Security
1. Advice for your online security
Read this basic advice for your security
2. System security
At SabadellAtlántico we have incorporated the most advance security technology together with supplementary measures.
3. Security measures
Below you will find advice to hep you keep confidentiality and security when browsing the Internet and Distance Banking Services of Sabadell
5. Protections
The protection described below is supplementary and no single one replaces the others
6. Good practices
To prevent any possible problems arising from the vulnerabilities that are occasionally discovered in the software used, it is a good idea to visit the security pages of the manufacturers of the programmes that you use, in particular the navigator and the operating system itself.
7. Electronic Signature
Banco Sabadell has initiated the use of the electronic signature in its dispatches of e-mail
8. Digital Signature
The Banco Sabadell Digital Signature system meets the security requirements of the European Banking Association (EBA).
1. Advice for your online security
- On pages that you have accessed through an e-mail.
- On e-mails that you send. It is important that you do not do so even if requested by a Bank.
- If you have any doubts about the authenticity of the web page that you have entered.
- Apply and activate the automatization of the periodical security updates for the operating system and the applications of your equipment.
- Use an antivirus system incorporating Firewall and a Spyware system and keep them permanently activated.
- Use software, services and Internet sites that you trust.
- We recommend that you do not execute programmes that arrive by e-mail, even though their origin looks familiar, when you are not totally sure of their origin.
Take due precaution and beware of non-habitual or suspicious communications in which you are asked for confidential information, or informed of the account being blocked or a request for action on your part which may involve a transfer of funds. If you detect or suspect any possible electronic fraud or other anomaly, swiftly contact us on 963 085 000 and the Branch telephone service will keep in contact with you for queries and notifications during the time taken to resolve the incident. . In the event the bank detects any potentially fraudulent operations the Branch Telephone service will contact you to determine the legitimacy of the operation and decide the next steps to be taken, with the aim of assisting you and protecting you from illicit activity. With this goal in mind, the Bank will periodically update the BSOnline section on security (https://www.bancsabadell.com/seguridad), so as to warn you of any possible attempted fraud and scams which may be used.
2. System Security
At SabadellAtlántico we have incorporated the most advance security technology together with supplementary measures.
128 BIT SSL ENCRYPTION PROTOCOL. SECURE SERVER
This technology enables the data entered on the screen and which pass over the network to be encrypted using an algorithm with variable codes in each connection. These codes are an essential security component of a “secure server”.
Solbank Online is housed on a secure server and has 128 bit codes, using the latest certificate versions available, called extended validation certificates or SS LEV certificates. These certificates use additional security mechanisms which incorporate fraud prevention technologies, informing the use on the security level of the page visited. The latest versions of browsers, such as Internet Explorer 7 or higher, for example, or Firefox as from version 3 support these types of certificates, indicating the authenticity of the webpage visited, by shading the address bar in green.
In addition, next to the padlock, information of the Juridical Corporation which owns the webpage is shown (in our case Banco de Sabadell, S.A.) By pressing on this area additional details about the certificate used can be obtained.
If, on the other hand, the address bar appears red, do not trust the page as it may be a fraud.
If you use browser versions which do not support these functionalities, the address bar will not be shaded.
ACCESS CODE CONTROLS
- The access code you enter in SabadellAtlántico must pass a series of controls: reaching a maximum number of mistakes a day, or accumulated over several days, will automatically cancel the access code. In this case, you reactivate it you will need to request it in writing or in person at your SabadellAtlántico office.
- Those transactions that require enhanced security (transfers, stock market orders, etc.) will request a second code. This second code corresponds to one of the codes included on the BS Online codes card. Each codes card is different and personalised for each customer. Every transaction of this type will request a different code randomly.
Shorthly you will be able to use the Digital Signature, an innovative system that substitutes your current codes card which will cease to be operative. Once you have activated your Digital Signature, you will receive the codes for completing your online transactions (transfers, online purchases, etc.) in your own mobile and you will then be able to destroy your previous codes card.
- When you connect to BS Online, you are shown the date and time of your last connection. Check that this information is correct. This enables you to check that only you know your security codes and are therefore the only person accessing the service.
LIMIT ON THE AMOUNT OF OPERATIONS
For certain operations, the amount of same is limited (or the aggregate over a period of time is limited).
For certain operations, over a certain limit the branch is immediately notified and should any abnormality be detected, it carries out the appropriate security checks.
