Security and FAQ
In a world where services are increasingly becoming digitised there is a need to create mechanisms via which people can be recognised effectively and unequivocally. Hence the creation of a digital identity.
Digital identity. A set of elements that identify a person to whom an online service is provided. These could be elements chosen by the user or assigned by the service operator that constitute the access and authorisation codes for online features.
It is very important to protect your digital identity to prevent computer fraud.
Computer fraud. This is the use of someone’s personal data, usually stolen by digital identity theft, to perform illegal acts in their name.
Those who wish to engage in fraud may try to steal someone’s digital identity by several means. Two of the most cunning are phishing and malware.
Phishing. This is the sending of a communication via email, very similar in the graphics to those sent by the bank which states that you need to amend your banking situation or enter missing information. To do this, you have to click a link that leads to a copy of the web page where you are asked to enter your login credentials and/or other sensitive customer information.
Malware. Malware includes malware software (viruses/worms) installed on a device (PC or mobile) without the user’s knowledge. Such software is used by criminals with the intention of: altering the behaviour of the device (virus), disrupting operations carried out, stealing sensitive information (spyware), showing unwanted advertising (adware), causing sabotage to a computer system (trojan horses), or finally encrypting the data on the victim’s computer, then extorting money for decryption (ransomware).
OUR INTERNET BANKING
The Internet Banking website of CA Indosuez Wealth (Italy) S.p.A. has been built according to the latest security standards.
Logins occur in protected mode according to the protocol TLS 1.2. When browsing the website, you can check its trustworthiness by means of three signals in the address bar:
- The presence of a closed padlock that indicates the secure connection.
- The address prefix https://
- The green colour of the address bar indicates the presence of a trusted site certificate. In correspondence with the padlock symbol, the name of the competent authority is displayed (the Bank) by clicking on this it also displays all the information concerning the certificate and the institution that issued it.
Logging in and operations on the website take place using the following codes:
USER CODE: issued when activating the service.
PASSWORD: together with the user code, it enables you to access the website. You will need to change it if you are logging in for the first time, or responding to a request to recover access codes.
PIN: used to change your password.
OTP: numerical code that the customer receives by text and that allows you to use the system’s features (One-Time Password)
To guarantee security, remember to keep your codes safe and in different places and regularly change your login password, which in any case has a maximum validity of 90 days, after which you will be prompted to change your password when you first log in.
The session on the website will expire after a period of inactivity of 5 minutes. Remember to log out as soon as you have finished using the Bank’s website.
If you receive an email which seems to be from the bank but the sender of the email does not belong to the bank’s domain (@ca-indosuez.it) or the email contains links whose destination is not a certified authority (none of the conditions described above in the paragraph relating to secure connections met) and, in any case, does not belong to the bank’s domain it is very likely to be a phishing incident.
The bank will never ask for confidential information and/or access codes via email. If need be, you will be contacted directly by the bank by the reference Relationship Manager or other staff.
So delete any communications from unknown senders or those with suspicious content. If you think there may be a case of phishing, forward the email to the competent authorities and to the bank so that further measures can be taken.
Do not click on the link directly from the email, but type the Bank’s address in the browser (https://www.ca-indosuez.com).
Do not open attachments in suspicious emails or messages.
For clarification, always contact your Relationship Manager, go into your local branch office or write an email to the address email@example.com.
Regularly update the programs and the operating system installed on your device, in particular your browser and security software (antivirus and antispyware).
Do not leave your devices unlocked and unattended, do not store access codes in the browser and remember to change your password regularly.
WHAT TO DO IN THE EVENT OF LOSS OR THEFT OF YOUR LOGIN DETAILS OR PROVEN OR SUSPECTED ABUSE?
Contact your relationship manager, go into your local branch office or write an email to the address firstname.lastname@example.org. You will be contacted as soon as possible.
REQUEST INFORMATION AND ASSISTANCE
To get help for any question, request support and to report errors or incidents involving online payments and related services, please contact your Relationship Manager, your local branch or send an email to the address IB@ca-indosuez.it
Send an email to email@example.com (certified email address: firstname.lastname@example.org)
Internet Explorer 11 or Edge 12 or Safari 10+ or Mozilla Firefox 51+ or Chrome 56+ Adobe Acrobat Reader
WHAT IS INTERNET BANKING?
It is the service that allows you to log in to the bank 24 hours a day using your PC, phone or other electronic device and with which you can perform the main banking operations and check your balance.
WHY USE INTERNET BANKING?
Because it is safe, easy and free. The Bank is always available. In addition, via the “online documentation” feature, you can access any communications produced by the Bank free of charge (bank records, statements, accounting, etc.).
HOW DO I ACTIVATE INTERNET BANKING?
It’s easy; contact your Relationship Manager or visit your local branch and sign the related contract. You will receive instructions on how to access the restricted area of the website www.bancaleonardo.com and the “Banca Leonardo Mobile Banking” app for iOS.
HOW DO I ACCESS THE RESTRICTED AREA?
To access the restricted area of Internet Banking, go to the website www.ca-indosuez.it or download the free app “Banca Leonardo Mobile Banking” and enter the user code and password provided when you activated the service.
In order to increase the level of security of your personal data, in line with the new provisions dictated by the delegated regulation (EU) 2018/389, which integrates (EU) Directive 2015/2366 (on payment services, also known as PSD2), and European Regulation 2016/679 (in regard to data protection, also known as GDPR), the Bank has introduced the so-called “Strong Customer Authentication”. Therefore, when accessing the Internet Banking Service, you will be asked for an additional factor of authentication called an OTP.
