Important notice:  For up to date information about the pandemic visit www.who.int 
Global
Sign in

Security Centre

Your online security is our concern

With Business Online you get

Global Access

Banking at your fingertips, anytime and anywhere

Security

Every layer has been built with the latest security technology

Simplicity

Choose the functionalities, products and services that best suit your needs

Single sign on

Instant access to your entire Standard Bank portfolio
Online security
Why talk to us

As a user of Business Online, your right to privacy and security is important to us. We understand that any information transmitted via our channels is sensitive and, as such, needs to be protected at all times.

All interactions with our transactional sites are protected through encryption that complies with international standards of good practice. Our application webservers are protected by firewalls and intrusion detection systems. Access to information on these servers is restricted to authorised personnel only.

We have also employed the services of independent security experts to test and advise us on the security of our systems and an independent party conducts internal audits on a regular basis.

Security tips

Here are some tips that will help you to ensure your online environment is as secure as possible:

  • Control access to your premises, particularly to areas where critical computers are located
  • Ensure that anti-virus, anti-spyware, and intrusion prevention systems are up to date
  • Keep operating systems updated. Ensure that the latest patches are installed, that software is licensed and legal, and that systems are configured correctly.
  • Run the latest Java version. Business Online runs on Java Runtime Environment (JRE) version 6 and upwards. Older versions could leave you exposed.
  • Ensure your employees keep their login details confidential and change passwords regularly
  • Familiarise yourself with the information on Business Online
  • Be alert at all times. Fraudsters strike in those weak moments when your guard is down
  • Never share your token with anyone or leave it unattended. Always keep it locked away securely
 
  • Why talk to us
  • Security tips

As a user of Business Online, your right to privacy and security is important to us. We understand that any information transmitted via our channels is sensitive and, as such, needs to be protected at all times.

All interactions with our transactional sites are protected through encryption that complies with international standards of good practice. Our application webservers are protected by firewalls and intrusion detection systems. Access to information on these servers is restricted to authorised personnel only.

We have also employed the services of independent security experts to test and advise us on the security of our systems and an independent party conducts internal audits on a regular basis.

Here are some tips that will help you to ensure your online environment is as secure as possible:

  • Control access to your premises, particularly to areas where critical computers are located
  • Ensure that anti-virus, anti-spyware, and intrusion prevention systems are up to date
  • Keep operating systems updated. Ensure that the latest patches are installed, that software is licensed and legal, and that systems are configured correctly.
  • Run the latest Java version. Business Online runs on Java Runtime Environment (JRE) version 6 and upwards. Older versions could leave you exposed.
  • Ensure your employees keep their login details confidential and change passwords regularly
  • Familiarise yourself with the information on Business Online
  • Be alert at all times. Fraudsters strike in those weak moments when your guard is down
  • Never share your token with anyone or leave it unattended. Always keep it locked away securely
 
Self service 8 xproduct images
Protect yourself

We remain committed to protecting your information, but we also need you to ensure that you have taken effective security measures when transacting over the Internet. For queries please contact our 24-Hour Fraud Hotline on 0800 222 050.

Protect yourself from Fraud

Don't let fraudsters defraud you. Keep up to date with all you need to know.

Be savvy about online security
Online Security tips
  • The basic principle of IT security is to not be impregnable, or to be 100% secure
  • 100% security isn’t something to strive for, nor is it often practical
  • Aim to be better than the next target. Focus not only on preventing cyber-crime but also on being ready to detect it when it takes place and to respond to it when it happens
  • Awareness
  • People are the weakest link in any organisation
  • Create and enforce awareness programs. Themes should include common threats that are being seen in the wider IT environment:
    • Phishing
    • Malware
    • Mobile security
    • Social engineering
    • Credential Management
  • Implement 2-Factor Authentication where possible
  • Avoid storing passwords in clear text
  • Implement a password policy that is in line with international best practice
  • Passwords need to be hashed and salted before being stored
  • Enforce the password policy on all systems in your environment
  • Exercise additional controls to protect authentication data
  • Password cracking is real and available; ensure the appropriate flags are raised to protect your organisation from brute force attacks
 
Implement security policies

Access control

  • Ensure accountability for all accounts to your applications and infrastructure
  • Review all access monthly at a minimum
  • Provision access on a least privileged basis
  • Determine effective access for the systems and infrastructure in your organisation
  • Exercise additional controls over privileged user and system accounts
  • Attacks are traditionally performed on behalf of an authenticated user

Physical security

  • All access to your organisation needs to be authenticated and controlled
  • Ad hoc access needs to be attested to by an accountable permanent employee
  • Staff should display company issued identification
  • Be aware of the level of information that is openly displayed or available
  • Consider the use of additional access control around sensitive environments
  • Social engineering is often the easiest way into any organisation

Network security

  • Protect your payment files from point of origination to point of exit
  • Conduct reviews of your firewalls and external facing systems annually, at a minimum
  • Terminate all external connections within your DMZ
  • Consider the use of a sandboxed environment to scan received files
  • Consider segregating core or critical systems from the rest of your network
  • Standard Bank South Africa provides encrypted communications between your network and ours, but control of the source is within your domain

Operational security

  • Ensure patch levels of systems and infrastructure is at an (n-2) level at a minimum
  • Keep an up-to-date asset register of all hardware and software, including open systems, in your organisation
  • Implement anti-virus on Wintel systems and ensure open systems are kept up-to-date
  • Scan any attachments or files introduced into your environment for malware or viruses before opening them
  • It does not help to update Windows on your laptop without updating Java

Logging

  • Ensure that all these events are logged at a minimum:
  • Authentication and authorisation events
  • Provisioning and de-provisioning of user or system accounts, account locking, unlocking and password resets or changes
  • Granting, modifying, or revoking access rights to a user, file or object
  • Log all privileged user activity on systems and infrastructure
  • Log all system and application configuration changes
  • All logs should be stored remotely from where they are generated, without the capability to overwrite or edit
Keep systems and software up-to-date

Business Continuity Planning (BCP)/Disaster Recovery (DR)

  • Backup your important data to a remote/offsite server
  • Segregate your important backups from the rest of your network
  • Create restore points where applicable
  • Test your DR plan on an annual basis at a minimum
  • Identify and remediate against single points of failure in your systems and in your organisation
  • Remember that availability and continuity are key pillars of IT security