Danske Bank’s District ensures a very high security level.
Our security systems protect you
Danske Bank’s security systems for District protect your communications with Danske Bank and ensure that
- we can identify you before we transmit confidential information about your company’s banking business.
- your company’s data is identified and transmitted in such a way that no unauthorised persons can get access to it through District.
- encryption will protect your data so that no unauthorised persons can read the data transmitted between your browser and Danske Bank.
- financially binding transactions are authenticated electronically so that data cannot be tampered with during transmission between your browser and Danske Bank.
Outside of our business systems, you should follow normal precautions in your use of the Internet. This includes installing the necessary updates to your browser from the manufacturer. Read more about security and your PC below.
eSafeID is the Danske Bank Group’s new security solution. It administers user IDs, security codes, and personal passwords. The security of the eSafeID solution is based on generally accepted encryption principles with public and private keys. It is a two-factor authentication solution, which means that it is based on something you know (your personal password) and something you have (your eSafeID device that generates security codes).
Logging on to DistrictLog on to District with your user ID, your personal password and a security code generated by your eSafeID device. These elements will identify you before we transmit any confidential information to you. If you want to log on to District with eSafeID, you need your eSafeID device.
Temporary encryption keys
The eSafeID solution is based on the exchange of temporary encryption keys when you log on to District. The key is stored temporarily in your PC’s memory and exists only as long as the session lasts. When the session ends, the key expires, and your next logon will generate a new key. The keys are used for encryption and signing of data to and from Danske Bank.
Technically, the electronic signature element of the eSafeID security solution is based on temporary keys. The electronic signature can be used only if you can access these keys. Therefore, it cannot be forged or broken. Note that only the electronic signature is transmitted over the Internet. When you log on to Business eBanking, eSafeID checks your personal password and uses it to protect the temporary key. When you want to sign electronically, for instance when making a transfer between accounts, enter your personal password to accept that eSafeID generates an electronic signature by means of the temporary encryption key. Your personal password is linked to your user ID.
The following rules apply to the use of eSafeID
Your user ID, password and eSafeID device are strictly personal and may therefore only be used by you alone in District. This means that you must not share these elements with any third parties. Note that the password must not be written down and stored together with the eSafeID device. If you suspect that somebody else knows your personal password, or if you have lost your eSafeID device, you must order a new temporary PIN and/or eSafeID device.
Security and your PC
Here are a number of things hackers can do once they have access to your PC:
- use your PC as a disguise from which to attack others
- use your PC's processing power to process hacker codes
- use parts of your hard drive to save compromising information
- disrupt or destroy your daily work on your PC
- obtain personal information about you to sell to others
- obtain access to your online banking accounts
Stop hackers: Three ways to prevent hackers from accessing your PC
Antivirus software protects your PC against viruses. The program scans the files and email messages you receive and warns you if they contain a virus. The program also tries to delete any viruses found.
Choose a recent program that scans files from both the Internet and email. Choose the program setting that automatically scans files all the time and not just when you start the PC.
These programs can protect only against viruses that were known before the latest update. You should therefore configure the program to update itself automatically or perform a manual update at least once a week.
Automatic subscriptions for easy maintenance
If you want reliable periodic updating of the antivirus program without extensive manual maintenance, you should purchase a program with an automatic subscription service. As an alternative, there are a number of good antivirus programs available for free.
We highly recommend that you use antivirus software to protect your PC, and on the internet you can find more info about antivirus software and suppliers.
A firewall protects your PC against hackers by closing the ports you do not use. Since many programs use Internet communications, PCs use program-assigned port numbers so that they can distinguish among the communications of the various programs.
PC ports open to the Internet
Most PCs are, by default, set up with all their ports open to the Internet. This setup allows hackers to attack your PC without your authorisation. All you have to do to allow this is enable your Internet connection.
