DBS Bank takes every step to ensure security standards. It is the endeavor of the Bank to prevent unauthorized access to your information. The Bank does not contact you by Email, SMS or Phone calls seeking details on your account, your card or your Personal Identification Numbers.
If you receive any such request or feel suspicious about any Email, SMS or Phone call, do not respond. Please report all such incidents to our customer service line, or email us.
Distributed security measures
In addition, we continually assess new technology for protecting information. The result is a "distributed security" network, one that ensures protection throughout the banking process, on your computer, during the transmission of information, and in the bank's own computer systems.
Distributed security measures, rather than rely on one security measure uses many lines of defense to protect your account information, including encryption, firewalls, timed log off, virus protection, a secure login process and One Time Password (OTP). Whether you're registering for iBanking, transferring money or paying your bills, you can depend on your accounts and your account information being safe.
DBS Bank takes numerous steps to keep your accounts and personal information secure, but you also play a role in maintaining the security of your banking information.
DBS Bank uses Secured Socket Layer (SSL) encryption for customer online transactions, and each session uses a unique master key to encrypt messages. Encryption is a communications process that scrambles private information to prevent unauthorized access as information is being transmitted between your browser and DBS Bank. Once you sign off, the master key used for that session becomes useless, since it is only good for one session.
Before you are able to login to Internet Banking, you must be using an Internet browser that supports 128-bit encryption, the highest level of security available.
DBS Bank's computer system does not connect directly to the Internet, as every system that interacts with the Internet is at risk of attack from hackers. To protect our systems that interact with the Internet, we use firewall technology to prevent unauthorized access. A firewall is a system that blocks unauthorized interactive access from individuals or other networks.
Timed Log off
If you forget to log off or if your Internet Banking session is inactive for more than 10 minutes, DBS Bank does it for you by ending your current banking session. Once the account has been automatically terminated, no one will be able to access your secure information. You will need to log back in with your User ID and Password to access your Internet Banking Service.
Computer Virus Protection
We use sophisticated tools to detect and prevent computer viruses from entering the bank's computer network systems.
You authenticate your Internet Banking session by entering your unique User ID and Password, both of which are encrypted as they pass over the Internet and before they are stored on our system.
DBS Bank takes numerous steps to keep your accounts and personal information secure, but you also play a role in maintaining the security of your banking information. Here's what you can do:
Protect the confidentiality of your User ID and Password.
Before you can use the Service, you must obtain a User ID and Password. Our DBS Bank - iBanking permits you to set a User ID and Password of your choice.
The Password is case sensitive and must be 6 to 12 characters in length. It must contain both alpha and numeric characters. Your Password enables us to identify and authenticate your use of the Service. Because your Password will permit entry into the Service and allow transfers to be made from / to your accounts, you agree to keep your Password confidential.
Creating a good Password and keeping it a secret is essential to keeping your computer account secure. As you are responsible for what occurs with your User ID, it is strongly recommended that you follow these guidelines to prevent someone from obtaining your Password and abusing your account.
- Make your Password unique to you and change it regularly. You should never use a Password that would be easy for others who know you to guess, or one that a common Password cracking utility could find.
- Memorize your Password. Your online Password authenticates you when you begin an Online Banking session. You should memorize this Password and never write it down anywhere or reveal it to anyone.
- Change your Password regularly. It's important to change your Password regularly.
- Do not share your Password with anyone. Sharing your Password or PIN with another is the same as giving that individual authority to use your name in a transaction.
- Do not say your Password out loud.
If you forget your User ID, you can visit www.dbsbank.in and select "Retrieve your Internet Banking User ID" link.
If you forget your Password, you can visit www.dbsbank.in and select "Reset your Internet Banking Password"
Log off when you are not using Internet Banking.
We recommend Internet Banking users complete online transactions and log off before visiting other sites or turning off their PCs. We also suggest they do not visit other sites when logged on to the Internet Banking Service.
In addition, you may not always be at your own computer when you bank online. Therefore, it's important to sign off when you're finished banking. If you forget to do so, DBS Bank automatically signs you off after 10 minutes of inactivity.
Use a current version of your browser.
As mentioned above, we recommend you use the latest version of browsers :
Please be sure your browser complies with industry security standards, such as Secure Socket Layer (SSL). In addition, we recommend the following to maintain the security of your Internet Banking Service:
- Use your browser's built-in security features that browsers provide. Choosing certain security settings and options will help protect the privacy of your accounts and personal information.
- Always update your browser when new versions are released. They often include new security features.
- Check your browser for built in safety features that you may or may not elect to use.
Ensure your information is secure.
Sending sensitive information such as your social security number, account number, or other personal data over the Internet can be dangerous if you cannot validate the reputation of the company you are doing business with and communicate over a "secure" means of transmission. Before sending private information on the Internet, make sure you are using a "secured" connection.
When you sign in to iBanking from the DBS Bank web site, your user name and password are sent over the Internet from your computer to our server using Secure Socket Layer (SSL) technology. SSL encrypts your personal information before it leaves your computer, ensuring that no one else can read it.
Once you have signed in, you can check that your Internet Banking session is secure in two ways:
- Look for the small padlock icon usually located in the lower right hand corner of your Web browser window. A closed, or locked, padlock indicates a secure connection.
- Look for the letters "https://" at the beginning of the Web site address or URL in your Web browser. The "s" means secure.
