eBanking security

We are committed to offering you a secure and private online banking experience, protecting your information and providing a safe environment in which to conduct transactions. This requires a diligent approach to enforcing our security measures, as well as a constant evolution in our protection strategies in response to technological change and emerging threats. In this ever-changing environment, we work in partnership with you to protect your online activities.

What we’re doing to protect you

Our IT professionals work constantly to stay ahead of online threats, taking advantage of the most advanced technologies and established procedures to protect your data and financial assets. In addition, we offer a number of layers of protection:

  • Privacy

    Your personal and financial information are safely stored and all communications with the e-Banking platform are encrypted using SSL 128 bit state-of-the-art algorithms. This ensures the confidentiality of your data from EFG systems to your browser. We also offer the SecureMail service, allowing you to exchange securely emails and documents with your Client Relationship Officer (CRO).

  • Digital Certificates

    The EFG e-Banking website uses extended validity (EV) certificates to prove its identity to visitors. Such certificates require extensive verification, and provide the highest level of confidence about the authenticity of a website.

    How to check a certificate

  • Identity verification

    For added safety, EFG e-Banking requires two levels of authentication to provide access to your e-Banking account and to confirm your transactions:

    • Your traditional username/password credentials.
    • An electronically generated one-time password. This will prevent unauthorized access in the event that your username/password are disclosed.
  • Account lock out and session time out

    To protect your account from password guessing, an account will be locked out if an incorrect password (or token code) is entered four times consecutively. You will then have to contact your CRO to reactivate it. In addition, you will be automatically disconnected from your e-Banking session after 20 minutes of inactivity, to prevent anyone else from accessing your account in case you leave your computer unattended.

What you can do to protect yourself

There are a number of things you can do to protect your data and improve your online banking experience:

  • Website identity

    Most of us have received an email purporting to be from a financial institution, exhorting us to click on a link to log-in to your online banking account, reset your password, and so on. It is usually pretty clear that these are phony. However, bogus websites can be more difficult to spot, as they often look exactly like their legitimate counterparts. You can make sure of website authenticity by looking at the address, and by checking the certificate. The real web address, in fact, is not necessarily the one shown in the hyperlink which could redirect you to a website that has nothing to do with the real e-Banking site. For this reason, you should never follow any link to access your e-Banking and you should manually enter the address https://ebanking.efginternational.com in your browser, or save it in your bookmark.

    Once you have entered the right address, it is also critical to verify the certificate. A valid certificate will in fact show you the real entity associated with the web site you are connected to, and it will ensure that only that entity will be able to decrypt the exchanged information. There may be some differences in how browsers show that a certificate is valid (a closed padlock, address highlighted in green, etc.). The pictures below show how EFG e-Banking certificate information is displayed in some widely used browsers.

  • Antivirus

    Malicious software can infect your computer in many ways. Viruses can be in email attachments or USB sticks; they can hide themselves in valid programs; or you can simply get infected by opening a web page within your browser. In most cases, antivirus software can provide protection; however, it is critical to keep it up to date with the latest virus definitions. Computer viruses are created on a daily basis, and the most dangerous attacks often draw on the most recent developments. Make sure your antivirus software is active and configured for automatic updates. In addition to 'real-time' protection, it should also be configured to perform a full scan of your computer on a regular basis.

  • Anti-Spyware

    Spyware is a type of program that records information about your online behavior, often to generate market research data but also sometimes to obtain personal information, passwords, credit card numbers and so on. In most cases they are downloaded and installed as part of a legitimate program without the user's knowledge. As spyware behaves in a different way from viruses, many antivirus tools are not effective in detecting them. It is therefore a good idea to install specific anti-spyware software.

  • Suspicious emails and attachments

    E-mails are a common method of carrying out scams or propagating viruses. You should always exercise care when opening a suspicious email and, should you have any doubt about the legitimacy of the message, avoid clicking on any link or downloading any attachment. Note that you should also be cautious when receiving an email from a person that you know, as it is very easy to forge the sender of an address in an email. Common sense is often the best means to spot a fraudulent message in those cases.

  • Patches and security updates

    While viruses are intentionally developed for malicious activities, software vulnerabilities and bugs are defects involuntarily left by developers in an application or an operating system. Just like viruses, vulnerabilities might open doors for ill-intentioned people interested in your data. And just like viruses, new vulnerabilities are being discovered every day. This is why it is critical that you keep your operating system and your applications up to date by installing the latest patches and security updates. Many systems and applications offer an automatic updates feature and it is generally advisable to enable it.

