Client Security Awareness Guide

1. Banking information that clients must not reveal to anyone
   • ATM or credit card number
   • National ID card number or national number
   • Bank account number
   • Secret passcode and e-service username
2. Protection of credit card information
   • Do not disclose any sensitive information related to your credit card, such as its number or its secret passcode
   • Do not reveal any of a credit card’s numbers unless you are making a purchase from a safe and trusted outlet
   • Do not save the credit card’s secret passcode in a written form, especially in the same place where you keep the card, such as writing it on the card’s envelope or keeping it in your contact list
   • Make sure you retrieve the card immediately after usage, whether from ATMs or store clerks
3. Security guidelines for protecting your e-service password
   • Do not write down or save your password in the same place with your credit card or username
   • Use a safe and intricate password that would be hard to guess, incorporating letters, numbers and symbols, and avoid links to personal information, such as birthdays, names or sequence numbers
   • Change your password every once in awhile
   • Do not use the same password for different bank accounts on the internet

• It is vital to always make sure that the security lock on the website address bar is turned on while conducting banking transactions on the internet
• Read user alert messages carefully and ensure that they are in line with the processes you conducted
• Constantly review your monthly account statements and card statements to ensure they are devoid of suspicious activities
• Do not save your banking and card information on untrustworthy e-shopping sites and apps
• Do not open any suspicious attachments or hyperlinks from unknown sources
• Do not respond to messages requesting banking information, and do not click on links sent via text messages or e-mails to access banking services online
• Use an internet browser that applies proper security measures, such as blocking pop-up windows and authenticating suspicious or malicious websites
• Access banking services through the official applications that can be downloaded via banks’ websites or Google and Apple stores
• Regularly update anti-virus and protection software on your personal computer and mobile devices, and make sure they are compatible with internet banking
• Make sure you have logged out of your account on the bank’s website after every use
• Check the information of the last log in to the system when you log in again
• Use safe passwords and adjust your device’s settings to lock down if left inactive for a period of time decided by the user
• Do not opt for automatic save or revealed usernames and passwords on your browser or devices
• Do not share your secret passwords or codes with anyone
• Avoid using online banking services through connections at internet cafes, public places or unknown WiFi networks
• Inform your bank in the case any of your information change, to continue receiving one-time passwords for e-services through reliable SMS messages
• Immediately notify of an suspicious activity on your accounts or card to suspend them and take necessary measures for other clients’ protection

• Make sure that the keyboard and the card reader are an element of the machine, and not separate entities attached externally on top of the original equipment
• Check that there are no surveillance cameras around or above the keyboard
• Check that the light comes on when you insert your card, as fraud tools tend to cover such lights
• Make sure that other users in the queue are standing at an acceptable distance from you when you are using the machine
• Ensure that no one is prying on you while you enter your secret code
• Stand close to the ATM and cover the keyboard with your hand as you enter your secret code
• Beware of strangers offering help with ATM use
• Press the cancel key, retrieve your card and notify the bank immediately if you are suspicious that the machine is not operating normally
• Notify your bank immediately if your card is confiscated by the machine or lost
• Do not rush while using the ATM and make sure all processes are conducted properly
• Put away your card and cash in a wallet or handbag before walking away from the machine
• Review your bank accounts regularly and find if any unusual activity has occurred on an ATM
• Immediately notify the bank when suspicious of unusual activity
• Immediately notify the bank if you notice suspicious activity around an ATM and abstain from using the machine in question
• Make sure you retrieve your card after using the ATM machine or at trustworthy sale points

• • Above all, shop only at trustworthy e-stores
  • Do not click or open links or attachments via e-mails claiming to be from importers or shopping websites
  • Manually type the URL of importers or shopping sites in your browser
  • Always use the latest version of the browser to ensure that security updates are implemented
  • Do not opt for saving your information on shopping sites if they offer to “remember” your payment information for your next shopping session.
  • Ask your bank to activate the SMS alert feature to guarantee that you are notified of any activity on your shopping card
  • Do not use free or public WiFi networks to conduct any shopping or payment activities
  • Make sure that the website you are shopping from operates on a recognized security layer, the address of which must begin with HTTPS
  • Log out of the website once you conclude your shopping
  • Avoid sharing your card or account information via social media, e-mail, phone or other tools of communication
  • Destroy expired cards and dispose of them properly

If you are suspicious of any unauthorized security breaches to your bank accounts or credit cards via the internet, or if you notice an activity on your accounts by someone other than yourself, you must notify the bank immediately.