Secure Transaction Guidelines

Be cautious when you are approached by a suspicious individual who requests security information such as Username, Password, or One Time Password(OTP)/PIN. NCB never sends emails to ask you to provide confidential or personal information. If there are any security concerns, we will contact you directly or ask you to contact us.

If you suspect fraud, please contact NCB at 1800 6166 or 028 38216216, or send an email to callcenter@ncb-bank.vn.

Find information about online security here:

NCB is committed to consistently striving to guarantee the financial security of our Customers. Learn about the measures NCB takes to safeguard our customers.

CUSTOMERS PROTECT THEMSELVES

1.    Be cautious of spyware:

Virus & Worms: Program codes that are self-replicate or sent on the internet to damage computer data or disrupt system operations.

Trojans: Spy programs that infect your computer without your knowledge, capable of stealing your sensitive information.

Rootkit: Malicious software that allows unauthorized access with administrative rights on the system and performs illegal actions on your computer.

Phones that have illegal or spy software installed are at high risk of revealing account information and transaction passwords, resulting in monetary losses through online transactions.

We therefore advise you to change your access password and uninstall spyware from your mobile device, if you have already installed this software.

In addition, you should not install software from unofficial application stores to minimize the risk of malware and spyware spread.

2.    Be cautious of calls or emails exploiting personal, account, or card information.

Be cautious of suspicious phone calls. NCB will not contact you by phone with any request for your personal information. Please report immediately to the police or contact NCB at 1800 6166 or 028 38216216 for coordinated handling.

Protect your identity by storing your personal data with trusted entities.

3.    Protect your personal computers

  • Safeguard your computer against the infiltration of downloaded viruses by installing the latest antivirus software.
  • Use a personal firewall to prevent unauthorized access to your computer.
  • Use a stable operating system and keep your web browser software updated.
  • Learn more about software and browser requirements to effectively protect your computer.

4.    Protect your personal data and accounts

  • Regularly change your PIN/Password.
  • Never disclose your PIN/Password to anyone, even to an NCB representative.
  • Exercise caution when using shared or public computers, ensuring that they have updated antivirus and firewall software.
  • Learn more about recommended browsers.
  • Log out properly using the «Log out» button when ending your e-banking session.
  • Disconnect from the Internet upon the completion of a transaction, and never leave your computer connected to the network when not in use.
  • Avoid installing programs from unknown or illegal websites onto your personal computer.
  • Do not open files sent from unknown emails (unknown sender).
  • Install personal firewalls and virus detection software on your personal computers, and update those programs regularly to ensure your computers are protected.
  • Contact NCB immediately at 1800 6166 or 028 38216216 if you suspect a breach of your personal data or account.
  • Report all suspicious emails by sending them as an attachment to NCB's email to assist in our investigation: callcenter@ncb-bank.vn. It is important to note that NCB will never initiate contact via email to request for any verification of your personal and/or account information.

 

HOW NCB PROTECTS OUR CUSTOMERS

NCB ensures the safety and security of your online transactions through:

  • Creating secure transactions: You are conducting a secure transaction if the URL begins with https:// and a lock icon appears in the browser window. Below is the Bank's actual website. When Customers click on the green text on the browser, a window displays information certifying that the website is secure.
  • Use of encryption: SSL (Secure Sockets Layer) encryption technology is used on the bank's website to encrypt (encode) your personal information. When you connect to the bank to perform a transaction, this technology encrypts the information transmitted from your personal computer to the bank, ensuring that no one else can read that information. NCB also uses the SSL (Secure Sockets Layer) encryption protocol to safeguard your security.
  • Automatic session timeout settings: If you forget to log out after performing online banking transactions, after a certain period of time, the connection between your computer and the bank will be automatically disconnected. If you wish to make a transaction, you must log in again. This measure is taken to ensure information security for Customers.
  • Ensure secure transactions by authenticating with your login credentials: Access to Internet Banking is granted only after you log in with the correct Username and Password. Therefore, to maintain security, never share your credentials with others and avoid using the same password across multiple services.
  • Using Two-Factor Authentication to provide an additional layer of protection: In addition to entering the correct username and password, to complete a transaction, you must enter the correct AUTHENTICATION CODE provided via text message (SMS) or retrieved from the Token device. With this technology, you can enjoy safer online banking services with one of the smallest and easiest-to-use security devices.
  • Using Automatic Lockout for Token Authentication Device or not sending authentication messages via mobile phone: The system automatically locks the Token authentication device or does not send authentication messages via mobile phone if you incorrectly enter the authentication code more than the number of times specified by the Bank. To reactivate, please contact the NCB Call Center via hotline 1800 6166 or 028 38216216 or go to the nearest NCB transaction point.
  • Using an automatic account lockout program: After five unsuccessful login attempts, we will suspend online access to your account. To reactivate your account, please contact the NCB Call Center via the hotline at 1800 6166 or 028 38216216, or go to the nearest NCB transaction point.

