SECURITY POLICY

---

NESFB never asks for your user id/password/pin no. through phone call/SMS/emails or One Time Password through SMS. NEVER share these details to anyone. NESFB wants you to be secure. If you come across any such instances, please inform us through email to following address : customercare@nesfb.com

NESFB makes every effort to provide optimal security of customer’s data and of all transactions, protecting the information of our clients is very important. There is always a  risks involve in online transaction , so customer  may take some action to protect themselves  from such threats. Here we provide some information to help you.

Phishing
A phishing attack is an online fraud method which involves sending official looking email messages with return addresses, links and imprinting that all appear to come from banks or other reliable sources. Such emails typically contain a link to a fake website and deceive account holders to enter customer names and PIN/Password on the pretense that these details must be updated or changed. Once the customer submits the details, it can be used on legitimate bank sites to take customer’s money.
Nowadays, phishers also use phone (voice phishing) and SMS  (SMiShing - A form of phishing,  when someone tries to trick you into giving them your private information via a text or SMS message .  SMiShing is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. SMiShing is short for "SMS phishing.").
It is important that you are suspicious of emails asking for your information like account number, card number, user id, password, PIN etc.

Fake NESFB websites and Apps
NESFB monitors the internet to find imitation websites and apps, which are often the first step made by phishers. We then work with the authorities to take down such websites and apps as quickly as possible. Since internet is like a sea and we may miss some of these sites; hence you can report phishing attacks by sending us an email at customercare@nesfb.com

NESFB standard practices
These are the standard practices we follow and any deviation may be a malicious email:

• NESFB will address customers by name in any email.
• NESFB will not insert hyperlinks in emails that take you to sites where you must enter your security information.
• NESFB emails will never ask you to reply in an email with any personal information.
• NESFB will use suitable encryption and authentication mechanisms to secure the transactions;
• NESFB will never claim your account may be closed if you fail to confirm, verify, or authenticate your personal  information via email.
• NESFB will never claim the need to confirm important information via email due to system upgrades.

If customers have any suspicion about any email they have supposedly received from NESFB, they should contact us immediately.

Advisory

In order to avoid financial frauds,customers are requested not to depend on the contact numbers obtained through internet search for any banking activities with North East Small Finance Bank. The contact numbers published on Bank's official website www.nesfb.com should only be used for contacting the bank in case of need. Also to ensure that confidential information like user id, password, PIN, OTP, debit card details etc. are not provided/disclosed to anybody .

Safe Online Banking - do's & don'ts

• Do not click on links, download files or open attachments in e-mails from unknown senders. Be cautious even if the e-mail appears to come from Bank or any other Organization , you do business with. It is a good practice to call up the concerned to confirm in case the e-mail is unexpected.
• Do not open spam mails. Be especially cautious of e-mails that

1. Come from unrecognized senders.
2. Ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information.
3. Are not personalized.
4. Try to upset you into acting quickly by threatening you with frightening information.

• Communicate personal information only via secure web sites. In fact:

1. When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser's status bar or a "https:" URL whereby the "s" stands for "secure" rather than a "http:".
2. Also, check if the website address is correct before conducting online transactions.

• Protect your computer by installing effective anti-virus / anti-spyware / personal firewall on your computer / mobile phone and update it regularly.
• Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made.
• Do not disclose details like passwords, debit card grid values, etc. to anyone, even if they claim to be bank employees or on e-mails/links from government bodies like RBI, I.T. Dept., etc
• Register your mobile no with Bank for SMS alerts to keep track of your banking transactions.
• If you have to share your mobile with anyone else or send it for repair/maintenance

1. Clear the browsing history
2. Clear cache and temporary files stored in the memory as they may contain your account numbers and other sensitive information

• Do not save confidential information such as your debit/credit card numbers, CVV numbers or PIN's on your mobile phone.
• Do not leave your ATM Card/cheque book unattended ,Treat it like Cash , Always keep it in a safe place, under lock and key.
• Whenever you receive your cheque book, please count the number of cheque leaves in it. If there is a discrepancy, bring it to the notice of the Bank immediately.
• Your card is for your own personal use. Do not share your PIN or card with anyone, not even your friends or family.
• "Shoulder surfer" can peep at your PIN as you enter it. So stand close to the ATM machine and use your body and hand to shield the keypad as you enter the PIN.
• Press the 'Cancel' key before moving away from the ATM. Remember to take your card and transaction slip with you.
• If your ATM card is lost or stolen, report it to your card-issuing bank immediately.
• While talking on phone never disclose: ATM/ PIN/ password/ OTP/ CVV(Card Verification Value)
• ON-Screen Keyboard: This would be the easiest way to protect your password from being recorded by key-loggers, especially at public terminals. Banks have this option available to input username and password.
• Random Passwords: Use a combination of random letters and numbers as words, names and phrases for your Password.
• Do Not Follow Links: Always type in the web address (URL) to access your bank's website. Never click on a link from an e-mail you get.
• Be Secure: Keep your operating system and browser up-to-date with the latest security patches. Install these only from a trusted website.
• Keep your passwords, Personal Identification Number (PIN) and card numbers confidential.
• Look for the lock icon: Before entering personal information on a website, look for the "lock" icon in your browser. A closed lock or padlock indicates that the website you are on is secure.
• Use a firewall to protect your computer.
• Install Security Updates: You should download and install security updates regularly or configure your operating system to automatically check for new updates.
• Change your password regularly: For the first time you login to your internet banking account, you will need to use the password provided by the bank. However, you need to change this password in order to keep your account safe. In addition, keep changing your password at regular intervals. More importantly, keep the password confidential at all times.
• Do not share your details with anyone: Your bank will never ask for your confidential information via phone or email. So whether you get an apparent phone call from the bank or an email requesting your details, do not give out your login information.
• Keep checking your savings account regularly: Check your account after making any transaction online. Verify whether the right amount has been deducted from your account. If you see any discrepancies in the amount, inform the bank immediately.
• Always use licensed anti-virus software.
• Never leave your computer unattended once you have signed in to online banking.
• After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser.