Update your browser

Update your browser

You are using an old version of your browser. We recommend you update it or change browser for a better web experience.

Group website

Home

Security

1. System security
At Banco Sabadell Miami we have incorporated the most advanceD security technology together with supplementary measures.

2. Security measures 
Below you will find advice to hep you keep confidentiality and security when browsing the Internet and Distance Banking Services of Banco Sabadell Miami

3. Preventions

4. Protections
The protection described below is supplementary and no single one replaces the others

5. Good practices
To prevent any possible problems arising from the vulnerabilities that are occasionally discovered in the software used, it is a good idea to visit the security pages of the manufacturers of the programmes that you use, in particular the navigator and the operating system itself.

 

1. System Security 

128 BIT SSL ENCRYPTION PROTOCOL. SECURE SERVER

This technology allows data entered on the screen and traveling through the network to be encrypted using an algorithm, with key variables at each connection. These codes are an essential element of which constitutes the security of a “secure server”. In Europe, these keys have a maximum length of 40 bits, however banks can use keys of 128-bit length. To “decipher” these codes, one would need several powerful computers working together a number of days.

BancoSabadell in Miami is hosted on a secure server and has 128-bit keys incorporated. To access it, it is necessary that users use the latest versions of browsers, as the previous ones only accept keys up to 40 bits, and the older versions do not even accept that.


 

ACCESS CODE CONTROLS

1. The access code you enter on BancoSabadell Miami has overcome a series of controls: the maximum number of mistakes a day or the accumulated of several days, automatically cancels the access code. In this case, in order to reactivate it, you must request in writing or in person at your agency BancoSabadell Miami.
2. The operations that require greater security (transfers, stock market orders, etc.) ask for a second code. This second code corresponds to one of those on the BS Online code card. This code card is exclusive and personal to each client. Each operation calls for a different random code. The code card safety is extremely important and it should always be kept in your possession, and in case of loss of misplacement, notify BS Online 902 323 777 immediately.
3. Upon connection to BS Online, the date and time of the last connection will be shown. Make sure it really was your last connection. This allows you to verify that only you know the security code and therefore the only person accessing the Service.
 
LIMITING THE NUMBER OF OPERATIONS

Some of the operations have a limited value per transaction (and accumulated in a period).

Moreover, in some of them, after a certain amount, the office has immediate knowledge of its performance, so it observes anything abnormal and will verify if it deems necessary.

CONCLUSION

The three elements above: message encryption, access control codes and amount limits set a security level that allows you to operate the BS Online system with confidence.

RECOMMENDATIONS

So far we have described the steps we take in our service, but there are also steps you should take in your PC, not so much to secure communication with the bank, but to protect your own computer and the information it contains. Your PC is the only element for which liability does not apply to the Bank, but only yourself.
1. VIRUSES OR MALICIOUS PROGRAMS. The possibility your PC might be infected by a computer virus or malware through disks, floppy disks or simply by browsing the Internet is well known. You should incorporate a virus scanner in your PC that runs every time you start your computer. You should also keep the version of the antivirus program updated.
2. You should be wise when visiting unknown websites, especially if you are invited to download files and programs. A virus is simply a program that creates problems in the stored information or even the PC itself.
3. Avoid storing programs on your PC that you do not know its origin.
4. You should frequently backup your filer from your PC.

Go up

 

2. Security measures

Here are a few tips that will help preserve the confidentiality and security when browsing the Internet and Remote Banking Services of Banco Sabadell:

1. Be wary of those emails from unknown sites or containing inconsistent information.
2. Never give out your username and password or other personal details when required by text message, fax, email or by a link contained therein which does not lead to a secure address (https:). 
3. Remember that your personal access code is not transferable. Periodically replacement is recommended to prevent access by third parties. Also, memorize it and avoid writing it. 
4. Keep your key card or Digital ID Card safe, not allowing third party access. These cards are the key that allows the execution of operations.
5. Avoid that third parties view or access your key card and make sure no copies are made. If you use a Digital ID Card, remember to take it out from the reader when you have stopped using it, also periodically change the PIN on your card, memorize it and avoid writing it. 
6. Use an antivirus and antispyware system, and frequently updating it, preferably using an automatically way. 
7. Update your browser and operating system with security enhancements provided by manufacturers and always follow their instructions. 
8. If you have a permanent connection (ADSL, cable or similar) it is advisable to install a personal firewall. 
9. Take additional precautions when using public or shared computers.
10. If you detect or suspect a security problem, immediately contact the Bank.
11. Security Policy. 
12. Law and Jurisdiction. 

