Security Information
128-bit SSL Security Technology
The 128-bit Secure Sockets Layer encryption which is widely used technolgy for securing Internet communication is applied to our site.
Virtual Keyboard
The virtual keyboard prevents hacking attempts by using mouse input instead of keyboard input while input critical data on the web.
This protects input data from being leaked at the entry level thus enhances safer transaction.
Security Device
Security Device, e.g. security card, OTP token, authenticate users on occasion of critical information change or transaction.
The security device is used to secure the fund transfer or domestic transfer transactions etc. security card or OTP(One Time Password) is available. The security device will be provided when the customers enroll in the Online Banking Service at branch.
Auto Logout
The system log off your connection if you remains inactive for a period of time.
Multi-level Approval System(for corporate users)
When it comes to corporate users, transactions can be finalized by the decision-makers' approval thru multi-level approval system.
Manage Transfer Limit
Manage Once and Daily transfer limit.
Security Solution Guide
How SSL Certificate works
SSL certificates help protect web users in two ways. First, SSL encrypts sensitive information such as usernames, passwords, or other critical transaction data. Second, SSL certificates verify the identity of websites. While this second point may happen to varying degrees depending on the certificate a website admin purchases or the certificate provider he or she uses, all SSL certificates at least confirm that the website you are on (for example, https://www.shinhanglobal.com) is in fact https://www.shinhanglobal.com, as opposed to a fake website posing as https://www.shinsanglobal.com.
What`s the worst that could happen?
As with any aspect of computer security, as long as there is a strong incentive (financial, political, etc.) to attempt to hack the system, there will be malicious players in the game who will try to find exploits or loopholes in a secure system.
(Screenshot) SSL Certificate Warning Popup
With SSL security issues, as with many issues in online security, users acting against warnings, use of outdated web browsers or operating systems, and acting against best practices (for example, clicking on links in spammy emails) are the primary issues that increase user vulnerability. Most true breaches in the system, when they do occur, are usually resolved within a small timeframe through automatic updates or widely available patches. Many low-end attacks may target consumers and rely on tactics such as misdirection (taking a user to www.shinhanglobal.hidden-domain.com instead of www.shinhanglobal.com).
Protect yourself against systemic failure by doing this:
- Always make sure that automatic updates are turned on and manual updates are done regularly to ensure that up-to-date operating system and browser software can help protect from any attacks that have been detected.
- Learn to recognize visual trust marks associated with SSL certificates such as the SSL lock icon.
- If you see the alert above, call our Contact Center at 1900-1577 (Overseas support: +84-28-3866-8830)
Virtual Keyboard Guide
What is virtual keyboard?
The virtual keyboard prevents hacking attempts by using mouse input instead of keyboard input while input critical data on the web.
This protects input data from being leaked at the entry level thus enhances safer transaction.
The Features of Virtual Keyboard
- Virtual Keyboard prevents your password from being stolen, especially while using public computers such as those available in Internet browsing centers.
- Virtual Keyboard is an additional precautionary measure designed to protect you against malicious key logger programs which might have infected your computer.
- A key logger program can capture the keystrokes you enter in the regular physical keyboard to login. Such type of programs may be accessing your PC without your knowledge or permission.
How to use Virtual Keyboard
- Text Keyboard
o Click the keyboard icon next to the password box to pop it up.
o Capital and small letters appear on the same key. You can use [CAPSLOCK] or [SHIFT] to change the upper case to lower case and vice versus.
o In order to use the Special Character, please click on the symbol [#+=]. If you want to change back to Normal Character, please click on the symbol [ENG].
o Click on [ENTER] to finish. Click on the symbol [X] to clear the last character or [CLEAR] to clear all.
Number Keyboard
o Click on input field then a keyboard will pop up on the screen.
o Using the mouse click on the respective number to enter your information.
o Click [ENTER] to finish. Use [BACKSPACE] to clear the last number entered.
Fraud warning
About 'Phishing'
The term, Phishing is a word combination of Private Data and Fishing. This is a new financial fraud in cyberspace that directs users to a fraud website by sending out emails with website links or posting such information on web boards to steal personal information.
What is Pharming?
Upon the creation of a fraudulent website, it will either hack into customer's computer or inducing customers to access to the website.
- Local Hacking: Hacks into a PC and directs users to a phishing website by modifying host files.
- Domain Hijacking: directs users to a phishing website by stealing domain.
- DNS Server Hacking: Hacks into DNS server and creates fake DNS name to direct users to the site.
How to prevent Phishing and Pharming
- Do not try to access to financial institute websites links in emails or web boards.
The fake website directed through the links in emails or web board looks almost identical as to the real website so it is difficult to recognize if it is the real website. The source of phishing mails are delivered under the name of 'XX bank' or 'XX bank administrator' and offer linkage to other fraudulent websites. Commonly, email or post tempting false messages on a web board to bring up instant responses of victims and induce them to enter their information.
- Please access your financial institution's website via the 'Favorites' link or through the search engine.
Do not enter personal information in a financial institution website accessed through suspicious website or postings.
- Please double check (confirm) emails without specifying sender's name, contact information and purpose of collecting personal information.
Emails without specifying sender's name, contact information and purpose of collecting personal information are sent out to random people.
- Prior to access, please check to see if the financial institute's website is valid
The domain names of legal financial institutes are composed of the company name (initial or special words) and ends with .com or co.kr( Eg. Xx Bank: www.xxxx. Com, xx bank: www.xxx.co.kr) Valid websites usually appear only after the installation of encrypted programs along with a virus check.
- If your personal and financial information is requested through email, please report to the relevant financial institution or government authority or police.
Please report to the relevant financial institution or government authority or police, if your SSN, account number, password or credit card information are requested in an email sent by a financial institute or a website.
- Please install security softwares such as anti-virus softwares and periodically update them.
Most of hacking softwares can be found and removed by anti-virus software. Please download the latest version of anti-virus software.