 

WARNING ABOUT ONLINE SCAMS AND PHISHING

1.    Phishing (or online scams)

  • A phishing website is a webpage that imitates a well-known company's website to deceive visitors into revealing confidential personal information. Names, logos, images, and even source code similar to the actual company's website are used to make phishing websites appear legitimate.
  • It is difficult to detect such websites. They frequently prompt visitors to click on counterfeit links that request updates, confirmations, or provision of sensitive personal information. To lure victims, these websites may suggest urgency or pose threats related to your account.

Prevention:

  • Always type the address https://www.ncb-bank.vn directly in the browser address bar.
  • Check the locked padlock icon and the website's certificate in your browser window.
  • Avoid entering your account information via a link that establishes a connection to the bank.
  • Change your password regularly.
  • Contact the Bank immediately when you receive a suspicious phone call or email asking you to declare or disclose login information, account information, or change passwords. Do not act upon such requests, even if they appear to be from NCB Bank, as NCB Bank will never ask you to disclose your password, PIN, or security code via phone or email.

2.    Signs of a spoofed email

  • An urgent warning may be issued. For example: Your account will be closed or suspended, or you will be charged a fee if you do not respond.
  • The email advises you to contact a phone number to confirm your card or account details.
  • There are embedded links that, at first glance, appear to be legitimate because they contain all or part of the name of the genuine company. These links may take you to fake websites, which ask you to enter, confirm, or update sensitive personal information.
  • May contain obvious spelling errors. These errors allow spoofed emails to avoid spam filters used by internet service providers.

Prevention:

  • Never click on any links or respond to emails that request personal or financial information.
  • NCB Bank never asks for your login information or personal information for online banking services. This information includes Password and Authentication Code.
  • Do not read the password out loud during a phone call, as no customer service center shall ask for such information over the phone. If you forget your password, the bank will ask a few questions related to your personal information for authentication, not your password.
  • Log in directly from your browser. This will prevent you from being redirected to a fraudulent website.

 

NCB's advice

Tips to "detect" and "avoid" being scammed - Security advice on Intenet Banking

  • Before logging into NCB Internet Banking, it is important that you protect your computer and information with a number of easy-to-use tools such as firewalls, email filters, antivirus software, and spyware filters.
  • Review your statement upon receipt, and notify NCB as soon as you see any unauthorized transactions.
  • Always type https://www.ncb-bank.vn/  in your browser when logging in to Internet Banking.
  • NCB will never send you emails containing embedded links. It is important not to click on any links that are linked to NCB attached in an email.
  • Keep your PIN/Password secured and never disclose it to anyone.
  • Before submitting any information via website, look for a "padlock" icon in your browser's status bar, or note that the website address should start with "https://" and not just "http://." When you see such security details, it means your information is in a secured transaction session.
  • Contact NCB immediately at 1800 6166 or 028 38216216 if you notice any discrepancy in the most recent time of login to Internet Banking. This information can be found at the top of the "Home" section after you log in to Internet Banking.
  • Misspelled words, either in an email or on a website, may be a potential sign of a scam.
  • Always log out of Internet Banking by clicking the "log out" option, not just by closing the browser.

 

NCB's advice on passwords

  • How to set a password:
    • A strong password should consist of a combination of lowercase and capital letters, numbers, and special characters.
    • Passwords should be a minimum of 6 characters and a maximum of 20 characters.
    • Avoid using passwords like your name or phone number, birthday, etc., or any other personal information or words that can be found in the dictionary.
  • How to secure your password:
    • Your login information and password should be kept private and not disclosed to others.
    • Change your password regularly.
    • Do not write your password on paper.
    • Do not share your password with others.
    • Avoid using the same password for different services.
    • After completing a transaction, log out of the website by clicking on the "Log out" button on the browser.
    • Do not enable the auto-save login information feature on the device.
    • Notify NCB immediately if you know that your password has been compromised or used by someone else.