1. Be wary of those emails from unknown sites or containing inconsistent information.

The emails coming from unknown addresses are highly likely to contain viruses or malicious programs, especially when the subject we see before opening it contains inconsistent information: it is written in an unusual language or is not related to the topics commonly addressed by the sender.

Keep in mind that even if the message sender is known, when the subject we see is not consistent with the sender, the message could have been sent by a computer virus or malicious program, either from the computer sender itself or from another infected computer that contains your email address.

More Information.

2. Never give out your username and password or other personal details when required by text message, fax, email or by a link contained therein which does not lead to a secure address (https:).

Banco Sabadell will not ask you, via text message, fax, mail or, confidential or personal forms information such as passwords, account numbers, card numbers, etc.

Banco Sabadell will only direct you to their websites through secure pages (https:), which show a closed padlock in your browser. By double clicking on that item, you can display a digital certificate issued by a trusted company (Verisign) and verify that the identity of the certificate belongs to Banco Sabadell (Organization = BANCO SABADELL).

Verify that, upon login in on the electronic banking service, it correctly shows your first and last name, and the time of your last connection

More Information.

3. Remember that your personal access code is not transferable. Periodically replacement is recommended to prevent access by third parties. Also, memorize it and avoid writing it.

As an additional measure, you must not choose a number that is personally related to you, and any other code that may be easily predicted by a third party (date of birth, telephone number, consecutive series, repetitions of the same number, etc.). You should also refrain from writing the codes or passwords and keep it separately from the card.

4. Keep your key card or Digital ID Card safe, not allowing third party access. These cards are the key that allows the execution of operations.

5. Avoid that third parties view or access your key card and make sure no copies are made. If you use a Digital ID Card, remember to take it out from the reader when you have stopped using it, also periodically change the PIN on your card, memorize it and avoid writing it.
Check if the date and time of the last access informed upon entering the Banking Services actually coincides with the last time you used the service.
Remember that if you are signed up for any account aggregator service of another entity, the service may periodically access the Remote Banking Services instructed by you, showing the date and time of that last access.
If you suspect that the date and time of your last access does not match an access made by you or an aggregated service of another entity, notify the Bank of this situation immediately.

6. Use an antivirus and antispyware system, and frequently updating it, preferably using an automatically way.
The proliferation of computer viruses is increasingly common. Make sure you have a good antivirus system and, most importantly, keep its virus detection tables constantly updated. Having an antivirus system may serve little purpose if it does not have the latest detection tables for the latest viruses.
Additionally, do not install software from unknown sources or browse sites that inspire little confidence.

It is also good to have protection against “Spyware”. You can use an antivirus program that also protects you against “Spyware” or use a specific program for it.

More Information.

7. Update your browser and operating system with security enhancements provided by manufacturers and always follow their instructions.

From time to time, new and better versions of browsers and operating systems that provide greater safety to navigation and the use of Internet appear.

Read the manufacturers´ recommendations of such products and update your browser and operating system according to the instructions.

More Information.

8. If you have a permanent connection (ADSL, cable or similar) it is advisable to install a personal firewall.

While your computer is connected to the Internet, it can communicate with other users on the network. To prevent possible access of the information stored on your computer, it is recommended to install a personal firewall, especially if you use a permanent connection (ADSL, cable or similar).

More Information.

9. Take additional precautions when using public or shared computers.

Use public computers only for queries that do not have a private matter. Remember that you can be observed by others or even electronic surveillance.

10. If you detect or suspect a security problem, immediately contact the Bank.
You may contact the bank through various channels. If you use the electronic form, as the reason for its submission, select the “SECURITY” option.

11. Security Policy

Banco Sabadell Enterprises has incorporated the most advanced security technology, as well as a number of additional measures to ensure the confidentiality of transactions. For this purpose the user must meet the following conditions:

In general: the User must have the devices and elements that, at all times, will be determined as “system requirements” on pages of the Website and, for security reasons, you must have the latest browser versions. The User is expressly warned that he/she must not leave the computer unattended while operating through the Website.

