eBanking security

We are committed to offering you a secure and private online banking experience, protecting your information and providing a safe environment in which to conduct transactions. This requires a diligent approach to enforcing our security measures, as well as a constant evolution in our protection strategies in response to technological change and emerging threats. In this ever-changing environment, we work in partnership with you to protect your online activities.

What we’re doing to protect you

Our IT professionals work constantly to stay ahead of online threats, taking advantage of the most advanced technologies and established procedures to protect your data and financial assets. In addition, we offer a number of layers of protection:

  • Privacy

    Your personal and financial information are safely stored and all communications with the e-Banking platform are encrypted using SSL 128 bit state-of-the-art algorithms. This ensures the confidentiality of your data from EFG systems to your browser. We also offer the SecureMail service, allowing you to exchange securely emails and documents with your Client Relationship Officer (CRO).

  • Digital Certificates

    The EFG e-Banking website uses extended validity (EV) certificates to prove its identity to visitors. Such certificates require extensive verification, and provide the highest level of confidence about the authenticity of a website.

    How to check a certificate

  • Identity verification

    For added safety, EFG e-Banking requires two levels of authentication to provide access to your e-Banking account and to confirm your transactions:

    • Your traditional username/password credentials.
    • An electronically generated one-time password. This will prevent unauthorized access in the event that your username/password are disclosed.
  • Account lock out and session time out

    To protect your account from password guessing, an account will be locked out if an incorrect password (or token code) is entered four times consecutively. You will then have to contact your CRO to reactivate it. In addition, you will be automatically disconnected from your e-Banking session after 20 minutes of inactivity, to prevent anyone else from accessing your account in case you leave your computer unattended.

What you can do to protect yourself

There are a number of things you can do to protect your data and improve your online banking experience:

  • Website identity

    Most of us have received an email purporting to be from a financial institution, exhorting us to click on a link to log-in to your online banking account, reset your password, and so on. It is usually pretty clear that these are phony. However, bogus websites can be more difficult to spot, as they often look exactly like their legitimate counterparts. You can make sure of website authenticity by looking at the address, and by checking the certificate. The real web address, in fact, is not necessarily the one shown in the hyperlink which could redirect you to a website that has nothing to do with the real e-Banking site. For this reason, you should never follow any link to access your e-Banking and you should manually enter the address https://ebanking.efginternational.com in your browser, or save it in your bookmark.

    Once you have entered the right address, it is also critical to verify the certificate. A valid certificate will in fact show you the real entity associated with the web site you are connected to, and it will ensure that only that entity will be able to decrypt the exchanged information. There may be some differences in how browsers show that a certificate is valid (a closed padlock, address highlighted in green, etc.). The pictures below show how EFG e-Banking certificate information is displayed in some widely used browsers.

  • Antivirus

    Malicious software can infect your computer in many ways. Viruses can be in email attachments or USB sticks; they can hide themselves in valid programs; or you can simply get infected by opening a web page within your browser. In most cases, antivirus software can provide protection; however, it is critical to keep it up to date with the latest virus definitions. Computer viruses are created on a daily basis, and the most dangerous attacks often draw on the most recent developments. Make sure your antivirus software is active and configured for automatic updates. In addition to 'real-time' protection, it should also be configured to perform a full scan of your computer on a regular basis.

  • Anti-Spyware

    Spyware is a type of program that records information about your online behavior, often to generate market research data but also sometimes to obtain personal information, passwords, credit card numbers and so on. In most cases they are downloaded and installed as part of a legitimate program without the user's knowledge. As spyware behaves in a different way from viruses, many antivirus tools are not effective in detecting them. It is therefore a good idea to install specific anti-spyware software.

  • Suspicious emails and attachments

    E-mails are a common method of carrying out scams or propagating viruses. You should always exercise care when opening a suspicious email and, should you have any doubt about the legitimacy of the message, avoid clicking on any link or downloading any attachment. Note that you should also be cautious when receiving an email from a person that you know, as it is very easy to forge the sender of an address in an email. Common sense is often the best means to spot a fraudulent message in those cases.

  • Patches and security updates

    While viruses are intentionally developed for malicious activities, software vulnerabilities and bugs are defects involuntarily left by developers in an application or an operating system. Just like viruses, vulnerabilities might open doors for ill-intentioned people interested in your data. And just like viruses, new vulnerabilities are being discovered every day. This is why it is critical that you keep your operating system and your applications up to date by installing the latest patches and security updates. Many systems and applications offer an automatic updates feature and it is generally advisable to enable it.

  • Account privileges

    Most of the day-to-day activities performed on a computer (surfing, running programs or applications, and so on) do not require administrative privileges and can be safely carried out with a 'standard' account with limited privileges. Moreover, the impact of a virus or malware is generally much higher if executed by an administrative account and it would affect all the users on the system. For this reason, you should always try use a standard account and only log in as administrator when it is necessary (for example to install a new program).

  • Secure wireless networks

    Wireless networks offer a great opportunity for anybody in your neighborhood to enter your network and potentially eavesdrop on your communications or access the data in your computer. In addition, any activity performed by a device connected to your wireless network would appear to be done by you - and in many countries you may be held legally responsible for it. Securing your wireless connection is imperative, and you should never assume that your neighborhoods are safe as some directional antennas are able to intercept your WIFI signal from miles away. You should never use an 'open' access point and never use weak authentication/encryption such as WEP which can be easily broken in a few minutes. You should use more robust algorithm, such as WPA2, with a very complex access code. Please refer to the vendor of your wireless equipment for instructions on how to enable WPA2.

  • Secure session and log out

    Internet browsers often store data concerning your session. To minimise this to potential unauthorised access, you should start a new browser window for any e-Banking session and close all other web pages while you are connected to your account. You should also avoid accessing your account from public places like internet cafes or kiosks, as you will lack control about what information is retained and where. To correctly terminate your session you should not simply close the browser. Instead, you should use the 'log out' button, and possibly clear the cache of your browser.

    How to clear the web browser's cache

    Probably the most important advice of all is to exercise care and common sense. Online banking is not so different from any other financial activity, where a sense of caution should protect you against threats.

    There are many sites on the internet giving technical or practical information in relation to areas such as what antivirus to use; how to apply security updates; or how to remember a complex password. Many useful information can be found, for example, on the following web sites: