Safe computing practices

• Use caution before answering online and email requests for your personal information.
  Scotia iTRADE will never present you with unexpected webpages or send you unsolicited emails asking for your confidential information, such as your password, PIN, Access Code, credit card, account number, security questions etc. We will never ask you to validate or restore your account access through unsolicited email. Do not respond to unsolicited emails or websites that request personal information. Report any suspicious requests to Scotiabank immediately.
  
• Protect your Scotia OnLine Password.
  Your Scotia OnLine password is confidential and must never be shared with any outside person or company, including:
  • Account aggregation services that consolidate and display all of your financial information in one place.
  • Software that records your password so that you don't need to enter it the next time you access a website.
  • Services that collect your card number and password, or any other confidential information, to perform transactions on your behalf or to collect payment from you.
  • Any other agreements you may make or services you accept which include your consent to having your Internet activity monitored.
    
    In divulging your password, you contravene the terms of your ScotiaCard Cardholder Agreement and you will be fully liable for any unauthorized access to your accounts and all associated losses arising from these disclosures. 
• Pick a password that is difficult to guess by using a combination of letters and numbers (nothing obvious). In fact, if you're still using a numeric password, please change it now.
  
• Memorize your Scotia OnLine password and keep it secret. If you suspect your password has been compromised, please change your password immediately or call 1-800-4SCOTIA (1-800-472-6842).
• For special numeric-only codes, which are different from your sign-on password (such as your Access Code), select a code that is easy to remember but do NOT select your birth date, telephone number, license plate, address or other easy-to-guess combinations. If you have numbers in your sign-on password, don't use them in your Access Code. Memorize your Access Code, do not write it down and NEVER tell anyone what it is.
• Always keep your security questions and answers confidential - do not share them with anyone. Scotia iTRADE will never ask you to set up or confirm your questions or answers by telephone, fax or email.
• Never send confidential information (such as account numbers of any type, ScotiaCard, password, Access Code, etc.) via email.
• Avoid using software that records your passwords so that you don't need to enter them the next time you access a website from the same computer. This type of software could give other users of your computer access to your accounts.
  Note: Scotia OnLine's Express Sign-on Feature is safe to use, as it does not record your password.
• Avoid accidentally agreeing to have your Internet activity monitored by other parties by carefully reading the terms of any software you download and free services you accept online before you download them.
• Always type in the website address or use your bookmarks to access Scotia OnLine:
  https://www.scotiaonline.scotiabank.com
• Do not leave your computer unattended while logged on to Scotia OnLine.
• Do not use public computers (e.g., Internet cafés or libraries) to access Scotia OnLine because they could have viruses or malicious programs that record every keystroke, or capture usernames and passwords.
• Always log off when you're finished your Scotia OnLine session.
• Clear your browser's cache after each Scotia OnLine session. Each time you access the Internet, your browser automatically saves a copy of the web pages you've visited. Diligently clearing your browser's cache after each session is an important step in safeguarding your account information.
• Keep your ScotiaCard in sight at all times during transactions and never lend your card to anyone.
• Review your account statements and/or online account transaction details promptly and report any discrepancies immediately. With Scotia OnLine, you can review your up-to-date account transactions and therefore identify any discrepancies immediately. Contact numbers can be found on your statements.
• Report lost or stolen ScotiaCards to 1-800-4SCOTIA
  (1-800-472-6842) immediately.
  

• Protect your privacy while surfing the web by blocking third party cookies from your computer. You can safely accept 1st party cookies as they enable functionality for some websites without compromising your privacy. You can learn how to manage your cookies for the following browsers:
  
  • Microsoft Explorer
  • Firefox
  • Safari
  • Google Chrome

Whenever you use your personal computer and the Internet, there is a potential risk of contracting a computer virus or the possibility of infiltration by intrusion software commonly known as "Trojan Horses". Computer viruses can modify programs, delete files and erase the contents of hard drives. "Trojan Horses" can have similar effects and may be able to capture keystrokes, including passwords or other secret information. Spyware and other deceptive software can also conduct certain activities on your computer without your knowledge or consent.

