online banking banner
Internet Banking

Security Information

Secure your online experience
Your online experience needs a safe and secure environment, and for that, MCB continuously deploys security measures to protect your online transactions.

Feel the ease of safe online banking with some simple precautions.
We ensure your personal and financial data protection using high levels of security by several means:

Login Password

Upon your first registration on MCB Internet Banking, a user ID and password will be issued to you. For security purposes, please change your password and keep it only to yourself.
If you opt to transact online, you can also choose between a One-Time Password or a security token.

One-Time Password

If you choose this option, you will receive a password by SMS each time you need to authenticate a transaction on MCB Internet Banking. Each new Password is valid for only one transaction. This feature is safer than a transaction password because:
  • No one can guess or steal your password as it changes all the time
  • You receive the password directly on your mobile phone
  • You receive an alert each time an online transaction is attempted on your account

Security Token

A security token is a small electronic device (looks like a small calculator) that generates a one-time password which you will need to insert when you authorize your online transactions. This device provides you with additional security.

Read more on Security Token

When and how to use a security token

A 7-digit number will display on your screen at the final stage of your payment. After switching on your token and entering your token PIN, type in the 7-digit number and click the button 'on'. A 6-digit response number with a lifetime of 30 seconds will appear on your security token. Please enter this number to authorize your transaction.

Encryption

Encryption is a security feature that prevents fraudulent users to read or amend your private data transmitted via a secured channel between your browser and the bank's server.. MCB uses latest cryptographic standards such as Secure Socket Layer (SSL) with 128-bit encryption, to protect abusive data transfer. Be always aware of:
  • "https": the 's' stands for secure
  • a closed padlock

Digital Certificate

A digital certificate verifies the identity and authenticity of MCB Internet Banking. You may check the validity of the digital certificate by double clicking on the padlock icon in your browser window.

Firewalls

MCB uses a firewall mechanism to prevent unauthorized access to and from its information network.

Automatic timeout

A timeout allows the system to log you off the transaction window if there is no activity within 15 mins. This reduces the risk of fraudulent access if you happen to leave your computer unattended.

Temporary denial of access

Three consecutive failed attempts to log in will temporarily disable your online access. You will have to reset your password by contacting the MCB Internet Banking section on 202 6060. This is a dissuasive measure to prevent fraudulent users to attempt a fake password

Security initiatives

Above security measures deployed by MCB to protect your data, you also are a guardian to your personal information. Here are some personal initiatives to keep in mind:
  • Always access MCB Internet Banking through www.mcb.mu and log in from there.
  • Always log out your MCB Internet Banking session and close your browser when you have completed your banking.
  • Never access MCB Internet Banking from a link in an e-mail or from redirections from other websites - genuine emails from MCB will NOT contain any links to our internet banking service.
  • Do not leave your computer unattended when you are connected to MCB Internet Banking.
  • Avoid using public or computers you do not control for Internet Banking services.
  • Never change security details such as your password in a public place like a Cybercafe.
  • Make use of private browsing modes to reduce potential leftovers offline data in your computer.

Look for security indications

  • Make sure that https:// is displayed on your browser's address bar as well as the closed padlock.
  • Check if a valid digital certificate has been issued to the site.

Protect your password

  • Choose a high-strength password - (try to avoid birth dates, phone numbers, names, etc. and prefer letters, numbers or symbols which are harder to guess) Avoid using the same password for different services.
  • Do not keep your password on yourself.
  • Do not write down or store your password anywhere
  • Change your password regularly and activate 'password ageing' functionality.
  • Never disclose your password to anyone
  • If you suspect that your password has been used by someone else, change it and notify MCB immediately.
  • Don't allow any website to store your password.
Important Note: MCB will NEVER ask you for your Internet Banking credentials (i.e. PINs or PASSWORDs) under ANY circumstances.

Protect your computer

  • Install the latest security patches in your operating system.
  • Equip your computer with strong anti-virus software and continuously update.
  • Install a firewall and make sure it is regularly updated and maintained*.
  • Password-protect your computer to prevent unauthorized access to your information.
  • Disable the 'AutoComplete' function - this will help prevent third parties from seeing your personal information.
* Note: A company's firewall often has sites restrictions. Ensure that it allows MCB's website and its secure internet banking service

Update your Operating System regularly as well as your Anti-Virus software, it's your first line defense.
Simple precautionary measures to take:
  • Use e-mail spam filters to protect you from receiving hoax/spam e-mails. These spam filtering services intercept many hoax e-mails preventing them from reaching your e-mail inbox.
  • Avoid opening, running, installing or using programs/files you have obtained from a person or organisation that you do not know. Be particularly careful of e-mails attachments, if you receive such mails, delete them. Any file carrying double extensions is most likely to be a virus and should never be opened. Files extension like - .exe - .pif - .vbs are commonly used to propagate viruses.
  • Never click onto a link from e-mails or attachment to have access to MCB Internet Banking - as this may take you to a spoof website.
  • Never provide sensitive information (your security details) in response to any e-mail, even if the e-mail looks like it comes from the MCB.
Important Notes: From time to time you may receive e-mails from the MCB and these may contain links, BUT they will NEVER take you directly to MCB internet Banking and we will NEVER ask you to disclose your personal or security details by e-mail.

Check your accounts regularly

Monitor your account activity regularly for any unusual transactions or withdrawals and notify the Bank immediately if you suspect any discrepancies - It is one of the best ways to safeguard yourself against fraud.
Online hacking is a criminal offence used to steal users personal data for fraudulent purposes. We present you with an overview of some common types of frauds.

Identity theft

Your identity is a personal collection of confidential data meant for your own purposes. The theft of your identity with the intention of committing frauds is an offence punishable by law. The most common technique known today is phishing.
  • Phishing is a fraudulent act where e-mails, text messages and pop-up messages are sent to users claiming to be from a reputable financial institution or e-commerce site - to get the victim to release personal information.