Banco de Sabadell, S.A. reserves the right to adopt all rules and safety measures that it considers appropriate to ensure proper use and confidentiality of the service. The User authorizes Banco de Sabadell, S.A. not to execute the requests or orders received when the identification is incorrect or has reasonable doubt about the identity of the person issuing them.

The User irrevocably authorizes Banco de Sabadell, S.A. to record and archive communications and transactions that occur through the Website.

The possibility that a PC can be infected by a computer virus via floppy discs or simply by browsing the Internet is well known. The User must incorporate into his/her PC a virus scanner that runs every time he/she boots the computer, which must be kept constantly updated and must also make frequent backups of the files on the User´s computer. Banco de Sabadell, S.A. does not guarantee or control the absence of viruses or other elements in the services provided by third parties through the Website (files, emails, electronic documents, etc.), nor can it guarantee or be held liable for any alterations or defects that may occur in the User's computer system due to virus or any harmful element that has been affected or transmitted by third parties through the Website. Users should be cautious when visiting unknown websites, especially if invited to download files and programs. A virus is simply a program that creates problems in the stored information or even the PC itself. The User shall not store on his/her PC programs that he/she does not know its origin.

BS Online: Users who are also customers of BS Online service must take the necessary measures to duly safeguard the personal identification elements of the service and to immediately use suspend or blocking services provided for that purpose. They are recommended not to type or use these identification elements in computers that are in public places or locations that may facilitate the interception of communications or code access by third parties. Nor should they write down the password or access code in any of the documents or objects that the User keeps with him/herself or carries with the digital ID cards, being explicitly noticed that, in case of elected or voluntary modification of codes, it is not convenient to choose a number associated with personal data, that can be easily predicted or guessed (date of birth, telephone number or similar).

12. Applicable Law and Jurisdiction

These general conditions are governed by Spanish law. In accordance with the law, the parties expressly renounce any other local or regional law that may correspond to them, agreeing to submit to the jurisdiction of the Courts and Tribunals of Banco de Sabadell, S.A..

Go up

 

3. Preventions


Computer viruses and malware 

Viruses and malware are small programs that are installed onto your computer, without the knowledge of the user, and that have malicious purposes, for example, destroy or steal information or cause malfunctions in the equipment or network to which it is connected.

A virus, as well as acting on the affected machine, spreads to other computers you may have related to this computer or connection, using a variety of forms that have evolved over time. Years ago, the virus spread mainly through floppy disks. With the emergence of networks, Internet and emails, viruses found an ideal way of spreading, while data carriers continue to be the way used.

New viruses appear daily on the Internet but not all have the same chance.
To avoid being infected (affected), you should take some precautions:

• Only browse well-known website by those who have references and inspire confidence, since some viruses and malware are hidden in untrustworthy websites.
• Do not use files or programs for which the origin is unknown.
• Do not open emails from unknown sources.
• Be wary of emails that come from people you know and have a nonsense or unexpected title. Before opening these messages, contact the supposed sender and make sure he/she has actually sent the message, as it could have been sent by a virus.
• Have a well-known antivirus program and constantly keep the virus detection tables updated. It's not enough to have the latest version of the antivirus program. For this to be effective against the latest virus, keep the tables updated.
• Do not directly open attached files in email messages. It is safer to save them first to your computer and then open the attachment from outside the mail program.
Expert users should protect confidential information using encryption programs.

Access codes or other confidential information theft attempt (“phishing”)

One of the frauds on the Internet is the creation of fake pages and/or websites and source emails.

Combined, these two techniques are used to fraudulently capture codes and access third party´s applications or other confidential information such as account and card numbers (including expiry date) in order to access your information or operate on your behalf./p>

The way of stealing access codes using this technique is to create an address and websites whose name is almost identical to the company or website you access. The name differs in only a few characters, often in only one. In the fraudulent address, identical or very similar pages to the real ones have been created.

Victims of fraud receive emails allegedly sent by the real company (in this case, the email address that issues is completely imitated) in which they are invited, arguing some cause for concern, to address to the fraudulent website, in which they ask for your ID, password or other login details. If the information is entered on the fraudulent pages, it will be stolen and with it, they can access the actual site and perform functions and operations with the stolen information.

