NBADdirect

Security Information

Introduction of Two-Factor Authentication for nbadOnline Personal Banking Users

We are happy to announce the introduction of two-factor authentication for our customers when logging into nbadOnline. This new service, which is the first in the region for any bank, is an essential part of NBAD’s ongoing strategic initiative to enhance security and to protect its customers.

NBAD’s two-factor authentication is based on the use of two passwords when logging into nbadOnline – the normal nbadOnline static password and a dynamic one-time use password generated by a Secure ID Token. A Token will be provided by the Bank to each of our online banking customers after the introduction of the new service at 1:00 AM, Friday, 3rd November, 2006.

Once the new two-factor authentication service is introduced, there will be a change in the Login screen for nbadOnline. The new Login screen will include an additional field “Secure ID Token Code”, apart from the normal “User ID” and “Password” fields. Until you have received the Token from the Bank, please continue to log into nbadOnline using your same User ID and Password as in the past. Leave the “Secure ID Token Code” field blank until you have received the Token and a subsequent confirmation e-mail from the Bank indicating that your Token has been activated. The confirmation e-mail will be sent to you within approximately three business days from the time your Token is delivered to you.

The Bank will be using Empost Courier Services to deliver the Tokens to our customers. The Tokens will be delivered in batches, and you will receive your Token in due course. However, until the time you receive your Token, you may continue to use nbadOnline normally by logging in using your same User ID and Password. Remember to leave the “Secure ID Token Code” field blank until you have received both your Token and the e-mail indicating that your Token has been activated.

What is the Secure ID Token?

The Secure ID Token is a small electronic key-chain type device that randomly generates a 6-digit code (the Token Code) and displays it on its LCD screen. The Token Code changes every 60 seconds on the Token and is displayed for only 60 seconds before a new Token Code is generated and displayed. The Token Code essentially becomes a dynamic one-time use 6-digit password that has a one-minute expiry time limit. It is used in conjunction with the Customer’s normal User ID and Password to log into nbadOnline. The Token Code, as indicated previously, will be provided to all nbadOnline customers and will be used as a second password to authenticate customers and to increase security.

How it works?

The Token Code generated by the Secure ID Token plus your existing login User ID and Password provide you with secure two-factor authentication when logging into your nbadOnline account. Therefore, all you need to do when logging into nbadOnline is enter your same User ID and Password plus the 6-digit Token Code appearing on your Token at the time of logging in. As a reminder, the Token Code on the Token changes every 60 seconds. So if prompted, you may wait for the Token Code to change on the Token and then enter the new Token Code. Again, once you have received your Token, it will be activated after approximately three business days from which time the Token Code will be mandatory when logging into nbadOnline.

How does the Secure ID Token make banking online safe with NBAD?

The Secure ID Token provides a hassle-free, secure and reliable means of banking online with NBAD. As you are aware, many phishing attempts have occurred in the online banking industry whereas fraudsters continually try to entice online banking users by diverting them to fake online banking websites to steal and then abuse their user IDs and passwords. However, with NBAD’s introduction of the secure two-factor authentication using Secure ID Tokens, phishing attempts to steal user IDs and passwords would be negated by the additional and new dynamic one-time use password (Token Code) generated by the Secure ID Token. Essentially, phishing would prove to be useless to fraudsters because of the increased security level of the two-factor authentication with logging into nbadOnline. This revolutionary two-factor authentication process effectively increases security and helps in preventing fraud. While we are proud to announce this enhancement, we would like to remind you that security is relative and hence you are supposed to exercise due diligence on all occasions.

Important Security Note - Tips to Counter Fraud

Dear Customer,

Please read the following Internet security information for your safety while transacting over the web.

