• Security

    Where you are required to logon to use some of our online tools and services the following points will be applicable.

  • How do you keep my information secure on the internet?

    Our secure server site uses state-of-the-art SSL 128-bit encryption to prevent anyone from accessing your client information online. When you log on, you will be asked to provide us with your personal access details before you can view and access your accounts. When you enter this data, it will be automatically encrypted, so that no one else can read it.

    To make our online tools and services even more secure we automatically instruct most browsers not to cache personal information (i.e. store information in memory). Where the browser does not cache information, you may not be able to retrieve the last page you have visited by using the browser's back button. In some cases you may have to follow additional steps to refresh the page which you have seen. Using the online service navigation buttons (rather than the browser navigation buttons) avoids this.

    What can I do to be more secure?

    The best way to be secure on the Internet is to use a version of an Internet browser that offers the latest encryption technology, such as Internet Explorer and Mozilla Firefox.

    Whilst we take all reasonable steps to secure your access to our websites, you are strongly recommended to implement your own security measures such as a firewall, up to date anti-virus software, up to date anti-spyware software and to ensure that your personal computer has the latest security patches installed for your operating system.

    While we've taken extensive steps to ensure that our online tools and services are safe for all customers, there are a number of things you need to do to ensure that no one can access your details. You should try to incorporate these into your online habits, just as you would always keep your credit/debit cards and chequebook separate, or ensure that you don't leave credit card slips lying around.

    • Your password should only be known to yourself. Never disclose it to anyone, or write it down anywhere.
    • Check your client information regularly. If you spot a transaction you don't remember making - note down the exact details and report the incident to us immediately.
    • Check when using a computer that you share or use at work or in a public place.
    • Never leave your computer unattended while logged on. Always remember to shut down your online pension service and web browser, and where possible clear the cache - as your PC may store information.
    • Ensure you are not being overlooked when you use this service.
    • Don't leave account printouts lying around or in the wastepaper basket. If you do not need a printout, you should shred it or discard it in private. You should also always ensure that you collect account printouts from public or shared printers.
    • Always log on and off properly. When using a PC, particularly at work or in a public place, you should always ensure you follow the log on/off checks below.

    Logging out from the site

    You should always ensure that you click on the “log out” button when you have finished using the online services or tools. Although we have set up the system to do so automatically after 10 minutes of inactivity, someone else may still have time to tamper with your computer.

    Two-factor authentication

    What is two-factor authentication?

    Two factor authentication is a highly secure form of online access, similar in security terms to ‘chip and PIN’. It is based on the principle of combining ‘something you have’, for example your credit card or a grid card, and ‘something you know’, your PIN.

    Why have we introduced two factor authentication?

    Systems that employ single-factor authentication based on username and password are increasingly being attacked; these attacks can take the form of:

    • keystroke monitoring – records everything typed into a keyboard – including user names and passwords.
    • social engineering – for example targeting a Service Desk to ask for passwords to be reset.
    • phishing – setting up fake websites and contacting individuals asking them to enter their user name and password.
    • password cracking – applications that can run thousands of different password combinations in a short space of time.

    How does two-factor authentication work?

    The new system is simple and easy to use. The ‘something you have’ is your mobile phone or grid card, and the ‘something you know’ is your user name and password.

    Once you have registered as an online services user on the Phoenix Wealth website, you will be sent a random 6-digit number to your mobile phone each time you log in. This PIN needs to be entered before you can access online services. The PIN helps ensure it really is you – protecting you and your clients.

    Two-factor authentication using SMS text messaging or a grid card

    • provides a single solution for all of our customers.
    • is simple to use.
    • provides the level of security we believe is necessary.