Some notes about the browser used for transactions: Refrain from configuring the web browser settings to permit the storage of user names and passwords. Enable browser security features.

Log out of the iBanking system when not in use. "Log out" from the iBanking system when not in use.

Avoid logging into your account through a link that connects to the bank.

Be cautious and limit the use of public computers and public wireless networks to access the Internet banking system (Wifi cafes, shopping malls, supermarkets, bookstores, etc.), as this environment is unsafe, and your sensitive information can be stolen, such as your PIN code, username, password, etc.

Protect your computer from viruses by using a continuously updated antivirus software from the supplier.

Use a Personal Firewall as a protective barrier between your computer and the internet system.

Be cautious and do not open emails with attachments sent from unknown sources.

 

Install and update some software: 

Ensure that your computer has software patches that are updated to the latest version from the supplier.

Use personal firewalls and intrusion detection programs on your computer to effectively identify and prevent attacks or unauthorized access.

 

FREQUENTLY ASKED QUESTIONS (FAQ)

What should I do if I suspect that I have received a fraudulent email?

If you receive a suspicious email that appears to be from NCB, please contact the Call Center immediately at 1800 6166 or 028 38216216. Forward all suspicious emails as attachments to mail: callcenter@ncb-bank.vn for us to investigate and take action.

How can I ensure that I am making a transaction with a financial institution during a secure session?

You can verify that you are engaged with a reliable financial institution by checking the website's Digital Certificate during a secure session. This will verify the specific identity of the website you are visiting as well as confirm that the website is safe and authentic. To make sure you are accessing a secure web server, check the website address in your browser's address bar - it should display https:// instead of just http://. Click on the padlock icon to check if the website is safe and authentic.

 

 

What should I do if I accidentally provide credit or debit card information to a possible fraudulent email?

Contact the NCB Call Center at 1800 6166 or 028 38216216 as soon as possible to report incidents of information theft.

How can my information be transmitted securely over the internet?

Browsers often use standard secure protocols such as Secure Socket Layer (SSL), and Secure Hyper Text Transfer Protocol (S-HTTP) to allow personal information to be transmitted securely over the Internet. When you visit a website that uses the SSL protocol, a secure connection is created between your computer and the server of the website you are visiting. Once this connection is established, you can securely transmit any information to the web server. In contrast, S-HTTP is designed to convey regular personal messages.

How do I know my browser is safe?

For browsers such as Microsoft Internet Explorer and Netscape Navigator, a secure encrypted session will be indicated by a locked padlock or a continuous icon appearing in the lower left or right corner of the browser window. You should also check your browser's address bar. If the website address begins with "https://" rather than "http://", the session is securely encrypted.


What should I do if I accidentally download a virus or Trojan?

Some phishing attacks use viruses and/or Trojans to install programs called "keyloggers" onto your computer. These programs have the ability to capture and send to scammers any information you enter, including account numbers, usernames and passwords. In this case, you should:

  • Install/update antivirus software and personal firewall
  • Update all antivirus patches and run a full computer scan
  • Reconfirm all connections that your firewall allows to bypass.


What is a Digital Certificate and how does it help ensure security?

Digital Certificates are issued by a widely recognized and certified authority to authenticate a website or its elements. This certificate identifies the website's originator and verifies its legitimacy. When your browser connects to the Digital Certificate, it checks to see if the certificate is authorized by a legitimate certification authority. If it is legitimate, your session will proceed. If not, your browser will issue a warning, and the safest course of action is to cancel the access.


Can others see my personal information when I use the Internet?

If a secure session is established and information is encrypted during data transmission, others will not be able to view your information. However, you should be aware that some web browsers will store information on your computer even after you have finished your online activity; this is called cache. Hence, it is advisable to terminate your web browser at the conclusion of each Internet session, particularly if you have visited secure websites to perform financial transactions, verify account balances, or access any other sensitive or private information.


Is sending email safe?

Email sent over the Internet is generally not secure unless it is encrypted. In fact, most email systems today do not have this capability. Because most email transmissions are not secure, you should not send any personal or financial information, such as your credit card number, via email.