Diamond Online Security Tips

Diamond Online Security Tips

Dear Customer,

Our attention has been drawn to scam e-mails being circulated asking customers to provide their Internet banking code, password, e-mail address, e-mail password, Phone number, ATM Card PIN, etc for security checks.

Please note that Diamond Bank will NEVER request any update and/or personal banking details via e-mail or by telephone. Consequently, please DISREGARD all such emails as these are 419 EMAILS that may be used to defraud you.

To ensure your banking details and account information stays protected, If you receive such e-mails, please:

  • Disregard them and do not click on any of the links
  • Delete the e-mail immediately

In addition, never generate a token or pass code for anyone via phone, e-mail or chat and always access your Diamond Online through our website www.diamondbank.com.

Security starts with your web browser. When you access Diamond Online Banking, your browser is checked by DIAMOND BANK to ensure that it meets our minimum requirements. You can protect yourself online by using an up-to-date browser with the most recent security updates.

To ensure the security of Diamond Online Banking, DIAMOND BANK supports the following browsers that use 128-bit encryption. Select one of the links below if you need to update your browser:

Microsoft Windows Vista, XP and 2000:
Firefox 3.x
Microsoft Internet Explorer 7.0 and later

Apple MacOS 10.4 and later:
Apple Safari 3.0 and later
Firefox 3.x

JavaScript

You must have JavaScript enabled on your browser to use DIAMOND BANK websites. We use JavaScript to make our websites easier to use.

How DIAMOND BANK uses cookies

DIAMOND BANK uses two types of cookies on our websites: session cookies and persistent cookies. Session cookies are used during a single website visit and are automatically deleted from your computer when you leave the site. Persistent cookies are used to track website activity over a longer period and remain on your computer until either you choose to delete them or they expire.

Session cookies perform several critical functions on DIAMOND BANK's websites. For example, they protect your security while you are using Diamond Online Banking by ensuring that nobody else can view your data while you are signed on. They are also used to ensure that you do not pay the same bill twice during a single banking session. Your web browser must allow session cookies in order for you to use Diamond Online Banking.

Persistent cookies are also used for a number of purposes on DIAMOND BANK's websites. They are used for your convenience to save your Diamond Online Banking personal preferences. For example, you must allow persistent cookies if you want your browser to remember your card number, your language preference and your default home page each time you sign on to Diamond Online Banking.

DIAMOND BANK also uses persistent cookies to collect analytical information about how visitors use our websites. For example, we may measure website usage, access to online services, and the level of interest in particular products. We use this information to improve our service and provide a better experience for visitors to our websites.

To gather this information, we use persistent cookies that track how a computer uses our websites and whether the computer has been used to sign on to Diamond Online Banking. Currently, we do not use cookies to collect information about identifiable individuals or use cookie information to offer products and services to individuals. If this changes in the future, we will update this section.

Another type of persistent cookie, known as a locally shared object, may be created by software applications running on your computer when viewing material such as Flash enabled videos on DIAMOND BANK websites. These files contain configuration information used by the software to present rich media on DIAMOND BANK websites. DIAMOND BANK does not use the information in locally shared objects for analytical or other purposes.

DIAMOND BANK never stores your personal financial information in cookies or uses cookies to track your internet use after you leave DIAMOND BANK websites.

Report Online Fraud

To report suspected fraud, or if you think you have been a victim of fraud (e-mail fraud, text message fraud, identity fraud, phishing, spyware):

Send an E-mail to: complaints@diamondbank.com, enquiries@diamondbank.com

  • Describe the fraudulent incident
  • Attach or include any fraudulent e-mails you received or anti-virus/anti-spyware scan logs

Online Fraud Alerts

There are “phishing” e-mails in circulation targeting many financial services clients, including Diamond Online Banking services clients. Diamond Bank wants to assure our customers that regulatory authorities are notified regarding messages targeted at our customers.

As some phishing sites have been known to distribute malicious software, we strongly recommend that you do not select the links provided in a phishing e-mail, as visiting these sites could place your computer at risk. We also recommend that you regularly check your account transaction activities and credit card statements to ensure that all transactions are legitimate.

Here are some simple tips that you can follow to ensure that your online banking experience is safe and hassle free.

  • Keep your information confidential
  • Changing your password
  • Look for the lock icon
  • Use a firewall
  • Use Direct Deposit
  • Shop with Verified by Visa
  • Install security updates
  • Privacy policies
  • Safe computing practices
  • Online security
  • Clear your cache

Direct Deposit and DIAMOND BANK Online Banking

You can arrange with your employer to have your salary deposited directly to your DIAMOND BANK account so you can prevent lost or stolen cheques. With DIAMOND Online Banking, you can also set up recurring transfers and payments from your DIAMOND BANK account so that your obligations are met automatically.

Look for the lock icon

Before entering personal information on a website, look for the “lock” icon in your browser. A closed lock or padlock indicates that the website you are on is secure.

Use a firewall

When your computer is connected to the Internet, it is vulnerable to attack. Although this is a problem for all types of Internet connections, DSL and cable modem connections are more vulnerable because they offer an “always on” capability. You can help protect your computer from attack by using a personal firewall. Personal firewalls can be software, hardware, or both, and create a barrier to attacks.

Microsoft Windows and Apple MacOS X both include automatically activated firewalls. If you are not sure your system has an activated firewall go to the appropriate site below to learn more.

Microsoft Windows XP: Configure the Internet Connection Firewall
Apple MacOS X: Enable MacOS 10.4 firewall protection

Keep your passwords, Personal Identification Number (PIN) and card numbers confidential

Do not share your DIAMOND BANK Online Banking password or ATM machine Personal Identification Number (PIN) with anyone. Giving your password or PIN to another person or company places your finances and privacy at risk.

Change your password regularly and use a different password than you use for other websites. Make it difficult for others to guess your password by using a combination of letters and numbers in your password. If you think someone knows your password, change it right away.

Never share, disclose, or provide your card number or password to another party or website other than DIAMOND BANK. DIAMOND BANK will never send you an e-mail requesting this information.

Install security updates

Most personal computers use the Microsoft Windows and Apple MacOS operating systems. The makers of these systems regularly issue security updates to protect against new and emerging threats. You should download and install security updates regularly or configure your operating system to automatically check for new updates.

Windows: To download the latest Microsoft Windows updates, visit Windows
MacOS X: Choose “Software Update” from the Apple menu.

Safe Computing Practices

With DIAMOND Online Banking, you can manage almost all of your everyday banking, anywhere you have Internet access, using your laptop or a trusted computer terminal.

  • When you’re traveling, always use a trusted computer whenever possible
  • Never leave your computer unattended once you have signed on to DIAMOND Online Banking
  • After completing your transactions, ensure that you sign out of DIAMOND Online Banking and close your browser
  • If you are using an older version of Internet Explorer we recommend that you upgrade to Internet Explorer 7.

Online Security

We want you to be confident when accessing your financial information online. DIAMOND BANK uses multiple layers of protection to increase your security while using DIAMOND Online Banking or accessing your investment accounts online.

Web browser encryption

Web browsers use encryption to communicate securely over the Internet. You must have a browser with 128-bit encryption to use DIAMOND Online Banking. All of the browsers supported by DIAMOND Online Banking and these online services offer 128-bit encryption.

Session timeout

To protect you further, your online session will end after a period of inactivity. If you wish to continue accessing your online banking , you will have to sign on again. You should always sign off when you are done and, if using a computer that isn’t your own.

Phishing

Phishing is a type of scheme that uses fraudulent e-mail, web pages and text messages to gather personal, financial and sensitive information for the purpose of identity theft. Most commonly, users receive spam e-mail (mass e-mail messaging), text messages and pop-up windows that appear to come from legitimate businesses. People have been tricked by these deceptive solicitations into sharing passwords, social insurance, credit card and bank account numbers.

How phishing works

Phishing e-mails and text messages are often sent out as spam to numerous recipients and appear to come from legitimate businesses, sometimes even duplicating legitimate logos and text. Within a phishing e-mail, you may be requested to click on a link that takes you to a fraudulent site or pop-up window where you are asked to submit personal and financial information. A phishing text message may request that you send personal information back to the sender through text message or call a phone number.

In order to increase the chances of a response, messages may imply a sense of urgency or an immediate risk to bank accounts or credit cards if you fail to answer. Special offers and prizes may also be promoted as incentives.

What phishers do with your personal information

Phishers can access your accounts using your passwords and other information to withdraw money or make purchases. Personal information can also be used by phishers for other purposes in your name.

What to look for in a valid message from DIAMOND BANK

The message below illustrates some of the e-mail components that are acceptable in an e-mail coming from DIAMOND BANK. DIAMOND BANK will never send you an e-mail or text message asking you for personal or financial information.

DIAMOND BANK is continuously working to ensure your security against phishing schemes.

Any unsolicited e-mail that appears to be from DIAMOND BANK or any organization with which you do business including a request that you click a link and re-enter your personal information or password, should prompt you to contact the company directly. Type www.diamondbank.comaddress directly into your browser, instead of using the link in the e-mail. If you are unsure of the authenticity of an e-mail, please delete it.

If you receive a text message that appears to be from DIAMOND BANK with any requests to you send personal information, do not respond to it. Instead forward it to  complaints@diamondbank.com.

At DIAMOND BANK, we go to great lengths to protect your personal information and ensure DIAMOND  Online Banking is secure. If you ever doubt the legitimacy of any e-mail or text message claiming to originate from DIAMOND BANK, please call.

Identity Fraud

Identity fraud is the stealing of personal information and then using it illegally. If you think you are a victim of identity fraud and you are a DIAMOND BANK customer, please contact DIAMOND BANK immediately at 0700-300-0000.

Once thieves have enough personal information, whether they retrieve it from unshredded documents in your trash, steal your purse or wallet, or gather information that you have posted on the Internet. You may not be aware of the theft of your identity until months or years have passed.

You can take certain basic steps to protect yourself from identity fraud:

Protect your personal information

Do not give account or card number information to anyone, whether in person, over the phone or online, unless you are confident to do so.

Memorize your passwords and Card Personal Identification Number (PIN)

Do not give account or card number information to anyone, whether in person, over the phone or online, unless you are confident to do so.Don't write down your bank machine Personal Identification Number (PIN) or your online banking password. If you must write these down, keep them in a safe place and do not carry them in your wallet or purse. Never give this information to anyone, even a DIAMOND BANK employee. Our employees will never ask you for this information, so be suspicious of anyone asking for it.

Report thefts and losses immediately

If your wallet or purse is lost or stolen, contact DIAMOND BANK immediately at 0700-300-0000 to block your accounts and cards from use.

Shred or tear up junk mail and statements

Identity fraud often occurs by thieves going through trash looking for these offers. As well, tear up or shred any personal information you are going to throw away, such as receipts that show your card numbers or bank statements.

Review your account statements

Ensure that all transactions on your statement are genuine. Report suspicious transactions immediately to DIAMOND BANK at 0700-300-0000.

How to Protect Yourself from Identity Theft

Identity theft is a growing concern around the world. Identity thieves are criminals that will learn and use your personal information to access your financial accounts. Checking your accounts regularly and using the following tips will help keep your banking experience as secure as possible.

Be skeptical

  • DIAMOND BANK will never ask you to respond via e-mail to any requests for personal information, PINs or passwords
  • Beware of people asking you to move money for them or notices that you have won a lottery you didn't play

Protect your PIN, password and personal information

  • Your PIN and password are the keys to your account; never share your PIN or password with anyone
  • For added protection, try covering your hand when entering in your PIN number; this will prevent others from seeing it
  • Before you recycle old documents, be sure to shred them first

Practice safe computing

Installing up-to-date anti-virus/spyware software and a firewall on your computer will help make your DIAMOND Online Banking experience a safe one

The new Diamond Online is very safe as it has different levels of authorization that ensure your online banking transactions and information remains private. The service utilizes your Username and password to provide secure access to the account and a second (higher) level of protection by use of onetime passcode (OTP) for sensitive transactions that require an extra level of security such as beneficiary maintenance for third party fund transfers, interbank funds transfers, Bill payments, etc.

This onetime passcode (OTP) is dynamic as it is an auto generated pass code on demand and it is only valid for one time use. This significantly reduces the possibility of the one time passcode falling into the wrong hands.

An OTP can be derived in any of the following three ways:

  1. System generated OTP
  2. Software token
  3. Hard ware

System Generated onetime passcode (OTPs)

The most basic of the three. It does not require the use of hardware or software tokens devices. Customers can just click on the request pass-code button every time they need a higher level of authentication. The pass-code will then be automatically generated via the system and sent as an SMS to the customer's phone. Thereafter the customer can then type the 5- digit code he receives in the space provided and submit.

Software Token

Software tokens can be generated via an application installed on Java enabled mobile phones. The application does not make use of the mobile network and does not require mobile network coverage for use. The application generates and provides you with the 6-digit code you need to transact.

Hardware Token

This is a small mobile device which is used to generate a onetime passcode (OTP) to enable you carry out transactions requiring a higher level of authentication

The onetime passcode (OTP) will expire if not used within 3 minutes. In this case, you may be required to generate another one-time-pass code.

Retail Customers

As a retail customer, you are automatically enabled to generate your onetime passcode (OTPs) via the system by clicking on the Request Passcode button. However retail customers have the option of using either the Hardware or Software token for onetime passcode (OTP) generation but not both.

