Security of Information

Account security and client confidentiality are of the utmost importance to us. We use the latest technology to ensure that only you can access your account in-branch. For your safety, we've prepared some info which we encourage you to read to help us keep your funds and personal information secure.

If you notice any suspicious transactions on your account or suspect that you may have been a victim of fraud, please contact our Client Care Centre immediately on 0860 10 20 43 to report the matter.

General Banking Safety Tips

ATM Safety

• Avoid using the ATM if there are any suspicious-looking individuals loitering or if the area is dimly lit
• Have your card ready in your hand before you approach the ATM
• Don't use the ATM if you notice anything unusual indicating it may have been altered or tampered with
• Be especially cautious when strangers offer to help you at an ATM, even if you're experiencing difficulty with the transaction. Don't allow yourself to be distracted while you're at the ATM and don't accept help from a stranger
• Don't let anyone see you enter your PIN. Cover the keypad with your hand when entering your PIN
• Never disclose your PIN to anybody, not even to the bank or the police
• If you feel the ATM is not working normally, press the 'Cancel' key, withdraw your card and proceed to another ATM
• If your card gets jammed, retained or lost, or if a stranger interferes with you at an ATM, report this immediately to the bank and/or the police using the helpline displayed on the ATM
• Take your time to complete your transaction, and secure your card and cash in your wallet, handbag or pocket before leaving the ATM

Personal Identification Number (PIN)

• Your PIN is your personal key to secure banking. Ensure that you keep it that way and don't share it with anyone
• Memorise your PIN and never write it down
• Don't use an obvious PIN or one that is easy to guess, such as your date of birth
• Change your PIN often. This makes it difficult for others to guess your PIN or use it to access your account should they see you entering it at an ATM
• Keep both your card and PIN safe – don't let anyone stand too close to you
• Cover the keypad with your hand when entering your PIN

Capitec Bank's Internet Banking Security

Internet Banking is a convenient service that allows you to manage your money any time or place. We have taken great care to offer you a secure online banking portal to safeguard your money using:

• Secure design
• Daily vulnerability assessments
• Internationally-acclaimed security consultants
• Two-factor authentication through your Internet Banking security token

Find out what you can do to access your account safely and securely from the Internet Banking sign-in page.

Username

A username is the name you choose to assign to your Internet Banking profile for identification purposes during registration. As with all sign-in information, keep your username secret as it'll simply make it more difficult for others to access your account and reduce the possibility of attempted identity theft.

Password

Your password is 6 - 18 characters long, and contains letters and/or numbers. Choose a password that is hard to guess and not obvious to those who know you. Changing passwords regularly is advised to prevent others from accessing your account at a later stage in case they see you typing it while signing in. Our number one online safety tip: never share your password with anyone!

Security Token Password

Your security token is linked to your profile and generates unique passwords. These security token passwords help keep your account/s and money secure, and are needed when you sign in to Internet Banking or pay beneficiaries. These passwords can be used once and only for a limited time, so they are useless to someone shortly after they've been generated and used. Unlike passwords sent by SMS, they can't be intercepted as long as the security token stays in your possession. During registration you'll need to choose to use the security token on a cellphone or security token on a keyring.

Validating our Internet Banking Site

When you registered for Internet Banking, your service consultant took your photograph and linked it to your Internet Banking profile. Always check that the photograph displayed is in fact you and that it is consistent with the photographs displayed on your previous online banking sessions. If your profile photograph has changed without your knowledge or you suspect that you are not on the Capitec Bank Internet Banking site, please contact us immediately.

If you are in doubt as to whether you are on our Internet Banking website, you can verify the digital certificate and also check the padlock on the toolbar at the bottom of the page.

Internet Banking Safety Tips

• Ensure that no one has unauthorised access to your computer and Internet Banking security token
• If you lose your Internet Banking security token (cellphone or keyring), report it immediately on 0860 10 20 43
• Don't open suspicious or unfamiliar emails and never click on attachments or links in unexpected emails
• Poor grammar and incorrect spelling is often an indication that any email you receive and/or website you visit should be treated with extreme caution
• Never access the Capitec Bank website through a link. Instead, always type in the address or save the address as a 'Favourite' once you're sure that you're on our website
• Avoid using public terminals like Internet cafes for online banking
• Don't open other websites while you are signed in. Only have a single browser window or tab within the browser window open
• Install and use the latest antivirus software
• Ensure that your computer has the latest operating system and browser updates installed

Third-party applications downloaded onto your cellphone

You need to fully understand how third-party applications, not endorsed by Capitec Bank, work before downloading them onto your cellphone. You need to be aware that third-party applications have the potential to access other messages on your cellphone (such as your account info) with or without your knowledge.

