128-bit SSL Security Technology
The 128-bit Secure Sockets Layer encryption which is widely used technolgy for securing Internet communication is applied to our site.
The virtual keyboard prevents hacking attempts by using mouse input instead of keyboard input while input critical data on the web.This protects input data from being leaked at the entry level thus enhances safer transaction.
Security Device, e.g. security card, OTP token, authenticate users on the occasion of critical information changes or transactions.
What is a security device? The security device is used to secure the fund transfer or domestic transfer transactions etc. Security card or OTP (One Time Password) is available.
The system logs off your connection if you remain inactive for a period of time.
Multi-level Approval System (for corporate users)
When it comes to corporate users, transactions can be finalized by the decision-makers` approval through a multi-level approval system.
Security Solution Guide
SSL certificates help protect web users in two ways. First, SSL encrypts sensitive information such as usernames, passwords, or other critical transaction data. Second, SSL certificates verify the identity of websites. While this second point may happen to varying degrees depending on the certificate a website admin purchases or the certificate provider he or she uses, all SSL certificates at least confirm that the website you are on (for example, https://www.shinhanglobal.com) is in fact https://www.shinhanglobal.com, as opposed to a fake website posing as https://www.shinsanglobal.com. For example, when the user connects to the www.shinhanglobal.com website, it will be automatically analyized if it is a fraudulent website.
What`s the worst that could happen?
As with any aspect of computer security, as long as there is a strong incentive (financial, political, etc.) to attempt to hack the system, there will be malicious players in the game who will try to find exploits or loopholes in a secure system. Many of the potential attacks against an SSL certificate are either untenable because hacking technology has not caught up to security technology (for example, a brute force attempt to "crack" an SSL certificate would take years), or are relatively easy to protect against. Modern web browsers are configured to detect common certificate issues and warn users before they are even allowed to proceed to a website that has potential issues.
What is a virtual keyboard?
The virtual keyboard prevents hacking attempts by using mouse input instead of keyboard input while inputting critical web data. This protects input data from being leaked at the entry-level, thus enhancing safer transactions.
The Features of Virtual Keyboard
- Virtual Keyboard prevents your password from being stolen, especially while using public computers such as those available in Internet browsing centers.
- Virtual Keyboard is an additional precautionary measure designed to protect you against malicious key logger programs which might have infected your computer.
- A key logger program can capture the keystrokes you enter in the regular physical keyboard when you login. Such type of programs may be accessing your PC without your knowledge or permission.
How to use Virtual Keyboard?
- Click the keyboard icon next to the password box to pop it up.
- Capital and small letters appear on the same key. You can use [CAPSLOCK] or [SHIFT] to change the upper case to lower case and vice versa.
- In order to use the Special Character, please click on the symbol [#+=]. If you want to change back to Normal Character, please click on the symbol [ENG].
- Click on [ENTER] to finish. Click on the symbol [X] to clear the last character or [CLEAR] to clear all.
- Click on the input field then a keyboard will pop up on the screen.
- Using the mouse click on the respective number to enter your information.
- Click [ENTER] to finish. Use [BACKSPACE] to clear the last number entered.
The term, Phishing is a word combination of Private Data and Fishing. This is a new financial fraud in cyberspace that directs users to a fraud website by sending out emails with website links or posting such information on web boards to steal personal information.
What is Pharming?
Upon the creation of a fraudulent website, it will either hack into customer`s computer or induce customers to access to the website.
- Local Hacking: Hacks into a PC and directs users to a phishing website by modifying host files.
- Domain Hijacking: Directs users to a phishing website by stealing domain.
- DNS Server Hacking: Hacks into DNS server and creates fake DNS name to direct users to the site.
How to prevent Phishing and Pharming
- Do not try to access financial institute's website links in emails or web boards.
The fake website directed through the links in emails or web boards looks almost identical as to the real website so it is difficult to recognize if it is the real website.The source of phishing mails are delivered under the name of `XX bank` or `XX bank administrator` and offer linkage to other fraudulent websites.Commonly, email or post tempting false messages on a web board to bring up instant responses of victims and induce them to enter their information.
- Please access your financial institution`s website via the `Favorites` link or through the search engine.
Do not enter personal information in a financial institution website accessed through suspicious website or postings.
- Please double check (confirm) emails without specifying sender`s name, contact information and purpose of collecting personal information.
Emails without specifying sender`s name, contact information and purpose of collecting personal information are sent out to random people.
- Prior to access, please check to see if the financial institute`s website is valid
The domain names of legal financial institutes are composed of the company name (initial or special words) and ends with .com or co.kr.( Eg. Xx Bank: www.xxxx. Com, xx bank: www.xxx.co.kr) Valid websites usually appear only after the installation of encrypted programs along with a virus check.
- If your personal and financial information is requested through email, please report to the relevant financial institution or government authority or police.
Please report to the relevant financial institution or government authority or police, if your SSN, account number, password or credit card information are requested in an email sent by a financial institute or a website.
- Please install security software such as anti-virus software and periodically update them.
Most hacking softwares can be found and removed by an anti-virus software. Please download the latest version of the (anti-virus) software.