E-Services of Bank J. Safra Sarasin are simple, convenient and safe to use. In addition to technical measures provided in E-Services, the way you behave and the system you use is crucial as well.
To ensure the maximum level of security possible, you can contribute by observing the following simple rules.
Work securely with E-Services
- You are advised to use a reliable computer with the latest automatic security updates (Please, do not use public computers)
- Please ensure that you have the latest version of anti-virus software, with automatic updates
- Please ensure that you use an active firewall for protection
- Never open emails from addresses you are not familiar with and do not attempt to open any attached documents or embedded programs and links.
- Please ensure that you keep your password protected at all times. Never tell anyone your password or One Time Password (OTP) you obtain via ActivCard or mobile phone. Bank J. Safra Sarasin employees will never ask you for your password. If someone calls you and states they are an employee, please notify your Client Relationship Manager immediately.
- Please pay attention for any irregular activities or processes in your computer while using our E-Services.
- Please pay attention to any abnormal activities when logging into the E-Services, such as unusual pop-up screens, unusually slow browser response, multiple requests for password input.
If you have any doubts, you may call your Client Relationship Manager
How can I be sure that E-Services are secure?
How can I be sure that E-Services are secure?
Our security system safeguards the confidentiality of your personal account information and bank information by employing:
- 256-bit Secure Sockets Layer (SSL) encryption – currently recognized internationally as the highest standard in encryption technology commercially available.
- Multi-factor authentication technology that uses a Username and Password, as well as a One-Time Password obtained via either an ActivCard or your mobile phone.
- When our system detects that your session has been inactive for some time, you will automatically be logged out. This will prevent any unauthorized users from accessing your account.
How can I be certain that the web page I am on is secure?
Upon accessing the BJSS E-Services login page and during login, you may check that the website address at the top status bar of your browser shows as “https://” and that a security icon (symbolised by a lock) appears at the bottom status bar of your browser. This indicates that the web page you are on is equipped with encryption technology. All data transmitted via the Internet Services are protected by this encryption technology to ensure data security. To ensure the web site’s authenticity, you can double click on the security icon to view information pertaining to the security certificate for the web page. You can compare the URL address and the name shown in this security certificate, or by observing indicators provided by the certificate, such as whether the certificate is issued to *.jsafrasarasin and whether the validity period is correct (ie. not expired).
Bank J. Safra Sarasin Ltd maintains strict security standards and procedures to prevent unauthorised access to your information. The Bank will never contact you by email or otherwise that requests you to validate personal information such as user ID, account number, password or other confidential information. If you receive such a request, you should contact your Client Relationship Manager immediately. You are also advised to communicate with the Bank through our official website domain address (www.jsafrasarasin.hk or www.jsafrasarasin.sg). Please refrain from conducting such communication through hyperlinks embedded in e-mails.
Securely close your E-Services session
Close down your E-Services session in a secure manner by using the relevant function/button "Log off".
Empty your browser cache
Every time you log off from an E-Services session, you should delete your browser cache.
- Google Chrome
- Microsoft Internet Explorer
- Mozilla Firefox
- Apple Safari
You can find more useful security tips here
While BJSS has taken concrete steps to keep your account information secure, as a user, you play an important role in maintaining the security of your E-Services access. Please review the following tips to protect your information whenever you use E-Services.
1. Keep your system up to date
Every operating system contains weaknesses that could affect the security of your system. Software producers therefore offer regular updates or “patches” to address such potential security loopholes.
- To ensure that your computer and mobile devices are fully protected, please always use the latest version of your operating system.
- Never install programs from unknown sources: they could contain viruses.
- Set your operating system to perform automatic updates daily.
Links to security updates:
- Mac OS
2. Anti-virus software
Anti-virus software protects the data on your system from viruses, Trojan horses and worms that can infect your computer via the Internet, e-mail, CD-ROM, DVD, USB flash drive, diskette or other interface.
- Install the latest release of anti-virus and anti-spyware software onto your computer and mobile devices.
- Update anti-virus and anti-spyware software with the latest signature on a regular basis. Set your antivirus to perform a live update.
- Even the best anti-virus programs do not offer full protection unless they are regularly updated (Live Update). Please do not open unfamiliar or suspicious files.
A firewall monitors all the incoming and outgoing data traffic between your system and the Internet. These programs prevent your system from communicating with the Internet without your knowledge, e.g. by allowing a virus to reveal a password or another computer to hack into yours.
- Use a personal firewall to stop unauthorized traffic to and from your computer and mobile device.
- The best firewall does not offer protection unless it is active.
Links to various firewall providers:
- Norton Personal Firewall
- McAfee Firewall
- Zone Alarm
Our E-Services offer a high level of security. For this reason, our login procedure is comprised of three levels of protection: User ID, personal password and a one-time password (OTP) obtained via the ActivCard or SMS from our system to your mobile phone (depending on your choice of authentication procedure).
- To login to the E-Services of Bank J. Safra Sarasin Ltd, please always use Internet address: www.jsafrasarasin.hk, www.jsafrasarasin.sg or www.jsafrasarasin.ch and then click on Login E-Services. You are requested to always type in the website address manually. Never log into Internet Services through hyperlinks embedded in any emails.
- Keep your login information (user ID, personal password, ActivCard and mobile devices for receiving OTP) in a safe place, and never leave them lying around unguarded. Remember that your password remains secret and you must not reveal it to anyone.
- Never allow anyone to use or tamper with the ActivCard.
- When you login for the first time, you will be requested to change your password. Please ensure that you change your password regularly thereafter. Please follow the recommendation part 6 regarding password usage.
- Never let anyone look over your shoulder when logging in, especially when you use your mobile device in public places.
- Never disclose your personal security details or login information (User ID, personal password, ActivCard PIN and One-Time Password obtained via ActivCard or mobile) to anyone else.
- Bank J. Safra Sarasin Ltd will never contact you directly and request for your personal login information or account data. If you are contacted, please notify your Client Relationship Manager immediately.
- Never divulge the serial number of your security token to anyone.
5. Check the website certificate
Simply having encryption on an Internet link does not necessarily mean that you are communicating with the right server. You can check that you are on the right server by double clicking the padlock icon and ensure that the certificate reveals: *.jsafrasarasin.com.
- Check that you are using the official E-Services web site of Bank J. Safra Sarasin Ltd and confirm that the certificate is issued by the Bank.
- If you receive a website certificate warning message, you should check the certificate details. You should terminate a login session immediately if you suspect that the certificate does not belong to our Bank. You are requested to notify us immediately if you come across such warning messages.
How can I check that the digital certificate belongs to Bank J. Safra Sarasin?
In order to assure our customers that they are dealing with Bank J. Safra Sarasin Ltd, we provide a certificate at the beginning of the session starting at the login page. In the browser window, there will be a padlock icon telling you if the page has been encrypted. Don't type your password on a page that isn't encrypted. Simply click on the Encrypted Icon and you will see the security certificate of Bank J. Safra Sarasin.
For Microsoft Internet Explorer, you may check the validity of the certificate as follows:
- Right-click any text on a page (not on a graphics object) and select 'Properties'.
- Check that the certificate information is displayed with:
Issued to: *.jsafrasarasin.com
Issued by: Go Daddy Secure Certificate Authority – G2
Valid from: The valid period includes current date (i.e. not expired).
- Check that the certificate information is displayed with:
CN = *.jsafrasarasin.com
OU = Domain Control Validated
CN = Go Daddy Secure Certificate Authority - G2
OU = http://certs.godaddy.com/repository/
O = GoDaddy.com, Inc.
L = Scottsdale
S = Arizona
C = US
- Check if the certificate has a valid date (i.e. not expired).
A password is one of three items required for your login. It is a string of characters selected by you as the user and known only to you and the system.
- Your password must be at least 8 characters long, a mixture of numbers and letters and contain a mix of upper/lower case letters or special symbols.