Identity Theft

Phishing

Phishing is a form of electronic fraud whereby your banking and personal details are gathered and an attempt is made to access your funds. Your details can be gathered in 2 ways:

• An email request for your user information
• Luring you to a fake website

When you receive an email, the fraudsters don't necessarily know that you bank with Capitec Bank. They operate by sending out large volumes of emails to random email addresses. The fraudster pretends to be from a legitimate company/institution and usually asks you to disclose confidential banking and personal details (passwords, address, credit card info etc.).

How to Protect Yourself from Phishing

We'll never ask you for sensitive personal or account information, so please bear the following in mind at all times:

• Never give your banking and personal details to anyone
• Treat emails and pop-up windows asking for your personal details with the same suspicion that you would of the person behind you in an ATM queue
• Treat emails that appear to be from Capitec Bank asking for personal details with suspicion
• Never provide your personal details via email
• Don't follow any links in emails to reach our Internet Banking website. Always type our website address (www.capitecbank.co.za or https://direct.capitecbank.co.za/ibank/) to connect to our Internet Banking website
• Check the digital certificate to verify the authenticity of the login page
• Keep your login details secret. No employee of Capitec Bank is allowed to ask you for this information
• Never respond or reply to an email that:
  • Prompts you to enter your personal details directly into the email or submit this information in any other way
  • Threatens to close or suspend your account if you don't take immediate action by providing your personal details
  • Asks you to participate in a survey where you have to enter your personal details
  • States that your account has been compromised or that there has been third-party activity on your account and prompts you to enter or confirm your account information
  • Asks you to submit your username, password or account numbers in an email or non-secure web page
  • Asks you to confirm, verify, or refresh your account or address information

What to do if You Suspect Phishing

• Contact us immediately if you have doubts about an email or website that appears to be from Capitec Bank
• Please do not respond to emails from Capitec Bank that appear to be suspicious. Forward the email to clientcare@capitecbank.co.za and we'll investigate further
• By bringing these cases to our attention, you may assist us in preventing fraudsters from committing further illegal acts

Keylogging or Key-stroke Logging

Fraudsters sometimes attach small devices called keyloggers to computers. To install this device, the fraudster must gain physical access to your computer. A keylogger logs or records everything that you type on your keyboard which means that they will most likely obtain your username and password.

Fraudsters also use sophisticated software called spyware to record the keystrokes on their victims' computers. This info is then sent to the fraudsters who analyse the data and identify possible username and password combinations.

How to Protect Yourself from Keylogging

• Make sure that no one has unauthorised access to your computer
• Don't open suspicious or unfamiliar emails. Never click on attachments that you were not expecting in an email
• Only install licenced software on your computer from reputable vendors
• Ensure that you have the latest version of antivirus software installed on your computer
• Don't visit high-risk websites on computer/s that you use to access Internet Banking. Examples of high-risk websites include pornographic and gambling websites, and sites where software can be downloaded which are not associated with major or reputable software vendors

What to Do if You Suspect Identity Theft

• Contact the South African Police Service (SAPS) and report the matter. Keep a copy of the police report because we may ask you to provide it
• Monitor your credit profile closely. Credit bureaus like TransUnion ITC allows you to access and review any changes in their credit profiles for a small fee, which includes email and SMS alerts if accounts are opened using your credentials
• If your ID book is stolen, it might be a good idea to close your existing accounts to prevent any further harm and open new accounts
• During the process of reporting identity theft: Keep copies of all documentation and communications. Take notes of telephonic discussions, including names, dates, times and comments. Ask all agencies you deal with to confirm the actions taken in writing
• Find out from the police how you can track any criminal records that are posted to your identity and what you should do to ensure that it gets cleaned out once identified