Other methods

  • Skimming occurs when fraudsters capture credit/debit card numbers using a special storage device when you are processing your card.
  • Change of address: Online hackers deliberately divert your billing statements to another location by completing a change of address form.
  • Traditional theft: wallets containing bank and credit card statements and other financial information.
  • Phone fraud: fraudsters use false pretexts to obtain your personal information from financial institutions, telephone companies, and other sources.
  • Dumpster diving: fraudsters rummage through trash looking for bills or other papers with your personal information on it.
Remember:Keep your personal identifiers/details secure in a secure place and never disclose them to anyone.

Email scams: Lottery Fraud and 419 Fraud

The lottery' scam or the 419 fraud (also known as 'Nigerian Letter' scam) are attempts to lure victims into a type of fraud known as an 'illegal advance fee' - via e-mail. Millions of these fraudulent spam e-mails are sent to random e-mail addresses in view to entice people into providing their bank account numbers, by offering lottery wins, huge sums of money through bank transfers, and inviting the victims to only cover costs and fees.

Remember:Ignore unsolicited e-mails that urge you to transfer your money.

Investments Scams

Investment scams usually lure people into attractive investment opportunities with massive paybacks, by claiming to be a risk-free business. Victims are invited to invest and their money is stolen.

Remember:The higher the promised return, the higher the risk! Please take time to evaluate the legitimacy of an offer.

Business Scams

It is a marketing attempt to urge e-mail recipients to buy large quantities of a product for resale, with attractive commission fees. Once purchased, products are never delivered.

Remember:Skip these offers. Don't send money now on the promise of a pay-off later. Be aware of whom you are dealing with.

Virus Hoax Mail

Virus Hoaxes are false reports about non-existent viruses. Virus Hoaxes warn online users of dangerous viruses through e-mails and invite them to forward these messages to their network. These techniques are sometimes initiated to gather mass e-mail data for spam use.

Remember: DELETE suspicious e-mails. Remember that virus writers can use known hoaxes to distribute destructive trojans as attachments.

Malwares

Malware, short for malicious software, is software designed to infiltrate a computer without the user's consent. Malware includes computer viruses, worms, trojan horses, spyware, and other malicious and unsolicited software.

Trojans

Trojans are a type of computer virus meant to intrude into a computer by inciting users to click on a random link sent by e-mail. As soon as the user visits the website, the vulnerabilities of the web browser are exploited to install a Trojan. Trojans are sometimes used for installing a 'keystroke logger'.

Keystroke Logger

Keystroke logger or keylogger, tricks users into downloading a software onto their computer by either visiting a compromised website, opening an attachment or following links in an e-mail.

This software captures the user's keystrokes, including Internet Banking login credentials, and sends them back to the fraudster.

Spyware

A spyware secretly gathers information about a person and transfers it to advertisers or other interested parties.

Clues that can warn of an infection or malware

  • Slow down, malfunction, display of repeated error messages
  • No shut down or restart
  • Barrage of pop-ups - even displayed when you're not surfing the web
  • Hijacked browser - display web pages or programs you didn't intend to use, or send e-mails you didn't write
  • New and unexpected toolbars
  • New and unexpected icons on the taskbar of your computer or on your desktop
Remember: If you suspect malware is lurking on your computer, stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information. Malware on your computer could be sending your personal information to identity thieves.

Phishing

Phishing is a fraudulent act intended to lure victims into revealing their financial information.

Phishing involves seemingly credible e-mails sent to users, claiming to come from legitimate organisations such as Banks, auction sites, or online merchant sites etc. That fraudulent, but official-looking e-mail is sent in an attempt to con users into divulging personal and/or financial information. The e-mail directs the victim to a similar-looking website of the organisations' legitimate sites where it requests him to enter, verify or update his personal and financial information in view to steal them.

Even if the genuine website is accessed at first click, a fake pop-up window appears to make it more credible. Fraudsters also happen to lure victims into filling an online banking survey with a monetary reward at the end. These surveys are often sent through e-mails.

Phishers also use phone and sms to scam users into providing sensitive information.Generally, messages from phishing scams often use a sense of urgency to induce the user into taking action. Remember: Never respond to e-mails that request personal and financial information and never click on a link in such e-mails! No MCB staff will ask you for your Internet Banking credentials.

Online employment scams

Recruitment of 'middlemen' is a significant step in the Phishing activity.

In possession of the victim's information, the phishers appeal to 'transfer agents' in the same country as the victim to handle money transfers for them. They recruit individuals also known as mules - by advertising attractive employment opportunities with high rates of pay, minimal hours of work with no specific qualification required.

Once recruited, the mules receive funds into their accounts and they are then asked to take these funds out of their accounts in the form of cash and send them overseas (minus a commission payment), typically using a wire transfer service.

Money mules are recruited by a variety of methods, including spam emails, adverts on genuine recruitment web sites, approaches to people with their CVs available online, instant messaging and adverts in newspapers. Important Note: Beware of easy money! Learn about the company.
MCB advises its clients that hoax emails leading to a fake bank website are in circulation. Although they might appear genuine, they are fraudulent and have not been sent by the Bank. These e-mail messages invite MCB Internet Banking users to confirm account details via a link. These messages aim at fraudulently appropriating the user ID and password of Internet Banking customers. Under no circumstances you should act on the instructions:

Do not:

  • click on the link
  • reply to the email
  • provide any of the requested details

If you believe your security has been compromised or if you notice a transaction you did not make, immediately:

  • Change your password
  • Call MCB Contact Centre on 202 6060
  • Forward the email received to alert@mcb.mu