CONCLUSION
The three elements described above, message encryption, access code control and amount limits create a security level at which you may rest assured when operating via the BS Online system.
RECOMMENDATIONS
We have described the measures we have taken as regards our service, but there are also measures you should take with your PC, not so much to protect the communications with the bank, but to protect your system and the information it contains. Your PC is the only element for which the Bank cannot take responsibility; this responsibility is yours.
3.Security measures
Below you will find advice to hep you keep confidentiality and security when browsing the Internet and Distance Banking Services of Sabadell:
- Take care with e-mail messages from unknown sites those containing incoherent information.
- Never give your identifier and password or other personal details when requested to by SMS messages, faxes, e-mail messages or via a link provided in same which does not lead to a secure address (https:).
- Remember that your access code is personal and non-transferable. You are recommended to change it regularly to prevent access by third parties. Also, remember to memorise it and avoid noting it down.
- Ensure that you carefully store your keys card or your Digital Identification Card, preventing access to it by third parties. These cards are key to allowing you to conduct banking transactions. Also, ensure that you take full security and prevention measures with the mobile device where you have activated your Digital Signature. Protect access to it by using a password and ensure that you store it carefully.
- Prevent any viewing of your keys card by third parties and never make copies of the card. Equally, prevent strangers from accessing your mobile by protecting it by using a password or by using the screen block option. If you use a Digital Identification Card, remember to remove it from the reader when you have finished using it. Also, change your card’s PIN number regularly, remember to memorise it and avoid noting it down. .
- Use an antivirus and antispyware system, update it often, preferably automatically.
- Update your browser and operating system with the manufacturers’ security improvements and in accordance with their instructions.
- If you have a permanent connection(ADSL, cable or similar), it is advisable to install a personal firewall.
- Take additional precautions when using public or shared computers.
- If you detect or suspect any security issue, immediately contact the Bank.
- Security Policy
- Applicable law and jurisdiction
You can contact the bank for security reasons via different channel. If you use the electronic form, select the "Security" option as the reason for your communication.
- Do not trust e-mail messages which come from unknown sites or which contain incoherent information.
E-mail messages from unknown addresses are highly likely to contain computer viruses of malware, especially when the subject line we see before opening it contains incoherent information: it is written in an unusual language or not related to subjects usually discussed with the sender.
You should remember that even if the message sender is known, when the subject we see is inconsistent with the sender, the message could have been sent by a computer virus or malware, either from the sender’s own computer or from another infected computer which has their e-mail address stored.
Further information. - Never give your identifier and password or other personal details when requested to by SMS messages, faxes, e-mail messages or via a link provided in same which does not lead to a secure address (https:).
Banco Sabadell will never ask you for confidential or personal details such as codes, account numbers, card numbers, etc. via SMS messages, fax, e-mail or forms.
Banco Sabadell will only direct you to its portals via secure pages (https:), which show a closed padlock on the browser screen. If you double-click on its, you can see a digital certificate issued by a trusted company (Verisign) and see that the identity of the certificate belongs to Banco Sabadell (Organization = BANCO SABADELL).
When entering the Electronic Banking service, check that it correctly shows your name and surnames and the last date and time you connected .
Further information. - Remember that your access code is personal and non-transferable. You are recommended to change it regularly to prevent access by third parties. Remember to memorise it and avoid noting it down.
As an additional security measure, you must refrain from choosing a number associated with your personal details, or with any other code which may be easily predicted by third parties (date of birth, telephone nº, series of consecutive numbers, repetitions of the same digit, etc.). You must also refrain from noting down the codes or passwords on any physical medium and if so, together with supplementary identification elements (cards). - Ensure that you carefully store your keys card or your Digital Identification Card, preventing access to it by third parties. These cards are key to allowing you to conduct banking transactions. Also, ensure that you take full security and prevention measures with the mobile device where you have activated your Digital Signature. Protect access to it by using a password and ensure that you store it carefully
- Prevent any viewing of your keys card by third parties and never make copies of the card. Equally, prevent strangers from accessing your mobile by protecting it by using a password or by using the screen block option. If you use a Digital Identification Card, remember to remove it from the reader when you have finished using it. Also, change your card’s PIN number regularly, remember to memorise it and avoid noting it down. .
Check if the date and time of the last access shown on entering the Distance Banking services really coincides with the last time you used them.
Remember that if you are registered with a service which adds accounts from another bank, this service may periodically access the Distance Banking services you have set, showing the date and time of the last access via this method.