Some variants of the prior technique are to request the same information via text message, fax or phone.

How can this be prevented?

Follow the instructions above and the Banco Sabadell´s security notices and information. Contact the bank shall you have any doubts. You may contact the bank through various channels. If you use the electronic form, as the reason for its submission, select the “Security” option. 

Go up
 

 

4. Protections 

The protections described below are supplementary and does not replaces any other.

Digital certificate

A digital certificate is a guarantee of the identity of a particular server and associated pages that provide a service in the electronic world (mainly Internet).

The digital certificate is issued by a trusty company (Certification Service Provider) such as Verisign or the National Coinage and Stamp Factory – Royal Mint, and after thoroughly verifying the applicant's identity, assigns the certificate by creating it.

The digital certificate contains the data for the address to be certified (eg. www.bancosabadellmiami.com), the identity of who operates in this address, the certificate´s expiry date and other technical information. In turn, the digital certificate is digitally signed by the Certification Service Provider.

The confidence of a digital certificate is given, therefore, not only by the information contained herein, but by the trust we have in the Certification Services Provider that issued and signed it. The Certification Service Providers publicly show the processes used for certification: the so called Certification Practices and Policies. Thus, we can evaluate the confidence that a given Certification Services Provider is given.

How to validate the pages of a web service?

A digital certificate may appear in different situations. The most common is to verify that the pages of a given Internet service belong to such a person/company and not an impostor who has copied it. So, we ensure that personal and confidential information we send will be received by the appropriate identity.

It is advisable to never provide confidential information from enabled pages from a content link in an email. We recommend that you only access our web pages provided by the Internet addresses provided by the Bank.

Steps to verify the pages of an Internet service(secure pages):

1. Check that the address (url) of the pages begins with the prefix https and that your browser displays the icon with a closed padlock on the bottom right corner of your window (Internet Explorer, Netscape Navigator).
2. Click on the padlock (double click on Internet Explorer and single click on Netscape Navigator) to view the digital certificate and verify the identity of who is showing the pages and will be collecting your information:
a. In Internet Explorer:
Check the address (URL), the issuer of the certificate and its validity.




 

Then select the “Details” tab to check the identity of who presents the website that we see and enter our information.



In the upper window that appears, select the “Subject” field. At that time, we can see the information in the lower window. For companies such as Banco Sabadell, the O (Organization) field shall contain the information “BANCO Sabadell” and, as additional information, the L, S and C fields are Sabadell, Barcelona and ES, respectively.

b. In Netscape Navigator:




Click on the “View” button on the previous window.

This action will bring up a new window with information about the digital certificate:




Check the certificate issuer and validity of the same address (URL) of the sites you are entering.
For companies such as Banco Sabadell, the O (Organization) field shall contain the information “BANCO Sabadell”. 
c.      In other browsers:
The way of displaying the certificate is similar in other browsers. Check that the O (Organization) field has the name of the expected identity (in the case of Banco Sabadell, O = BANCo Sabadell).

Data Encryption
Additionally, by using secure pages (pages protected by a digital certificate), all information transmitted between your browser and the server that hosts these pages are encrypted. Therefore, such information remains immune by third parties´ interception.
For maximum protection of encrypted communications with secure pages (necessary for the use of financial services and any other confidential information), you must use a browser that provides strong encryption (128- bit).
Certification Policy and Practice
Through the certification policies and practices, the Certification Service Providers openly show to the public the mechanisms and steps (identity checks) used to issue digital certificates to those who request them. Thus, the one checking a certificate may rely to a greater or lesser extent in the certificates issued by that provider.
In reality, given that the policies and practices are large documents, trusts is given to one or other provider of certification services according to the degree of prior knowledge we have of them, where Verisign is the most well known worldwide for the certification of pages of Websites and servers.
Certification Policy (CP)
The policies indicate who performs the certification service providers and the types of services and certificates they issue.
Certification Practice (CPS).
Certification practices detail how the policies are guaranteed, ie, what specific procedures and mechanisms are used to issue digital certificates.