- Select passwords that cannot be easily guessed by anyone.
- Do not use personal details, such as user ID, names, dates of birth, telephone numbers, Identity Card number, other personal information or any words found in a dictionary.
- Use a different password or PIN for every different web-based service such as email, online shopping or subscription services, particularly when they relate to different entities.
- Change your password on a regular basis (every 3 months) or immediately if you suspect that it has been compromised or impaired.
- Memorise your password. Never write down your password, store it on your system or smart phone, or reveal it to anyone (including someone claiming to be from the bank).
- Bank J. Safra Sarasin Ltd will never ask you for your personal password by telephone, e-mail or other means. If you are asked for your password by someone who states they are an employee of the bank, please do not give any information to this person and notify your Client Relationship Manager immediately.
- Never select browser option for storing and retaining your user name and password.
- Do not login into e-service platform on public workstations. Some malicious software could be installed on such workstations.
7. Malware – malicious links and e-mail attachments
Malware (a combination of malicious and software) refers to computer programs that perform (harmful) functions which the user does not want. These programs usually run covertly in the background and are only noticed by the user when the damage has already been done. Malware is divided into the following categories: Viruses, worms, Trojan horses, backdoors and spyware.
- Do not open any e-mails that you are not familiar with and sent by someone you don’t know.
- Do not click on any links in e-mails which are supposed to connect you to the login page of your E-Services.
- Do not open unexpected and suspicious email attachments from unknown source.
- Do not install any programs from doubtful origins. Do not install any cracked programs or software. They could be potentially malicious.
- Do not download or install any illegal or unauthorised software to prevent infection by a computer virus or Trojan Software. Remember to perform virus scanning before opening any files from insecure sources.
- Delete any junk or chain e-mails immediately and make sure you clear your email waste bin afterwards.
8. PC and browser accessing E-Services
- Do not access E-Services with public computers or any device that cannot be trusted, such as PCs available at Internet cafés.
- Do not login to E-Services on PCs that you suspect are compromised.
- Remove file and printer sharing when your PC is connected to the Internet.
- While you are logged in to our E-Services, never open another Internet page or e-mail at the same time.
- Always use the log off function to exit, even if you leave your session for a few minutes only.
9. Mobile devices
Mobile devices, like computers, are also vulnerable to malicious software and they require regular updates in order to keep them secure and have the latest features available. It is important to follow the same security precautions when you use your mobile.
- Always download apps from a legal and reputable sources such as Apple Store on IOS or Play Store on Android.
- Always install the official application. Check the name of the application and the name of the editor. Read all app permissions carefully and remember that the permissions asked by an app must comply with its functions. Noticing user ratings and reading their reviews also helps.
- Please remember that only one malicious application will comprise all the mobile device. Take precautions for all the app you install on your device.
- Enable a password or personal identification number (PIN) if available on your mobile device.
- Do not jailbreak or root your mobile device, because you will not receive any upgrades and security patches from your mobile provider. Remember that the all the jailbroken versions are unsafe.
- Do not save your userID and password in your mobile.
- Never leave your session unattended, even for a few minutes. Always use the “Log off” function to exit.
- Enable "remote wipe" features where available. In the event the device is lost/stolen, your personal data and privacy may be at risk; wiping would make the data unreadable.
- Do not use unknown Wi-Fi networks. It may be unsecured.
- Be aware of your surroundings when using your mobile device.
10. Terminating your E-Services session correctly
- Never leave your session unattended and log off your online session after use.
- To ensure that you have indeed logged out of your E-Services session on our server, always use the "Log off" function to exit.
11. Clear your browser cache
After you log out from our E-Services, always clear the browser cache of your Internet software.
- Google Chrome
- Microsoft Internet Explorer
- Mozilla Firefox
- Apple Safari
12. Encryption of E-Services
How can I check if 256-bit encryption is being used?
For Microsoft Internet Explorer, right-click any text on a page (not on a graphics object) and select 'Properties'. 'Connection' with ‘SSL 3.0, AES with 256 bit encryption (High); RSA with 2048 bit exchange’ or ‘TLS 1.2, AES with 256 bit encryption (High); RSA with 2048 bit exchange’ is shown.