If you suspect that the date and time of the last access does not match your last session or access via the above service, immediately notify the Bank of this situation. - Use an antivirus and antispyware system, updating it often, preferably automatically
The proliferation of virus is increasingly common. Make sure you have a good antivirus system and, most importantly, make sure to keep its virus detection tables permanently updated. Just having an antivirus system may be of little use if it does not have the latest detection tables for the most recent viruses.
In addition, do not install software from unknown sources nor browse sites which do not appear trustworthy.
It is also advisable to have protection against Spyware. You can use an antivirus program which also protects you against Spyware or use a specific Spyware program.
Further information. - Update your browser and operating system with the manufacturers’ security improvements, in accordance with their instructions.
Periodically, improvements and new browser and operating system versions appear which offer greater security when browsing and using the Internet.
Read the manufacturer’s recommendations and update your browser and operating system in accordance with their instructions
Further information. - If you have a permanent connection (ADSL, cable or similar) it is advisable to install a personal firewall.
While your computer is connected to the Internet, it can communicate with any network user. To prevent any possible access to the information stored on your computer, you are recommend to install a personal firewall, especially when using a permanent connection (ADSL, cable or similar).Further information. - Take additional precautions when using public or shared computers.
Use public computers for queries which are not of a private nature. Remember you can be observed by others, even via electronic surveillance means. - If you detect or suspect a security issue, contact the Bank immediately.
You can contact the Bank via different channels. If you use the electronic form, select the "SECURITY" option as the reason for the communication. - Security Policy
Banco Sabadell Empresas has incorporated the most advanced security technology, together with a series of supplementary measures to ensure the confidentiality of transactions. For this purpose, the User must meet the following conditions:
In general: the User must have the devices and elements which are the "system requirements" referred to on the pages of the Portal and, for security reasons, the latest browser versions. The User is expressly warned that he/she must not leave the computer unattended when operating via the Portal.
Banco de Sabadell, S.A. reserves the right to adopt all the security standards and measures it considers appropriate to ensure proper use and confidentiality of the service. The User authorizes Banco de Sabadell, S.A. not to execute the requests or orders received when the identification is incorrect or there is reasonable doubt as to the identity of the person issuing them.
The User irrevocably authorises Banco de Sabadell, S.A. to record and file the communications and transactions performed via the Portal.
It is well known that a PC can be infected by a computer virus via diskettes or simply by browsing the Internet. The User must install a virus detector in their PC which runs every time the computer is started and the detector must be updated and backup copies made frequently of the files contained on the User’s computer. Banco de Sabadell, S.A. does not guarantee or control the absence of viruses or other service elements provided by third parties via the Portal (files; mails; electronic documents; etc.), nor can it guarantee or take any liability for any alterations or defects which may occur in the User’s computer system due to a computer virus or damaging element which has infected the computer or been transmitted by a third part via the Portal. The User must act prudently when visiting unknown websites, and take care when invited to download files and programs from the network. A virus is simply a program created to cause problems in the information stored or the PC itself. The User shall attempt not to store on their PC programs whose origin is unknown.
BS Online: Users who are also customers of the BS Online service must adopt the necessary measures to duly safeguard the personal identification elements of the service and to immediately use the service suspension or blocking systems provided for that purpose. They are recommended not to type or use these identification elements on computers in public places or locations where the communications or third party access to the codes may occur. Neither should they note down the secret number of access codes on any document or object which the User keeps or carries or together with cards of digital identification, and are expressly warned that if they choose or voluntarily modify the codes, it is inadvisable to choose a number associated with their personal details, as these can be easily predicted or guessed (date of birth, telephone nº or similar). - Applicable law and jurisdiction
These general conditions are governed by Spanish law, and the parties shall submit any dispute arising in relation with the Portal to the appropriate Courts of the domicile of Banco de Sabadell, S.A.
4. Preventions
Computer viruses and malware
Viruses and malware are small programs which install themselves on the computer without the user’s knowledge and for malicious purposes, such as destroying or stealing information or causing dysfunctions in the system or network it is connected to.
A virus, in addition to affecting the machine, propagates to other computers the original system is related with or connected to, using different ways which have evolved over time. Years ago, viruses propagated chiefly via diskettes. With the arrival of networks, the Internet and e-mail, viruses have found an ideal means of propagating although data media are still used.
New viruses appear on the Internet on a daily basis and not all are equally dangerous.