How to protect yourself:

To protect your privacy and to counter the threat of any look alike fraudulent websites set up to deceive and obtain your user ID and login password, we would like to request you to exercise caution and observe following before entering your nbadOnline user ID and password :

Do not perform your online banking from a public PC or a cyber café. Change your password regularly and keep it secret. Never use the same password for other web-based services such as: e-mail, online shopping and other online subscription services. Check your accounts and transaction history details regularly. The Bank will never contact you to ask for your password. Install an anti-virus software preferably with a personal firewall that prevents unauthorized intrusions into your PC. Some of the antivirus softwares available in the market are KAPERSKY, GIANT, McAfee, Norton, or Trend Micro. Ensure that your anti-virus software is updated regularly. Ensure that you are using only SSL enable Internet browser supporting 128 bit Encryption. (Internet Explorer 5.5 or higher / Netscape 4.75 or Higher / any other browser supporting 128 bit SSL encryption) NBADdirect customers must ensure that login is performed through the Bank’s website http://www.nbaddirect.com. It is preferable to access the nbadOnline web site through the URL https://online.nbad.com (as shown below in Figure 1) Sign-on to nbadOnline by entering user ID and password to nbadOnline is performed under secured SSL 128 bit encryption technology. This is a secured server and identity of this server is confirmed by Certification authority ‘Comtrust’. “Secured by Comtrust” seal appear on the login page where nbadOnline user ID and login password are entered. Ensure that nbadOnline login page is a legitimate Comtrust secured by digital certificate. A “Lock” icon appears in your browser (Internet Explorer and Netscape Navigator), located in bottom of the browser screen, which can be clicked to get the server and other security certification details which guarantee that the remote computer is identified and certified as “online.nbad.com”.(as shown below in Figure 2) Also the address/location bar should change to https://online.nbad.com.....( page URL ) Also, by clicking on the icon on your browser, the status (validity) of digital server certificate can be determined to ensure that it is valid at the time of login.
* "Website" refers to the National bank of Abu Dhabi website which is established, owned and maintained by National Bank of Abu Dhabi and located at URL www.nbaddirect.com

Figure 1

Figure 2

Important Notice - Fake Website and Fraudulent E-mails

It has come to the NBAD´s attention that some internet fraudsters are circulating e-mail that displays a link to the website. Through such e-mail messages, you may be directed to websites appearing to be genuine, and asked to key-in your confidential information. Please be beware of such messages; the only aim of such e-mail with links to fake website is to entice customers to enter their password and security details with the express intention of capturing and using such sensitive information to defraud customers.

While the fake website resembles the Bank´s true website, please be warned that the above website is a FAKE website which has been set up by fraudsters to defraud our customers.

As the security of our most valuable customers accounts is always NBAD´s main concern, the Bank expressly requests that should you receive such an e-mail, you should avoid clicking on the link provided and immediately delete this e-mail from your computer.

As you will know, the true, legitimate and legal website address (URL) of NBAD´s website is www.nbad.com.

E-mails that you receive from NBAD will never ask for sensitive information such as Account Number, ATM PIN, login Passwords, and for communication of transaction advice, and under any circumstances we will never request you to prove your login credentials and personal details via a link in the e-mail.

Further, it is always a good practice to simply delete all unsolicited e-mails that claim you have won a lottery and must pay some advances or inviting you to participate in various web surveys to claim your prize.

Kindly exercise extreme caution and report such e-mails to us immediately through e-mail to nbadOnline@nbad.com .

We are determined to continue with our effort to constantly improve our services to our customers. Please do not hesitate to contact us if you ever have any comments and complaints about any of our services. Your feedback is very important for us to further improve our services.

To Contact us or to report any suspicious e-mails, letters, websites or phone calls .

In UAE : Toll Free 8002211
From outside UAE : + 971 2 6937777
Sunday to Thursday : 8:00 AM to 11:00 PM (8:00 AM to 4:00 PM on Saturday)
E-mail : nbadonline@nbad.com

Security Note: Protect your Computer against malicious programs, Trojans and Sypwares that might be infecting your PC. Install anti-virus software preferably with a personal firewall that prevents unauthorized intrusions into your PC and ensure that your anti-virus software is updated regularly. Some of the anti-virus software available in the market are KAPERSKY, AVG, GIANT, McAfee, Norton, or Trend Micro. Kindly visit www.nbad.ae for other important guidelines, security alerts and tips to counter fraud and phishing attempts.