Keeping your money secure online

Online banking allows you to manage your money when it suits you. Here's how you can keep it safe.

Internet banking security

Secure online banking

We have taken great care to offer you a secure online banking portal on the internet to protect your money using:

  • Secure design
  • Daily vulnerability assessments
  • 2-factor authentication through your security type (cellphone app or token on keyring). Your security type is chosen during registration

Security elements

Username

This is your account number, which is linked to your online banking profile for identification purposes. If you have been using online banking for some time, you would have chosen a username during registration. As with all sign-in details, keep your username secret to make it harder for criminals to access your account and lower the chance of identity theft.
If you call us (0860 10 20 43) with an online banking query, we may ask you for your username only. We have to do this to identify your profile so we can help you.

Password

Your password is 6 – 18 characters long and includes letters and/or numbers. Choose a password that's not easy to guess or obvious to those who know you. Changing passwords often will stop others from accessing your account at a later stage, should they see you typing it while you are signing in. Don't ever share your password with anyone; not even our employees are allowed to ask you for it. This password will be replaced by the Remote PIN when you register for our cellphone banking app.

Remote PIN

Your Remote PIN is between 5 and 6 digits long, and you use it to sign in on our banking app and authorise transactions. It’s extremely important to keep your PIN secret, and never share it with anyone. Don’t set a PIN that anyone can guess, such as your birthday or 12345, and don't use the same PIN you use to unlock your phone.

Token password

If you choose a token on a keyring as your security type, your token will be linked to your profile. It generates unique passwords for authentication purposes during online banking sessions. These passwords help keep your account(s) and money secure and are needed when you sign in to online banking, pay or add beneficiaries and update your profile details. These passwords can be used once and only for a limited time, so they are useless to someone shortly after they've been generated and used. Unlike passwords sent by SMS, they can't be intercepted as long as the token stays in your possession and you don't enter them anywhere else other than on our Internet banking site.

Confirmation messages

If you choose the banking app as your security type and you have successfully downloaded and activated the app on your cellphone, you will receive detailed confirmation messages through the app to approve online banking sessions and transactions. If you are unable to receive confirmation messages, you will be able to use the app to generate token passwords (see above).

Validating our online banking site

You will have your photo taken when opening a Capitec account. It will be linked to your online banking profile (you can ask the service consultant to update your photograph anytime). Always check that the photograph displayed is you and that it’s consistent with the photographs from your previous sessions. If your profile photograph has changed without your knowledge or you suspect that you are not on our online banking website, stop transacting and contact us immediately on 0860 10 20 43.

Our URL (in the address bar) must be "https://direct.capitecbank.co.za/ibank/". You can verify the digital certificate and check for the padlock in the browser.

Online banking security tips

  • Ensure that no one has unauthorised access to your computer and cellphone app or token on keyring
  • If you are using a token (on a cellphone or keyring) and you lose it, report it immediately on 0860 10 20 43
  • Don't open suspicious or unfamiliar emails and never click on attachments or links in unexpected emails
  • Poor grammar and incorrect spelling are usually an indication that any email you receive and/or website you visit should be treated with extreme caution
  • Never access the Capitec website through a link. Instead, always type in the address or save the address as a favourite once you are sure that you're on our website
  • Avoid using public terminals like internet cafés
  • Don't open other websites while you are signed in. Only have one browser window or tab open
  • Install and use the latest antivirus software
  • Ensure that your computer has the latest operating system and browser updates installed
  • Check the digital certificate to verify the authenticity of the sign-in page
  • A green indicator will be displayed in the address bar to confirm that you are visiting a secure website. This indicator varies for different browsers but will always appear in one form or another if the site is secure
  • Keep your sign-in details secret. No Capitec agent or employee is allowed to ask you for this information.