To avoid becoming infected, a series of precautions should be taken:
- Only browse known sites for which we have references and appear trustworthy, as certain viruses and malware are hidden in untrustworthy Internet pages.
- Do not use files or programs whose origin is unknown.
- Do not open e-mail messages of unknown origin.
- Be careful with e-mail messages from acquaintances which have a nonsense or unexpected subject line. Before opening these messages, contact the supposed sender and make sure that that person has really sent the message as it may be a virus-generated message.
- Have a recognised antivirus program and keep its virus detection tables permanently updated. It is not sufficient to have the latest version of the antivirus program. To be effective against the latest viruses, we must maintain the tables updated.
- Do not directly open attached files in e-mail messages. It is safer to save them first on the computer and open then outside the e-mail program.
Expert users should protect confidential information using coding programs.
Useful links on viruses
Below we provide some informative links:
Alerts
http://www.alerta-antivirus.es/
http://www.hispasec.com/
http://www.virusprot.com/
Manufacturers
http://www.trendmicro.es/
http://www.mcafee.com/ (ENGLISH)
http://www.pandasoftware.es/
http://www.symantec.com/ (ENGLISH)
http://www.avp-es.com/
http://www.norton.com/ (ENGLISH)
http://esp.sophos.com/
Links of interest with "Spyware"
http://lavasoft.de/spanish/default.shtml
http://microsoft.com/athome/security/spyware/software/default.mspx
http://ca.com/products/pestpatrol/
http://www.webroot.com/es/index.php
Links of interest with regard to the above
http://www.pgp.com/products/personal/index.html (ENGLISH)
http://www.pgpi.org/ (ENGLISH)
Attempt to steal access codes or other confidential information ("Phishing")
One of the frauds on the Internet consists of creating false pages and/or portals and falsifying the origin of e-mail messages.
These two techniques are combined to fraudulently capture access codes to third party services and applications or other confidential information such as account or card numbers (including the expiry date), so as to access the information or perform operations in your name.
The way access codes are stolen in this manner is to create an Internet address and page whose name is practically identical to the company or portal whose identity they wish to steal. The name differs from the original in just a few characters, often only one. At the fraudulent address pages have been created which are identical or highly similar to the true ones.
The victims of this type of fraud receive e-mails which supposedly come from the real company (in this case the e-mail address of the sender is identical), inviting the victim to go to the fraudulent pages on a false pretext, here they are asked for their identification, password or other access data. If this information is entered on these pages, it will have been stolen and can be used to access the real website and perform functions and operations which is possible using the stolen information.
Some variations on the above technique are to request the same information via SMS messages, fax or by telephone.
How can this be prevented?
Follow the above instructions and security notifications and information provided by Banco Sabadell . Contact the Bank if you have any doubts. You can contact us via different channels. If you use the electronic form, select the "SECURITY" option as the reasons for your communication.
Useful links on attempts to steal access codes and confidential information ("Phishing").
http://www.msn.es/security/phishing/
http://iblnews.com/noticias/06/129350.html
http://es.wikipedia.org/wiki/Phishing
http://www.consumer.gov/idtheft/ (ENGLISH)
5. Protections
The protection described below is supplementary and no single one replaces the others
Digital certificate
A digital certificate is a guarantee of the identity of a given sever and associated pages which offer a service in the electronic world (chiefly the Internet).
The digital certificate is issued by a trusted company (Certification Service Provider), such as Verisign or the FNMT (Fábrica Nacional de Moneda y Timbre), which after thoroughly identifying the applicant, assigns them a certificate by creating one.
The digital certificate contains the data on the address to be certified (e.g.: www.SabadellAtlantico.com), the identity of who operates at the said address, the expiry date of the certificate and other technical data. The digital certificate, in turn, is digitally signed by the Certification Service Provider.
The trust in a digital certificate therefore, in addition to the content of same, is due to the trust we have in the Certification Service Provider which has issued and signed it. Certification Service Providers publicly show the processes used to perform the certification: these are the Certification Practices and Policies. In this way, we can evaluate the trust to be placed in a given Certification Service Provider.
How can I validate the pages of an Internet service?
A digital certificate may appear in different situations. The most common is to check whether the pages of a given Internet service belong to their true owner or an impostor who has copied them. Thus, we can ensure that the personal and confidential information we send is received by the proper identity.
It is advisable never to provide confidential data to pages activated via a link contained in an e-mail. We recommend you always access our webpages via the Internet addresses given by the Bank.