WHAT IS STRONG CUSTOMER AUTHENTICATION?
Strong Customer Authentication is an authentication system, in line with the new provisions dictated by the delegated regulation (EU) 2018/389, which integrates (EU) Directive 2015/2366 (on payment services, also known as PSD2), and European Regulation 2016/679 (in regard to data protection, also known as GDPR), which guarantees:
- secure access to data (login stage)
- secure online payments
- by entering a temporary “disposable” password called an OTP (One-Time Password).
WHAT IS AN OTP?
An OTP (One-Time Password) is a password that is unique and cannot be replicated, consisting of a 6-digit numeric code, generated when logging in or confirming a payment transaction, and sent by text to the telephone number you provided.
CAN I USE THE SERVICE FROM ANY DEVICE?
You can access the service from any electronic device that is connected to the internet.
WHAT ARE THE CODES TO LOG IN TO THE SERVICE?
After you have signed the contract to activate the service, you will be provided with the codes to access the service:
- user code: an alphanumeric code issued by the Bank, that identifies the Customer;
- password: a sequence of characters to be used in combination with the user code to access the restricted area;
- PIN: a code to be used to change or recover your password;
- OTP: a disposable, unique password that cannot be replicated, generated by computer applications and made available to the customer on their mobile phone to ensure a higher level of security.
WHAT HAPPENS IF I MAKE A MISTAKE WHEN ENTERING MY PASSWORD?
For security reasons, the device is locked after 3 consecutive incorrect attempts. You can ask to unlock it by contacting the Relationship Manager or your local branch.
WHAT DO I DO IF I FORGET MY ACCESS CODES?
You must contact your local branch which will give you the new codes and restore access to the service (your PIN by text, your password by email).
WHO SHOULD I CONTACT FOR ASSISTANCE USING INTERNET BANKING?
Support for technical and operating issues concerning Internet Banking can be sought by contacting your Relationship Manager or local branch or by sending an email to the address email@example.com.
WHAT SHOULD I DO IF I CAN’T LOG IN?
You need to check your internet connection by browsing to other websites. If the web pages requested do not respond, wait for the connection to be restored. Also, check that the connection used for the browser is up-to-date and correctly configured. If you continue to have problems, contact your Relationship Manager or your local branch or send an email to the address firstname.lastname@example.org.
ARE THERE PRECAUTIONS THAT I SHOULD TAKE WHEN USING INTERNET BANKING?
Our Bank’s Internet Banking service offers you maximum security, due to the “One-Time Password” (OTP) code that you will receive by text on your mobile phone every time you need to perform a device operation. Always remember to keep the codes (user code, password and PIN) in a safe, secure place.
IS THE INFORMATION PROVIDED UPDATED IN REAL TIME?
The information provided by the Bank relates to the previous working day.
WHAT FUNCTIONALITY DOES THE SERVICE OFFER?
The Service provides a set of features, the content of which continues to grow over time:
- Request your overall balance and individual existing or future banking and investment reports in your name or in joint accounts from the Bank (“consultative function”);
- make payments (“arrangementfunction”);
- receive documentation (including, in addition to regular reporting, letters, account statements, notifications and any other regular statement or communication and/or change of terms and conditions relating to the reports, except those which, due to their nature, are incompatible with this transmission mode) produced by the Bank in these reports and other information made available by the Bank in electronic format (“online documentation function”).
WHICH PAYMENT SERVICES CAN I USE?
You can perform account transfers, bank transfers in euros within the SEPA area and “MAV” payments by advice. For the purposes of security, practical limits are defined for payment transactions. The daily and monthly details, are available in the transactions area.
WHAT TYPES OF BANK TRANSFER CAN I PERFORM AND WHAT INFORMATION DO I NEED?
You can perform the following types of bank transfers:
- Account transfers: transfer of money from the originator’s bank account to that of the beneficiary, when both are customers of the same bank;
- SEPA area transfers in euros: transfer money from the originator’s bank account to that of the beneficiary, when both are customers of banks located within the Single Euro Payments Area (SEPA).
At the moment, transfers for building renovations or energy saving and transfers to countries outside of SEPA are not available.
The information required to perform a bank transfer is as follows:
- payment date (you can select a future payment date);
- beneficiary’s IBAN.
WILL I GET A RECEIPT FOR ANY PAYMENTS ARRANGED?
Yes, for each payment transaction entered, and confirmed by entering the OTP code, a receipt certifying that the payment has been made is provided in the details of the transaction. In the event of cancellation, this receipt will be replaced with a cancellation document. Subsequently, after arranging the payment, the related accounting record will be published in the Reports section.
I HAVE ARRANGED A PAYMENT. CAN I CANCEL IT?
It depends on the type of transaction: some cannot be cancelled.
Bank transfers and account transfers can be cancelled by 4:29 p.m. on the day of debit/execution of the payment arrangement.
ARE FEES CHARGED TO PERFORM PAYMENT TRANSACTIONS?
No, payment transactions are completely free.
CAN I CHANGE THE MOBILE PHONE NUMBER TO RECEIVE THE OTP?
Yes, you can edit it in your Profile section by typing the new number and the OTP code received via text on the old mobile phone number and the activation code received on the new number.
CAN I INDICATE A FOREIGN PHONE NUMBER AS A MOBILE PHONE NUMBER?
Yes, mobile phone numbers linked to foreign SIMs are allowed.
IS IT A SECURE SERVICE?
Absolutely, yes. For more information, please read the page dedicated to security