These attacks mostly occur through small, fully automatic programs, called worms, that exploit undiscovered or unclosed security holes in your programs and spread themselves to PCs on the Internet without the hacker’s active participation. After a successful attack, a worm can for example inform the hacker that there is yet another PC ready for the hacker to exploit.
Firewalls reduce the risk of worms
Since a firewall closes the ports you do not need, it efficiently limits the number of programs in which a worm can exploit security holes. Most firewalls can also easily be closed to block all communications through the Internet. For the hacker, it’s as though the PC were turned off. Use this function even when you do not plan to go on the Internet, as this reduces the time available for an attack to a minimum.
Many good firewall programs are available for private use free of charge.
Updating a firewall
Firewall software also needs to be upgraded once in a while (although not as often as antivirus software). Once the update is downloaded, the program will typically have to be closed for a short time and reopened for the update to be implemented. During this time, your PC may be unprotected if it is still connected to the Internet. We recommend that you close your connection when upgrading your firewall. Most firewall upgrades will tell you when the critical period begins.
We highly recommend that you use firewall software to protect your PC and on the internet you can find more info about software and suppliers.
In very rare instances, new types of viruses are released that attack ports in your firewall that might not be protected. Therefore you need to manually update your antivirus software against this type of attack. Your own software is your last line of defence.
Failure to update systems helps worms spread
The most common and widespread worms and viruses typically exploit new ways to access PCs, but once inside they use old and well-known security holes in the programs on the PC to reach their target positions. These worms are allowed to proliferate because many people fail to update the operating system and programs on their PCs, even though the software providers have long identified and remedied the problem and made updates available on the Internet.
Update frequently or automatically
We recommend that you look at the Web sites of your software providers at frequent intervals and update your software when security upgrades are available. The more recent operating systems allow users to select automatic installation of updates, which is usually recommended.
Avoid risks: Be especially careful when using the Internet with any of the following
Most viruses, and by far the most harmful ones, proliferate through e-mail messages. The subject lines of such e-mails are usually designed with the sole object of enticing you to open them and any attached files. The e-mails may turn out to embed a vicious program that you yourself allow to run on your PC when you open the e-mail.
Watch out for attached files
Always be on the alert when you receive e-mails with attached files. Especially, if they come from someone you don’t know, show a peculiar subject or are written in a foreign language. You should also be careful of unexpected e-mails from people you do know, especially if the subject seems peculiar.
If in doubt, consider whether it might be best to delete the e-mail without opening it or contact the sender, using another medium.
Worms and viruses often come from someone you know
Worms and viruses often replicate through the address books of the PCs they have infected, so it looks as the sender is someone you know.
“Spoofing” is the term used about a specific type of attack which occurs when an e-mail purports to come from a specific person or firm without that party’s having anything to do with the e-mail.
Sometimes e-mails aim to make you destroy your PC programs, for instance by asking you to delete a vital file. Such e-mails are called “hoax” e-mails. Hoax e-mails will often suggest that you forward them to your friends before you follow their instructions. That way you will help spread the attack.
These e-mails often purport to aim at preventing virus attacks on your PC and often include a direct reference to known software providers, such as Microsoft and IBM. Sometimes hoax e-mails are spoofed.
“Phishing” is the term used to describe attempts by fraudsters to cadge personal information, such as credit card data, from people by means of bogus Web sites or e-mails purporting to originate from a card company.
Fraudsters launching a phishing attacks usually attempt to imitate banks, insurance companies, providers of various popular online services, online shops or credit card firms. Bogus sites are designed with a view to scamming the user into surrendering sensitive information that can be used fraudulently (economic crime or identity theft).
Avoid being taken in by never disclosing your password, personal details or account number outside of the online banking systems.
Danske Bank will never ask for these details via e-mail.
Never download unsigned programs. When a signed component is received for the first time, your browser will, if set up to do so, show the certificate applicable to the signature. The certificate identifies the provider of the component and you can decide whether or not to proceed with the installation. If you decide not to proceed, the component is discarded, and if you accept to proceed, the component is automatically installed on your PC.
Useful advice about downloads
- Check the issuer and the affiliation of the certificates of signed programs. Accept downloads only from people you trust.
- Do not download programs from untrustworthy Web sites or Web sites you don’t know.
- Do not open programs or files (including documents or PDF files) directly from a Web site. Always save them on your hard disk first and check for viruses manually if your antivirus program does not do so automatically.
- Check that the file name is unchanged and that the file didn’t suddenly become a program (files ending with “.exe”, “.bat”, “.cpm”, “.vbs” or “.pif” are program files).
- When satisfied on all counts, open the file. Avoid double clicks. Instead, open the file in the program in which the file appears to have been created.
Only surrender personal data, such as passwords, social security numbers and account numbers, to someone via email or to Web sites if
- you know exactly who the recipient is, and
- you are able to encrypt your email or send it over an encrypted line to their Web site
Verify the data in the recipient’s certificate
If you can send encrypted email to someone, you will be able to check their data in the certificate you receive from them. Precisely how depends on your email program. This information will typically be available through your program’s online help.
Check for an encrypted line
The address line must show "https" instead of "http", the "s" being short for secure, or there should be a padlock icon in the bottom right hand corner of your Internet Explorer.
If you double-click on the padlock, you can check the certificate to see who issued it and to whom was it issued. The key in the certificate is used to encrypt the Internet connection.
Danske Bank will never ask for personal data via the Internet unless these requirements are met.
Spyware consists of small spy programs that may be installed on your PC, reporting on your movements on the Internet. They run in the background without your knowledge. Different spyware programs have different objectives, but they typically gather information about your interests and movements on the Internet for advertising purposes.
Installed via freeware or viruses
In most cases, you will have allowed the spies to enter your system yourself. This happens, for instance, if you install freeware, in which case you may unwittingly install spyware on your PC. Spyware can also install itself via a virus.
It is a good idea to install a dedicated spyware checker. There are several programs on the market; one of them is Ad-Aware. Ad-Aware works like antivirus software – only it checks for spyware instead of for viruses.
Protect your PC with a password to ensure that it cannot be used by anyone who has physical access to it.
Choose your password carefully
The password you choose must contain at least 8 characters. Always use good passwords, preferably combinations of letters (both upper- and lower-case letters if your system is case sensitive), numbers and symbols that do not form a proper word. Do not use names, birthdays, place names from books or the like as passwords. It is easy for hackers to search for these and use them in so-called dictionary attacks. Memorise your password, and don’t write it down.
You can read more about passwords in the system Help or FAQ information.
Never use the same password for different purposes
This means that you should never use your District or Business eBanking password for any other purpose. Danske Bank's online systems go to great lengths to protect your password, whereas password practice differs from one Internet service to the next.
Change your password at frequent intervals
If you suspect that someone has gained knowledge of your District password, you should in the system.
This type of network is gaining popularity because it is fairly cheap and easy to handle and allows you to go online wherever you choose to place your PC in your home.
Wireless networks tend to use a standard set of protocols and often operate with a signal range in excess of the boundaries of your home. It is therefore possible that someone with the correct equipment could monitor the traffic on your network, use your Internet connection and access files on any PCs that are connected to the network.
It is always a good idea to assign a security key to your wireless network so that any PC wanting to connect would have to enter this pre-determined key.
Follow the recommendations
The most common practice is to connect a router directly to the Internet connection and, when you use wireless adapters on any PCs, to connect the adapters to the router. In this case, the wireless section of the network may be considered part of the Internet. You should follow the recommendations about protection of PCs against attacks both from the Internet and from the wireless network section in your home.
Encrypt internal networks
If you use a wireless network connecting several active PCs in your home in order to share resources on the internal network (for instance Internet connection, network printer, shared hard drive sections, etc.), you should always use an encrypted network and protect your PC.