In order to ensure online safety, it is recommended that this informational help page is periodically reviewed in order to remain abreast of any evolving security threats or changes in security procedures.
It is of utmost importance that login credentials are secured as these constitute the entry-points to BNP Paribas platforms. The following guidelines can assist in keeping your private information safe:
Many browsers contain auto-complete functionality. Whilst this saves time for the user, it also allows unauthorised individuals to log into your account if your computer remains unlocked and unattended. It is recommended that you disable your web browser’s auto-complete functionality.
Whatever the circumstances, never communicate your PIN/secret code to anyone (including support teams) and make sure nobody knows it.
Last but not least, if you lose or believe you could have lost your token, please contact Cortex Plus Client Service Desk as soon as possible so that we can disable your token.
Should you be issued with authentication tokens or one-time passwords sent to a mobile device, please ensure that these devices are kept secure at all times.
Do not communicate by phone or to an unknown email address the serial number written behind the token, even if claiming to be from a support team, unless yourself have contacted a relevant support team earlier for a PIN reset or card synchronization issue. In the later case, it is OK to communicate the serial number to Cortex Plus Client Service Desk for action.
In any case, do not paste or write anything on the SecurID token!
If you are away from your computer for an extended period of time, please ensure that you log out of all running applications. It is highly recommended that browser applications are closed fully after using any BNP Paribas platforms.
Anti-Virus software, anti-spyware software, and personal firewalls should be installed and continually kept active on your computer. Security patches and virus definitions should be periodically installed and updated in order to ensure that any bugs and security loopholes are closed.
Please keep your relationship manager updated with accurate details of your personal information.
Navigating to the Website should always be done through known hyperlinks. Please read the address bar / URL carefully and always ensure that it is correct.
Another method of verifying the authenticity of a Web Site is to check the digital certificate for websites that begin with “https”. Certification Authorities (such as Verisign or Geotrust) are trusted third party issuers of digital certificates which verify that the website URL is a genuine site of the company or business in question. Click on the padlock next to the URL to see details of the Certification Authority:
Do not conduct any transactions through public or shared computers.
Remain vigilant for suspicious emails and websites that attempt to use deceit in order to reveal sensitive information. BNP Paribas will never ask you for private information by email and will not send e-mails with embedded hyperlinks to transactional websites.
Also, please be aware that in some email applications such as Microsoft Outlook, a text hyperlink may be displayed but actually clicking on the hyperlink may direct you to another website. This is known as phishing. Phishing websites are designed to look identical to genuine websites. Additionally, some emails may contain image files that appear to look like text. Hovering over the image and clicking may lead you to a phishing website. Ensure that the guidelines for verifying BNP Paribas websites (above) are followed.
Should you suspect any unauthorised access or have any outstanding queries regarding Information Security, please promptly contact your relationship manager or support team.