Steps to check the pages of an Internet service (secure pages):
- Check that the address (url) of the pages starts with the prefix https and that your browser shows the locked padlock icon in the lower right of your window ( in Internet Explorer, in Netscape Navigator).
- Click on the padlock (double click in Internet Explorer and one click in Netscape Navigator) to see the digital certificate and check the identity of who is showing the pages which are going to collect your information:
- In Internet Explorer:
Check the address (URL), the issuer of the certificate and validity of same.
Then select the "Details" tab to check the identity of the party showing the pages displayed and where we enter our information.
In the upper window which appears, select the "Re:" field. We can now display the information in the lower window. For Banco Sabadell companies, the O field (Organization) must contain the information "BANCO SABADELL" and, as supplementary information, the L, S and C fields are Sabadell, Barcelona and ES respectively.
- In Internet Explorer:
- In Internet Explorer:
In Netscape Navigator:
Click on the "See" in the previous window.
This action causes a new window to appear with the information concerning the digital certificate:
Using the same address (URL) check the pages downloaded for the issuer of the certificate and validity of same.
For Banco Sabadell companies, the O (Organization) field must contain "BANCO SABADELL".
-
In other browsers:
The way of showing the certificate is similar in other browsers. Remember to check that the O field O (Organisation) shows the expected identity (in the case of Banco Sabadell companies, O = BANCO SABADELL).
Data encryption
In addition, when using secure pages (pages protected by a digital certificate), all the information transmitted between your browser and the server hosting the pages is transmitted in encrypted form, making it immune to interception by third parties.
To achieve maximum encryption protection for secure pages (necessary when using financial services or another type of confidential information), it is necessary to use a browser which provides strong encryptions (bits).
Certification Practices and Policies
Using the certification practices and policies, the Certification Service Providers show the public the mechanisms and steps (identity checks) used to issue the digital certificates on request. Thus, the party checking the certificate can trust the certificates issued by the provider.
In practice, as the policies and practices are long documents, one trusts a certification service provider according to the prior knowledge we have of them, , with Verisign as the most well-known worldwide for certifying pages of portals and servers.
Certification Policies (CP).
The policies indicate what the certification service providers do and the types of services and certificates they issue.
The link below shows the certification policies (CP) of Verisign, world leader in certification services
https://www.verisign.com/repository/vtnCp.html(ENGLISH).
Certification Practices (CPS).
The certification practices detail how the policies are ensured, i.e. what specific procedures and mechanisms are used to issue the digital certificates.
The link below shows the certification practices (CPS or Certification Practice Statements) of Verisign, world leader in certification services:
http://www.verisign.com/repository/CPS/ (ENGLISH)
Links of interest concerning digital certificates and Certification Service Providers
Verisign (ENGLISH)
ACE
Thawte (ENGLISH)
Camerfirma
Personal Firewall
A firewall is a program which blocks non-authorised access from the Internet to our computer and also uncontrolled access (caused by a new virus or malware) from our computer to the Internet.
Nowadays, we can find firewalls in separate programs or forming part of other security programs (such as an antivirus) or in the operating systems themselves (such as Windows XP).
It is called a personal firewall to distinguish it from a perimeter firewall which is generally used to protect an entire group of networked computers against a connection from an unknown network (generally the Internet or another, third party network).
BY using a personal firewall we can control the connections made with the Internet or with other networks and towards all the programs on our computer. When the firewall is installed, all the connections are prohibited and those generally used must be expressly authorised according to how we use our computer. When the firewall notifies us of an attempted connection which has not been expressly authorised, we must indicate if we wish to authorise it for our present purpose or if the connection is due to an external agent (attempted access via the Internet, virus or similar). The personal firewall is a program intended for users already familiar with the Internet.
It is also advisable to periodically update the version of our firewall, in accordance with the manufacturers’ recommendations.
Useful links about firewalls.
Below we provide several links for informative purposes:
http://www.symantec.com/region/mx/product/consumer/npf/
http://www.protegerse.com/outpost/
6. Good Practices
Security updates for the navigator and the operating system
To prevent any possible problems arising from the vulnerabilities that are occasionally discovered in the software used, it is a good idea to visit the security pages of the manufacturers of the programmes that you use, in particular the navigator and the operating system itself.
Navigator.
The navigator, as the main tool for Internet access, is the programme that it is most important to keep updated with the latest security recommendations.
