Security

PSIS takes online security extremely seriously. We have systems in place, which meet international best practice security standards, to protect your information and transactions while you are using Internet Banking.

However, this is only part of the battle against online fraud, and you also need to take appropriate steps to safeguard your password and computer. We've outlined some of the main risks below and some steps to help you protect yourself.

 About our security

When you are using Internet Banking, you'll notice that the website address starts with https: instead of the usual http:. A padlock icon also appears, usually in the border at the bottom of your screen. This shows that you have established an encrypted session to your banking information.

Encryption means that information is translated into a code before being transmitted between you and PSIS, making it unreadable to anyone else.

PSIS Internet Banking uses 128-bit encryption, a very high level of encoding that is considered industry best practice for this type of site. If your browser is incapable of 128-bit encryption (some older browsers use earlier levels of encryption), the minimum level PSIS will accept is 56-bit encryption. While not as secure as 128-bit, 56-bit encryption still offers a degree of security. However PSIS recommends that you upgrade your browser to use 128-bit encryption.

In addition, there is a secure connection between PSIS systems and the Internet. This connection is protected by a firewall, which prevents access to our servers by unauthorised people, such as hackers. Our security team are constantly monitoring these layers of security for any signs of suspcious activity.

 What are the risks?

There are several ways criminals commonly try to fraudulently obtain your login details, and you need to be aware of these (and combinations of these) when you use the Internet.

Keylogging

This is where hardware or software, such as a trojan program, is installed on a particular computer to record all keystrokes entered via the keyboard. The keystrokes are then retrieved and the stolen login details used by criminals to access online services.

Keylogging is a risk associated with using the Internet on any computer without suitable or up-to-date anti-virus and anti-spyware software installed. Public computers, such as Internet cafes and libraries, have a bigger risk of keylogging as you can't be sure of the security measures in place or who else has had access to them.

Phishing

This is where users are tricked into revealing passwords and login details. Typically, customers are sent an email, supposedly from their bank or a company they transact with online, asking them to click on a link and confirm their login details. The link takes them to a fake page that looks like their bank's website, where their login details are captured and made available for criminals to use. Some emails are quite sophisticated and include logos that look legitimate. A good precaution is to never follow a link to the PSIS website from an email - always type the address in or bookmark the site.

Trojans and worms

Trojans (named after the famous horse that led to the fall of Troy), and worms are programs that can spread as attachments to seemingly innocent emails. Trojans are designed to 'harvest' or search the computer for personal details like logins and credit card numbers, and send these to a remote computer for later use by criminals. Overseas, worms have also been known to redirect users to a fake site when they type in a specific website address (URL).

Worms and trojans may also be hidden within other information downloaded from the Internet, such as music files, games and files received through instant messaging.

 Internet Banking security tips

PSIS will never request your Internet Banking login details from you. Contact your branch immediately if you receive an email that says it comes from PSIS and requests personal details from you.

• Use a SafeKey as an optional added security measure for your online banking.
• Don't access Internet Banking from libraries, Internet cafes or any other public computer where you can't be sure of the security.
• Choose a password that can't be easily guessed. Avoid birthdays, number sequences and passwords you use for other purposes. Change it regularly.
• Install security software on your computer (including anti-virus, personal firewall and anti-spyware programs) and keep it up to date. Run regular virus and spyware checks, and if you think your computer has been infected, have a trusted professional check for you.
• Use up-to-date versions of browser and operating system software. These are constantly being updated to improve their security, so make sure you benefit from these developments.
• Don't write your password down or tell anyone what it is, even if they say they are from PSIS.
• Don't store passwords, login details and credit card numbers anywhere on your computer. Some programs offer to 'remember' your password for future use - do not let your computer do this.
• Always access the PSIS website by typing www.psis.co.nz directly into the address bar of your browser. You can bookmark it in your favourites folder for convenience.
• Treat every unsolicited email with caution. Don't open attachments from unknown sources - delete them. Don't click on any link to the PSIS website.
• Log off each Internet Banking session by clicking "Exit", and always log off before leaving your computer unattended. You will however be automatically logged off after 10 minutes of inactivity.
• If you think someone may have obtained your password, log on to Internet Banking immediately and change your password. Notify your branch straight away.
• Normal email (such as Microsoft Outlook) is not secure and should not be used to communicate sensitive information.

 How secure is PSIS Internet Banking?

PSIS Internet Banking supports 128-bit encryption to ensure that your online transactions are transmitted in a highly secure environment. 128-bit encryption is the highest level of encryption security available and it is considered best practice to use this level of encoding. If your browser is incapable of 128-bit encryption the minimum encryption level PSIS will accept is 56-bit. While not as secure as 128-bit, 56-bit encryption is still a secure environment.

Encryption is a technique of coding information being transmitted so that it is unreadable to everyone but you and PSIS.

In addition, there is a secure connection between PSIS systems and the Internet. This connection is protected by a firewall, which regulates all information transmitted between PSIS and the Internet. It also prevents unauthorised access.

Internet e-mail however is not a secure facility and should not be used to communicate with PSIS about your accounts. Please note that PSIS will never request your login details from you via e-mail or telephone. We do not advise accessing PSIS Internet Banking from a cyber-café, as you cannot be sure of the security standards at such places.

 Why do I receive the certificate alert "The security certificate has expired or is not yet valid" when logging in to Internet Banking?

This alert appears on computers running Microsoft Windows 98 with any version of Internet Explorer 4 or Internet Explorer 5.0. Because these computers do not contain the new VeriSign Root CA Certificate used to sign the PSIS security certificate, the expiry alert is displayed. There are two resolutions for this problem:

There are two resolutions for this problem:

1. Upgrade to Internet Explorer 6 or later. Internet Explorer 6 is available as a free download from Microsoft's website. Internet Explorer 6 contains the new VeriSign Root CA Certificate.
2. Install the new certificate manually. Verisign have further information on their website regarding this problem.

 How can I tell if my information is encrypted?

You can confirm your PSIS Internet Banking session is encrypted by the appearance of a locked padlock symbol on the bottom status bar of your browser.

back to top