Personal Firewall
A personal firewall is a program that blocks unauthorized access from the Internet to our computer and also uncontrolled access (caused by a new virus or malware) from our computer to Internet access.
Nowadays, we can find firewall in separate programs or integrated into other security programs (like antivirus) or on the operating systems (like Windows XP) programs itself.
It is called personal firewall in order to distinguish it from the perimeter firewall which usually performs this function to protect an entire group of computers on the network from connecting to an unknown network (usually the Internet or another network by third parties).
By using a personal firewall, we can control the connections made to the Internet or other networks and from all the programs on your computer. When the firewall is installed, all connections are prohibited and must explicitly authorize those that are regular according to the use of our computer. When the firewall notifies us that you are trying to start a connection that has not been expressly authorized, we will tell you if we approve it or not, depending on whether the connection is related to the use that we are doing of the computer at the time or, otherwise, the connection occurs due to an external source (attempt to access Internet, viruses or similar). The personal firewall is designed for users already using the Internet program.
It is also advisable to periodically update our firewall version, as recommended by the respective manufacturer.
Go up
 
 

5. Good Practices


Security updates of browser and operating system

To prevent potential safety issues arising from the vulnerabilities that are occasionally discovered in the software used, it is convenient to visit the safety pages of the program´s manufacturers, especially the browser and the operating system itself.

Browser

The browser, as the main tool to access Internet, is the main program that must be kept updated with the latest security recommendations.

Use strong encryption (128-bit) for communication with secure pages (https).

Periodically visit the web pages of the browser´s manufacturer and make updates according to the security recommendations that appear.


Operating System

Some operating systems, like Windows, with its Windows Update functionality, have utilities to check for operating system updates, including security updates.

Make use of these utilities or periodically visit the manufacturer´s web pages of your operating system and make updates according to the security recommendations that appear.

 
Using strong encryption (128-bit encryption) in communication with secure pages

Strong encryption (implemented using 128 bits cryptographic keys) is achieved by the combined use of specific software on the servers that show the secure pages and the use of enabled browsers for this encryption.

Due to its strength, its use is only authorized to server’s pages belonging to financial institutions and other companies with similar security requirements. However, it is free to use in any browser.

Therefore, financial institutions with remote banking are usually able to use strong encryption. The use of strong encryption in communications with these services depends on the browser´s strong encryption ability.

Make sure you use a version of your preferred browser with strong encryption (128 bits) capabilities. If this is not the case, update your browser to a version that allows strong encryption.

How do I know if a server enables strong encryption (128-bit)?

Normally, a server that uses strong encryption will announce it on its pages, usually on a specific security section. If not, you must have a browser with strong encryption to identify the type of encryption that a given server uses.

How do I know if I am using strong encryption (128 bits) communications?

To find out if we are exchanging information using strong encryption, we first must observe that the padlock in the lower right corner of your browser window is closed. Once this is done:

• For Internet Explorer, place the mouse pointer over the padlock and leave it there for a moment until the length of the encryption key appears which must be 128.
• For Netscape Navigator , click once on the closed padlock. It will open a window that will indicate the type of encryption, which should be 128 bits (high grade encryption).

If you have an enabled browser for using strong encryption, you may also communicate securely with servers that do not have this feature. In that case, it will be used automatically for communication with the highest encryption that the server supports and as encryption key length of a value less than 128 (usually 40 or 56 bits).

How do I upgrade my browser to use strong encryption (128-bit)?

Go to the manufacturer´s download and update pages of your favorite browser and search for versions or updates of 128 bits for your browser. Remember that you can only communicate through strong encryption with servers that have this feature.

Useful links on 128-bit encryption

Backups

In order to recover the information available on the computer prior to the existence of a problem on it, you should make backups and keep them updated.

An important aspect to retrieve the recovery backups is the place they are stored. The backup must be kept in a separate location from the computer that contains the original data, so that, in case of an incident with the computer, no backup is lost. This is especially important for laptops, a situation in which it is not recommended to keep copies in the same case or suitcase as the laptop.

Backups are done on mediums known as “removable”, which have the feature of being able to be removed from the computer containing the original data. These “removable” media can be floppy disks, CDs or DVDs, tape drives, ZIP drives, connectable devices such as USB (Universal Serial Bus) and external disks, persistent memory, etc.

 

Go up