The potential consequences of any of these threats could include damage to your personal computer, compromise of your secret information and the inability to use Scotia OnLine.

Find out more about spyware and deceptive software:

• How to Protect Your Computer from Spyware and Adware

There are additional vulnerabilities associated with having a computer directly connected to the Internet for an extended period of time. This applies to all users but it is extremely important for users with cable modem or digital subscriber line (DSL) Internet access. These methods of connection do not require 'dialing' into the Internet and thus are sometimes described as 'always on' connections. Unfortunately, as long as the computer remains 'on' and connected to the Internet, malicious parties have a continuous window of opportunity for attacks on the user's personal computer.

If you use a cable modem or DSL connection for Internet access, you can limit this security risk by disconnecting from the Internet when your session is complete, or by turning off the cable or DSL modem. However, if you want to continue to take advantage of the 'always on' feature of cable and DSL connections or if you run extended dial-up sessions on the Internet, we recommend the following security measures be taken:

• Disable File Sharing on Your Personal Computer File sharing is a feature of Windows1 that allows other computers to access your personal computer, even from across the Internet. Microsoft1 has provided instructions on how to disable file sharing in Windows Help (Click Start, Help, then choose the 'Index' tab and type "file sharing, disabling").
  
  Our recommendation is to disable file sharing. However, if you choose to retain this option for your particular environment, exercise due care and apply appropriate security measures.
  
• Install a Personal Firewall
  Install and frequently update a proven personal firewall product, such as Personal Firewall Plus¹,  Zone Alarm¹ that can be configured to prevent unauthorized access to your personal computer and keep it up-to-date.
  
  
• Get Computer Security Updates
  Ensure that you are using a legally licensed operating system. You may be able to improve the security of your system by getting updates to help correct issues that may make your computer vulnerable to virus or worm attacks. As such, you should diligently apply security patches as they become available. Find out more:
  • Windows users: Microsoft Security
  • Macintosh users: Apple Product Security

If you have a wireless network, there are additional measures that should be taken to protect your Internet connection:

• Use encryption - Enable the highest level of encryption available for your router; newer wireless routers typically use Wi-Fi Protected Access (WPA), and older versions use Wired Equivalent Privacy (WEP). This will encrypt all data transferred between your personal computer and wireless router. In addition, devices without your encryption key cannot connect to your wireless router.
• Change your default password - All wireless routers are given a default administrator password by their manufacturers, so make sure to change this password to prevent unauthorized access to your wireless router.
• Change SSID (Service Set Identifier) - The SSID is the name of your wireless network. In order for a computer to connect to your wireless network, the SSID must be known. You should change the manufacturer's default SSID name to a unique name that will not be easily guessed, and has no direct connection to you or where you are located (e.g. don't use your last name or street address).
• Switch off SSID broadcasting - You can further secure your network by disabling SSID broadcasting, which will hide your network from outsiders. It would be very difficult for an outsider to access your network once you have changed your SSID and turned off broadcasting, as they would have to start guessing the name of your network to access it.

Encryption is the process of protecting information as it moves from one computer to another so that it is unreadable to everyone except the receiver. The stronger the level of encryption used by your web browser, the more difficult it is for unauthorized parties to break the encryption and decipher the message in transit.

Scotia OnLine is fully tested before supporting new browser versions. When accessing Scotia OnLine, you are required to use one of our recommended browsers with 128-bit encryption. Find out more about supported browsers, how to check your encryption level and download the latest version.

Related References:

There are a number of web sites that provide more information on Internet Security and Safe Computing. You may want to review:

• Microsoft Security - Protect Your PC
  

• McAfee¹
• Symantec¹
• Zone Alarm
• Microsoft Security
• Apple Product Security

Related Topics:

Scotia OnLine Security:
More about the safeguards in place for Scotia OnLine Financial Services.

Scotiabank Group Privacy Code:
More about how Scotiabank is committed to keeping your personal information confidential and secure.

While Scotiabank believes these safe computing practices and included links provide reasonable but not absolute protection, the Bank makes no representation or warranty as to their intended use or fitness for purpose.

Any reference to a software provider is for convenience only and does not constitute an endorsement of that company's products. You must make your own decision with respect to their products.