- Regularly check relevant accounts statements/advices.
- Regularly backup critical data and encrypt the confidential data with a minimum 128-bit encryption.
- Bank J. Safra Sarasin will not display your personal information in emails or ask you to confirm any personal data by replying to emails or clicking on URL link in emails. Contact your Client Relationship Manager in case of any doubts.
- Do not disclose personal or financial information to little-known or suspicious websites.
- Notify the Bank immediately if you have lost your ActivCard token or the mobile phone which you use to receive SMS from E-Services.
- Provide the Bank with a valid mobile phone and contact numbers for notification purposes and the receipt of OTP (if you have chosen to receive your OTP by mobile phone). Notify the Bank immediately if any of these numbers are changed.
- What should I do if I suspect the confidentiality of the password has been compromised?
- If you can still login with your E-Services account, disable your account by selecting “Security Setting” click “Block” in the “Block Contract” section. Additionally, please call your Client Relationship Manager and email to our Bank’s Information Security Officer at:
- If you have any doubts, you may call your Client Relationship Manager for clarification.
The Monetary Authority of Singapore (“MAS”) has issued the E-Payments User Protection Guidelines to establish the roles and responsibilities of Banks and Customers when making e-payments. It also aims to adopt safe banking practices to protect your bank account from unauthorized transactions.
As an account holder, please be aware of your rights and obligations under the guidelines which will come into force on 30 June 2019.
Account holders and account users responsibilities when making e-payments
- Provide accurate contact information (mobile phone number or email address) to the Bank in order to receive transaction notifications;
- Enable and monitor transaction notifications;
- Report unauthorized or erroneous transaction to the Bank as soon as possible;
- Protect your login credentials (Login ID, password, or OTP). You may refer to the Bank’s Security Tips available here.
Alerts notifications when making transactions
You will be responsible to enable and monitor the transaction notifications.
When making outgoing transactions, the Bank will notify you by means of SMS or email address that you have registered with the Bank. Accordingly, please ensure that you provided valid contact information. If you wish to change your contact details, please approach your Client Relationship Manager.
The transactions notifications will be sent on a real-time basis for each transaction. Note that no threshold has been defined by default.
Reporting unauthorized or erroneous transactions
You will be responsible for reporting unauthorized or erroneous transaction to the Bank as soon as possible.
What should you do if you discover an unauthorized transaction?
- If you can still login with your E-Services account, disable your account by selecting “Security Setting” click “Block” in the “Block Contract” section. Additionally, please call immediately your Client Relationship Manager or email to our Bank’s Information Security Officer at:
- After reporting through our Bank reporting channel, you will receive a written acknowledgement of your report through email.
- Provide information on unauthorized transactions to support the Bank investigations (such as the account affected, payee name, account number, transaction date and time, amount, etc…);
- Make a police report if advised by the Bank.
The Bank will complete an investigation of any relevant claim within 21 business days for straightforward cases or 45 business days for complex cases. Complex cases may include cases where any party to the unauthorised transaction is residing overseas or where the Bank has not received sufficient information from the account holder to complete the investigation.
Should you disagree with our assessment of liability, you may proceed with other forms of dispute resolution including mediation at FIDReC.
Account holder liability
The account holder will be liable for any loss arising from an unauthorized transaction where the primary cause of the actual loss is the account user’s recklessness (this includes the situation where any account user deliberately does not comply with the user protection duties, or the responsibilities set out above).
The account holder is not liable for any loss arising from an unauthorised transaction if the loss arises from any action or omission by the Bank or from any failure of the account user to comply with the responsibilities set out above (action or omission by the Bank shall include fraud or negligence, non-compliance by the Bank with requirement imposed by the Authority in respect of its provision of any financial service, or non-compliance with any duty set out above).
Please note that the information stated above are not intended to be exhaustive, therefore, we strongly advise you to consult the following links for more information: