How
do you keep my information secure on the internet?
Our
secure server site uses state-of-the-art SSL 128-bit encryption to prevent
anyone from accessing your client information online. When you log on, you will
be asked to provide us with your personal access details before you can view
and access your accounts. When you enter this data, it will be automatically
encrypted, so that no one else can read it.
To
make our online tools and services even more secure we automatically instruct
most browsers not to cache personal information (i.e. store information in
memory). Where the browser does not cache information, you may not be able to
retrieve the last page you have visited by using the browser's back button. In
some cases you may have to follow additional steps to refresh the page which
you have seen. Using the online service navigation buttons (rather than the
browser navigation buttons) avoids this.
What
can I do to be more secure?
The
best way to be secure on the Internet is to use a version of an Internet
browser that offers the latest encryption technology, such as Internet Explorer
and Mozilla Firefox.
Whilst
we take all reasonable steps to secure your access to our websites, you are
strongly recommended to implement your own security measures such as a
firewall, up to date anti-virus software, up to date anti-spyware software and
to ensure that your personal computer has the latest security patches installed
for your operating system.
While
we've taken extensive steps to ensure that our online tools and services are
safe for all Financial Advisers, there are a number of things you need to do to
ensure that no one can access your details. You should try to incorporate these
into your online habits, just as you would always keep your credit/debit cards
and chequebook separate, or ensure that you don't leave credit card slips lying
around.
- Your password
should only be known to yourself. Never disclose it to anyone, or write it down
anywhere.
- Check your
client information regularly. If you spot a transaction you don't remember
making - note down the exact details and report the incident to us immediately.
- Check
when using a computer that you share or use at work or in a public place.
- Never
leave your computer unattended while logged on. Always remember to shut down
your online pension service and web browser, and where possible clear the cache
- as your PC may store information.
- Ensure
you are not being overlooked when you use this service.
- Don't
leave account printouts lying around or in the wastepaper basket. If you do not
need a printout, you should shred it or discard it in private. You should also
always ensure that you collect account printouts from public or shared
printers.
- Always
log on and off properly. When using a PC, particularly at work or in a public
place, you should always ensure you follow the log on/off checks below.
Logging
out from the site
You
should always ensure that you click on the “log out” button when you have
finished using the online services or tools. Although we have set up the
system to do so automatically after 20 minutes of inactivity, someone else may
still have time to tamper with your computer.
Two-factor
authentication
What
is two-factor authentication?
Two
factor authentication is a highly secure form of online access, similar in
security terms to ‘chip and PIN’. It is based on the principle of combining
‘something you have’, for example your credit card or a grid card, and
‘something you know’, your PIN.
Why
have we introduced two factor authentication?
Systems
that employ single-factor authentication based on username and password are
increasingly being attacked; these attacks can take the form of:
- keystroke
monitoring – records everything typed into a keyboard – including user names
and passwords.
- social
engineering – for example targeting a Service Desk to ask for passwords to be
reset.
- phishing –
setting up fake websites and contacting individuals asking them to enter their
user name and password.
- password
cracking – applications that can run thousands of different password
combinations in a short space of time.
How
does two-factor authentication work?
The
new system is simple and easy to use. The ‘something you have’ is your mobile
phone or grid card, and the ‘something you know’ is your user name and
password.
Once
you have registered as an online services user on the Phoenix Wealth
website, you will be sent a random 6-digit number to your mobile phone each
time you log in. For self invested plans, you will receive a code via your App. This PIN needs to be entered before you can access online
services. The PIN helps ensure it really is you – protecting you and your
clients.
Two-factor
authentication using SMS text messaging, a grid card or app
- provides a
single solution for all of our customers.
- is simple to
use.
- provides the
level of security we believe is necessary.