once you have logged on however the padlock icon will remain displayed on all screens from logon until you log out of Internet Banking.

The Rural Bank homepage and general information screens are not data encrypted as they do not have any transactional or private information functionality. These screens are prefixed by http://www.ruralbank.com.au.

[ Back To Top ]

Where can I get up-to-date information about e-Fraud and the protection of information on my computer?

There are many reputable sources of information such as Internet sites that are updated regularly. These can be visited and bookmarked and include:

• reputable Australian computer magazines and computer retailers;
• Australian Securities and Investment Commission (ASIC);
• your Anti-Virus software manufacturer;
• your firewall software or hardware manufacturer; and
• your browser and/or your computer operating system manufacturer (eg. Microsoft).

Visit the ASIC website for more information on e-fraud.

[ Back To Top ]