  • Account privileges

    Most of the day-to-day activities performed on a computer (surfing, running programs or applications, and so on) do not require administrative privileges and can be safely carried out with a 'standard' account with limited privileges. Moreover, the impact of a virus or malware is generally much higher if executed by an administrative account and it would affect all the users on the system. For this reason, you should always try use a standard account and only log in as administrator when it is necessary (for example to install a new program).

  • Secure wireless networks

    Wireless networks offer a great opportunity for anybody in your neighborhood to enter your network and potentially eavesdrop on your communications or access the data in your computer. In addition, any activity performed by a device connected to your wireless network would appear to be done by you - and in many countries you may be held legally responsible for it. Securing your wireless connection is imperative, and you should never assume that your neighborhoods are safe as some directional antennas are able to intercept your WIFI signal from miles away. You should never use an 'open' access point and never use weak authentication/encryption such as WEP which can be easily broken in a few minutes. You should use more robust algorithm, such as WPA2, with a very complex access code. Please refer to the vendor of your wireless equipment for instructions on how to enable WPA2.

  • Secure session and log out

    Internet browsers often store data concerning your session. To minimise this to potential unauthorised access, you should start a new browser window for any e-Banking session and close all other web pages while you are connected to your account. You should also avoid accessing your account from public places like internet cafes or kiosks, as you will lack control about what information is retained and where. To correctly terminate your session you should not simply close the browser. Instead, you should use the 'log out' button, and possibly clear the cache of your browser.

    How to clear the web browser's cache

    Probably the most important advice of all is to exercise care and common sense. Online banking is not so different from any other financial activity, where a sense of caution should protect you against threats.

    There are many sites on the internet giving technical or practical information in relation to areas such as what antivirus to use; how to apply security updates; or how to remember a complex password. Many useful information can be found, for example, on the following web sites:

What should I be aware of when using Biometric Authentication service?

For security reasons, do not use jailbroken or rooted mobile devices.

Upon the successful registration of the “Biometric Authentication” service on your mobile devices, any fingerprint or Face ID that being stored on your mobile device can be used for the purpose of the “Biometric Authentication” service. You must ensure that only your fingerprint or Face ID is stored on your mobile devices, and ensure the security of the security codes as well as the passwords or codes that you can use to store your fingerprint or Face ID and register the “Biometric Authentication” service on your mobile devices.

You can cancel the “Biometric Authentication” service by disabling the option of Biometric Authentication Login via "Setting" after logging in Mobile Banking. Please note that after you cancel the “Biometric Authentication” service, your fingerprint or Face ID will be continuously stored on your designated mobile devices. You may consider cancelling the data at your own decision.

If your fingerprint or Face ID record of your designated mobile devices has been changed, you are required to input your original pin code for the next login. Once successful, you can continue to use the “Biometric Authentication” service.

You must not use “Biometric Authentication” if you have reasonable belief that other people may share identical or very similar biometric credentials of you. For instance, you must not use facial recognition for authentication purpose if you have identical twin or triplet siblings.

You must not use “Biometric Authentication” if the relevant biometric credentials of you are or will be undergoing rapid development or change.

Cyber criminals take advantage of coronavirus fears

As worries about the coronavirus mount, cybercriminals are racing to capitalise with online scams, attempting to gain access to personal data and computer systems. They are using calls, text messages and e-mails to trick users into parting with confidential information.

To complicate matters, a large number of legitimate coronavirus-related e-mails are circulating right now, making it easier for malicious content to pass undetected. Criminals are taking advantage of our need for information, knowing we are more likely to overlook things we would notice in calmer times. Now is a time for extreme vigilance.


How to avoid getting scammed

  • Think before you click. The best thing users can do to protect themselves is simply to slow down. If something doesn’t seem right about an e-mail, just delete it, preferably before you open it.
  • Examine the link. Before you click on a link, try hovering your mouse over it. This will reveal the full address, which can expose signs of fraud. Misspellings in URLs are another good tip-off to a fake website.
  • Don’t assume that a website is legitimate just because its URL starts with “https.” Criminals like to use encryption, too.
  • Don’t open suspicious attachments. They may contain malware. And you should never type confidential information into a form attached to an e-mail. The sender may be able to track the information you enter.
  • Guard your financial information. Be wary of e-mails asking for account numbers, credit card details, wire transfers, and failed transactions. There’s no reason to share such information via message or an unsecure site.
  • Turn on auto updates. This goes for your computer, smartphone, and tablets. Up-to-date antivirus software goes a long way toward stopping malware.
  • If you receive any suspicious communication that claims to originate from EFG, notify us immediately. Outside to the standard authentication process when you contact our service desk, EFG will never ask you to disclose credentials or personal information in either e-mail or telephone conversations.