Use strong encryption (128 bit encryption) for communications with secure pages (https).
Periodically visit the manufacturer’s Internet pages and update the programme following the security recommendations that appear there.
Links of interest concerning new versions and security updates for the navigator
In continuation, and merely for informative purposes, we indicate the following links:
http://windowsupdate.microsoft.com
http://www.microsoft.com/downloads/search.aspx?langid=18&displaylang=es
Operating system.
Some operating systems, such as Windows with its Windows Update function, have utilities for verifying the existence of operating system updates, including security updates.
Make use of these utilities or periodically visit the manufacturer’s operating system Internet pages and update the system according to the security recommendations that appear there.
Links of interest concerning security updating for the operating system
In continuation, and merely for informative purposes, we indicate the following links:
http://windowsupdate.microsoft.com
http://www.microsoft.com/spain/technet/seguridad/default.asp
http://www.microsoft.com/security/ (ENGLISH)
Use of strong encryption (128 bit encryption) in communications with secure pages
Strong encryption (implemented through the use of 128 bit encrypted codes) is achieved by means of the combined use of specific software in servers that have secure pages and the use of navigators with the capacity to work with encryption of this kind.
Because of its strength use is usually only authorised for servers where the pages belong to financial entities and other companies with similar security requirements. On the other hand use is unrestricted for the navigators.
To this end, the remote banking services of financial entities are usually capable of using strong encryption. The use of strong encryption for the communications carried out by these services will, then, depend on your navigator having strong encryption capacity.
Make sure that you use a version of your preferred navigator that has strong encryption capacity (128 bits). If it does not then update your navigator to a versions that will allow for strong encryption.
How to know whether a server allows strong encryption (128 bits)
A server that uses strong encryption will usually announce this on its pages, usually in a specific security section. If this is not the case you must have a navigator with strong encryption to verify the type of encryption that a determined server uses.
How to know if you are using communications with strong encryption (128 bits)
In order to know whether you are exchanging information by means of strong encryption you must first observe whether the padlock at the bottom right hand corner of the window of your navigator is closed. Once this has been done:
-
For Internet Explorer, by moving the mouse, place the courser over the padlock, leaving it there for an instant, until the length of the encrypted code appears. This should be 128 bits.
-
For Netscape Navigator, click once on the closed padlock. A window will then open that will indicate the type of encryption, which should be 128 bits (high grade encryption).
If you have a navigator that is enabled to use strong encryption you can also communicate in a secure manner with servers that do not have this characteristic. In this case it will automatically be used for communications of the type of encryption that is higher than that which is supported by the server and as the code length of the encryption will appear a value that is lower than 128 (normally 40 to 56 bits).
How to update your navigator so that it can use strong encryption (128 bit)
Go to the download and update pages of the manufacturer of your favourite navigator and search for the 128 bit versions or updates for your navigator. Remember that you will only be able to communicate with those servers that have this characteristic.
Links of interest concerning 128 bit encryption
In continuation, and merely for informative purposes, we indicate the following links:
http://www.microsoft.com/windows/ie_intl/es/download/128bit/intro.asp
http://www.aola.com/netscape/download/
Backup copies
In order to be able to recover the information available in the computer prior to the appearance of a problem, you should make backup copies and keep them up to date.
An important aspect for being able to achieve the recuperation of backup copies is where you keep them. The copies must be kept apart from the equipment that contains the original data so that, in the case of an incident, the copies are not also lost. This is particularly important in the case of a laptop computer, a situation where it is recommended that you avoid keeping the backup copies in the same bag or case as the laptop.
Backup copies can be made on mediums known as "removables", which can be extracted from the computer which contains the original data. These removable mediums may be floppies, recordable CD’s or DVD’s, tape units, ZIP units, USB (Universal Serial Bus) such as external disks, persistent memories, etc.
Links of interest concerning backup copies
In continuation, and merely for informative purposes, we indicate the following links:
http://www.conozcasuhardware.com/quees/almacen4.htm#backups
http://www.iomega-europe.com/eu/en/products/products_en.aspx (ENGLISH)
http://www.pricingcentral.com/best/backup_utility_software.html (ENGLISH)
7. Electronic Signature
Banco Sabadell has initiated the use of the electronic signature in its dispatches of e-mail
The electronic signature of the e-mails guarantees the identification of the issuer, who has received the validation of his e-mail address by means of the Verisign,
electronic signature, the digital certification authority with worldwide recognition, and which at the same time technically guarantees that the content of the message has not been altered on route by a third party.
