How do you keep my information
secure on the internet?
Our secure
server site uses state-of-the-art SSL 128-bit encryption to prevent anyone from
accessing your client information online. When you log on, you will be asked to
provide us with your personal access details before you can view and access
your accounts. When you enter this data, it will be automatically encrypted, so
that no one else can read it.
To
make our online tools and services even more secure we automatically instruct
most browsers not to cache personal information (i.e. store information in memory).
Where the browser does not cache information, you may not be able to retrieve
the last page you have visited by using the browser's back button. In some
cases you may have to follow additional steps to refresh the page which you
have seen. Using the online service navigation buttons (rather than the browser
navigation buttons) avoids this.
What
can I do to be more secure?
The
best way to be secure on the Internet is to use a version of an Internet
browser that offers the latest encryption technology, such as Internet Explorer
and Mozilla Firefox.
Whilst
we take all reasonable steps to secure your access to our websites, you are
strongly recommended to implement your own security measures such as a
firewall, up to date anti-virus software, up to date anti-spyware software and
to ensure that your personal computer has the latest security patches installed
for your operating system.
While
we've taken extensive steps to ensure that our online tools and services are
safe for all customers, there are a number of things you need to do to ensure
that no one can access your details. You should try to incorporate these into
your online habits, just as you would always keep your credit/debit cards and
chequebook separate, or ensure that you don't leave credit card slips lying
around.
- Your password should only be known to yourself. Never disclose it to
anyone, or write it down anywhere.
- Check your client information regularly. If you spot a transaction you
don't remember making - note down the exact details and report the incident to
us immediately.
- Check
when using a computer that you share or use at work or in a public place.
- Never
leave your computer unattended while logged on. Always remember to shut down
your online pension service and web browser, and where possible clear the cache
- as your PC may store information.
- Ensure
you are not being overlooked when you use this service.
- Don't
leave account printouts lying around or in the wastepaper basket. If you do not
need a printout, you should shred it or discard it in private. You should also
always ensure that you collect account printouts from public or shared
printers.
- Always
log on and off properly. When using a PC, particularly at work or in a public
place, you should always ensure you follow the log on/off checks below.
Logging
out from the site
You
should always ensure that you click on the “log out” button when you have
finished using the online services or tools. Although we have set up the
system to do so automatically after 10 minutes of inactivity, someone else may
still have time to tamper with your computer.
Two-factor
authentication
What
is two-factor authentication?
Two
factor authentication is a highly secure form of online access, similar in
security terms to ‘chip and PIN’. It is based on the principle of combining
‘something you have’, for example your credit card or a grid card, and
‘something you know’, your PIN.
Why
have we introduced two factor authentication?
Systems
that employ single-factor authentication based on username and password are increasingly
being attacked; these attacks can take the form of:
- keystroke monitoring – records everything typed into a keyboard – including
user names and passwords.
- social engineering – for example targeting a Service Desk to ask for
passwords to be reset.
- phishing – setting up fake websites and contacting individuals asking them
to enter their user name and password.
- password cracking – applications that can run thousands of different
password combinations in a short space of time.
How
does two-factor authentication work?
The
new system is simple and easy to use. The ‘something you have’ is your mobile
phone or grid card, and the ‘something you know’ is your user name and
password.
Once
you have registered as an online services user on the Phoenix Wealth website,
you will be sent a random 6-digit number to your mobile phone each time you log
in. This PIN needs to be entered before you can access online services. The PIN
helps ensure it really is you – protecting you and your clients.
Two-factor
authentication using SMS text messaging or a grid card
- provides a single solution for all of our customers.
-
is simple to use.
-
provides the level of security we believe is necessary.