In addition, we suggest you do not keep sensitive information on any of your hard drives, and keep financial data on a removable diskette in a secure location.
Do not give or disclose any part of your User ID and Password to anyone. Bank employees will request your User ID when accessing your account profile, but should never ask for your Password.
Do not have your account information, including your computer screen, out in an open area accessible by others.
Do not send your User ID and Password or account information over any public or general e-mail system.
Do not release any personal information on the phone, in the mail, or over the Internet unless you initiate the contact or are certain you know whom you're dealing with.
Contact us immediately if there are charges on your account you don't recognize.
Do not leave your computer unattended while you are connected to the Internet Banking Service.
Be sure to log off of the Internet Banking Service when you have completed your session. If you forget to log off and there has been no activity for 10 minutes, DBS Bank will automatically end the session. After your service has "timed-out," you will need to log back on with your User ID and Password.
Online Security Guidelines.
From time to time we at DBS Bank will provide information on security related news items that we feel you should be aware of. These security updates will be presented on this page.
A phishing attack is an online fraud technique which involves sending official-looking email messages with return addresses, links and branding that all appear to come from legitimate banks, retailers, credit card companies, etc. Such emails typically contain a hyperlink to a spoof website and mislead account holders to enter customer names and security details on the pretence that security details must be updated or changed. Once you give them your information it can be used on legitimate sites to take your money.
Vishing is an adaptation of phishing attacks that uses telephone or VoIP (Voice over IP tools). You may receive an email or SMS asking you to call a free phone number to confirm your details, or you may receive a phone call with a recorded message asking you to input your account details. Once you have done this, the attacker is free to use your personal information to attack your account.
To protect yourself use only the published official call centre numbers of your financial services company and be cautious in giving out your personal information over the telephone. Remember DBS Bank will never ask you for your password over the phone.
Advance Fee Fraud
You may already have heard of 'advance fee fraud', where emails offering large sums of money are sent to thousands of email addresses, but a modest 'fee' is required in order to cover legal fees, open an account or pay customs charges. Sometimes the money offered is as a result of a lottery for which you have never bought a ticket. Sometimes the money is held in an account overseas but the account owner cannot access it, they promise a percentage of the money in return for your help. In both cases various fees have to be paid.
Do not respond to these emails. They are part of a fraud and you will not receive any of the promised money.
Counterfeit Web sites
Online thieves often direct you to fraudulent Web sites via email and pop-up windows and try to collect your personal information. One way to detect a phony Web site is to consider how you arrived there. Generally, you may have been directed by a link in a fake email requesting your account information. However, if you type, or cut and paste, the URL into a new Web browser window and it does not take you to a legitimate Web site, or you get an error message, it was probably just a cover for a fake Web site.
Heartbleed Vulnerability Information
Date: 14 April 2014 Alert Level: Green Criticality: Low
Description: A vulnerability known as the Heartbleed bug as been discovered on OpenSSL implementations of SSL and TLS, which is used to encrypt communications between computers and web servers. This vulnerability allows attackers to obtain secret information such as credentials from web servers.
DBS iBanking does not use OpenSSL and is not vulnerable to Heartbleed. We have multiple layers of security in place to protect our customers such as 2FA for online banking transactions. Protect yourself and your iBanking account with the following key pointers.
*Use different usernames and passwords for your online banking accounts from other non-banking related accounts.
*Change your passwords regularly.
*Do not reveal your iBanking username, password or token PIN to anyone.
*Call us immediately at 1800 209 4555, if you notice unknown transactions appearing on your account.
*Always protect your computer by using an anti-virus software and keep it updated with the latest anti-virus signatures
From 30 November 2014, DBS iBanking will no longer be supported on selected web browsers.
Due to unsecure elements of older versions of selected web browsers, we will be discontinuing support for DBS iBanking on those browsers. Examples are IE6 and below.
We recommend that you download and install the latest version of popular web browsers to ensure optimal customer experience with DBS iBanking. If your browser is up to date, and you are unable to access DBS iBanking, please contact us.
"POODLE" Vulnerability Information
Date: 16 October 2014 Threat Type: Security Vulnerability Alert Level: Amber Criticality: Low
Description: A vulnerability known as “POODLE” has been discovered on the SSL3 (Secure Sockets Layer v3) used by old versions of web browsers such as Internet Explorer 6 on Microsoft XP. SSL is used to establish an encrypted link between a website and a web browser (such as Internet Explorer) to keep the customer’s credentials and transactions secure. With the “POODLE” vulnerability present on SSL3, an attacker may be able to take control of the customer’s SSL channel which will then allow him to steal secret information such as account details.
How can you protect yourself from this?
At DBS, we are committed to developing web applications that provide optimal customer experience with modern and latest browsers. DBS iBanking also have layered security controls such as 2FA and OTP that keep online banking transactions secure. For added security, we will also discontinue support for the now insecure SSL3 encryption protocol from 30 November 2014. This means that DBS iBanking including selected features on the DBS website will no longer be accessible by older version browsers such as Internet Explorer 6 on Windows XP.
- Customers are urged to visit the links below to download and install the latest version of popular web browsers:
- Change your passwords regularly.
- Keep your iBanking username or password private.
- Call us immediately at 1800 103 9897 (Resident Customers) or +91 44 6685 4555 (Non Resident Customer), if you notice unknown transactions appearing on your account.