Additionally, for greater ease and better identification of the issuer, every e-mail message issued includes at the foot a random image which is associated to the receiver, with a number which increases with every dispatch and which helps to quickly identify the origin of the message.
The image is always the same for a specific issuer and receiver, but the number increases with each dispatch.
Example of an e-mail signed electronically
The following gives an example of how to distinguish an e-mail signed electronically in «incoming mail». The e-mail is shown with an icon that differentiates it as an electronically signed e-mail:
In the Microsoft Outlook e-mail programme:
- When opening the « incoming mail », we can observe a different icon for messages signed electronically:
- On "double-clicking" on the message, we can also see that the message on the right has an icon corresponding to the electronic signature:
In the Thunderbird e-mail programme:
- On selecting the message, we observe that it shows a different icon on the right that indicates that the message has been signed electronically:
If we double click on the icon located on the right hand side of the message, in both mail systems we will obtain information on the electronic signature and on the certificate issued by Verisign:
In the Microsoft Outlook e-mail programme:
Aparecerá la siguiente ventana:
Pulsando el botón para obtener más detalles, nos aparecerá la ventana siguiente, en la que pulsando el botón para ver el certificado, podremos obtener los detalles del mismo en una nueva ventana:
Donde finalmente, después de pulsar sobre la pestaña «Detalles» y sobre la línea «Asunto», podremos observar todos los detalles correspondientes al certificado obtenido de Verisign, acreditando así la autenticidad del emisor (dirección emisora del correo electrónico, conteniendo el sufijo «@bancsabadell.com», y el resto de información del emisor y de Verisign).
En el programa de correo Thunderbird:
Aparecerá la ventana siguiente:
Indica que el mensaje está firmado electrónicamente, con una firma válida, quién lo ha firmado (dirección emisora del correo electrónico, conteniendo el sufijo «@bancsabadell.com») y el resto de información del certificador Verisign.
Si pulsamos el botón para ver el certificado de la firma electrónica, podremos ver sus detalles en una nueva ventana.
Donde, finalmente, después de pulsar en la pestaña "Detalles" y sobre la línea «Asunto», podremos observar todos los detalles correspondientes al certificado obtenido de Verisign, acreditando la autenticidad del emisor (dirección emisora del correo electrónico, conteniendo el sufijo «@bancsabadell.com», y el resto de información del emisor y de Verisign).
En otros programas de correo:
En otros programas de correo, la forma de reconocer la autenticidad de los mensajes firmados electrónicamente es similar.
La mayoría de los sistemas de correo que no necesitan de un programa de correo para ser accedidos, sino que se acceden con un navegador web (sistemas de correo del tipo «webmail»), no disponen de las facilidades anteriores para reconocer los correos firmados. En este tipo de sistemas de correo podemos ayudarnos de la medida adicional que se explica a continuación para validar mejor al emisor de un correo, aunque este mecanismo para reconocer al emisor del correo electrónico no es tan seguro como el anterior
Medida adicional de confianza:
Como medida adicional de confianza, para facilitar el reconocimiento de los mensajes firmados electrónicamente por las sociedades del grupo, al pie del mensaje firmado encontraremos una imagen, escogida aleatoriamente en función de la dirección del destinatario, de forma que cada destinatario recibe una imagen diferente, que siempre será la misma mientras no cambie su dirección de correo electrónico de destino. Sobre esta imagen aparece un número secuencial, que se incrementará con cada envío que se reciba en la misma dirección de destino.
De esta forma, un destinatario siempre recibirá la misma imagen añadida al pie del mensaje firmado y, sobrepuesto, un número que se incrementará en cada envío.
Al lado de la imagen y el número secuencial figuran los datos correspondientes al certificado digital emitido por Verisign que se ha utilizado para firmar electrónicamente el mensaje.
Ejemplo de pie de mensaje:
8. DIGITAL SIGNATURE
The Banco Sabadell Digital Signature system meets the security requirements of the European Banking Association (EBA).
Non-replicability
In order to avoid copies or theft, each code generated by the Digital Signature is unique, random and has a limited duration.
Non-reusability
Unlike other physical media such as the coordinates card, the codes generated with the Digital Signature are random, so they cannot be reused for different operations, resulting in greater security.
Additional authentication factor
In order to further increase the protection of your transactions, we recommend you protect access to your mobile device using a password.