Corporate Customers

We require that all corporate customers use the hardware tokens for onetime passcode (OTP) generation to be able to access the Diamond Online Banking Service.

Diamond TOKEN is a security device which is used to generate one-time password (OTP). The Diamond Token (which comes in 2 variants) may have gotten to you as either: Physical hardware token Or Software token which would have come to you as an SMS from Diamond Bank with a link to download.

The Hardware token is a small physical device which is used to generate one-time password (OTP) on the device itself. Users are required to set their token PIN themselves upon receipt. The PIN is to be used anytime the user wants to generate a token (pass code).

The software token is installed on your mobile phone. This is used to generate a one-time password (OTP). The software token requires a local password and it is self defined by the user. This password is required anytime the user wants to generate a token (pass code).

Click HERE to Download Diamond Token Application Form

Activating your Token

To activate your Hardware Token

Step 1: Press the play button at the bottom right of the device you have received to turn it ON

Step 2: PIN --- Enter the 4 digits activation PIN above

Step 3: NEW PIN --- Choose any 4 digits PIN of your choice (This is your Token password/PIN for OTP generation)

Step 4: CONF PIN --- Reconfirm your chosen 4 digits PIN (screen presents you with a message APPL 1)

Step 5: Press key 1 to generate 6 digits OTP for your Log In

With your password, you can always obtain your one-time pass code (OTP) any time you need to log into your Internet banking account.

 

To generate a Token from your Hardware to Login to Diamond Online Banking, use the steps below

Step 1: Press the play button at the bottom right of the device to SWITCH ON your token

Step 2: Enter your 4 digit password/PIN – screen presents you with a message APPL 1

Step 3: Press key 1 a 6 digits OTP is generated (Token ID for Log In)

Please note that your Token would be automatically locked after 5 wrong PIN inputs. In the event of a Token lock, kindly send a mail to complaints@diamondbank.com

Software token Download Guide

Step 1- Request for your Diamond Software Token Activation Details at any Diamond Bank Branch, by email to enquiries@diamondbank.com or by calling our 24 hour Contact Centre. Once request is made, your token activation details will be sent via SMS to your registered phone number.

Step 2- Visit your device App Store, search for “Diamond Token”, download and install on your device (Blackberry App World for Blackberry devices, Google Play Store for Android devices or iTunes for Apple devices).

Step 3- Click on the software token icon to open token for activation, then input the token activation details in the spaces provided and click ‘OK’.

Step 4- Click on OTP, input your password to generate a token.

How to use your software Token:

Step 1: Load your software Token

Step 2: Select and click on One Time Password

Step 3: Put in your local password and click your phone ok button- OTP appears.

Please note that your Software Tokens would generate invalid OTP after 3 wrong PASSWORD inputs. In the event of this, a reactivation process is required.

Reactivation/Reset of your Software Token – this option allows you to reset your software token when your local password has been forgotten.

Software Token Reactivation/Reset Process

Step 1: Load your Token application

Step 2: Go back 1 step to APPLICATIONS

Step 3: Select Settings

Step 4: Select REACTIVATE

Step 5: Select MANUAL

Step 6: Enter your Activation Code

Step 7: Enter your new local password (reactivation password not required)

Step 8: You have been unlocked and can use the Token to generate valid OTP now.

  1. For Apple Devices (ipad, iphone, itouch), go to the apps store and download digipass for mobile. When the download is done, go to the digipass page and add the Diamond Bank customized digipass using this url: https://appsecure.diamondbank.com:8070/DiamondToken/pkg/iphone/DIGIPASS.xml. Select DIAMOND BANK Token DIGIPASS and click yes to install token.
  2. For blackberry phones and other Java supported phones click on the applicable link
  3. Save the zip file to a location on your computer
  4. Right click on the zip file, go to open with and click on compressed (zipped) folders.
  5. For Blackberry Phones copy the files in the compressed folder (DIGIPASSv3-1.cod, DIGIPASSv3-2.cod, DIGIPASSv3-3.cod, DIGIPASSv3.cod and DIGIPASSv3.jad). For Java Supported Phones copy the files in the compressed folder (DIGIPASSv3.jar and DIGIPASSv3.jad). For Android Supported Phones, click on the link below to download and install the Diamond Token (diamond.apk).
  6. Connect your mobile phone to your computer via your data cable
  7. Move the folders to a location on your mobile phone
  8. To install software token on your phone, kindly navigate to the folder location and click on the DIGIPASSv3.jad or diamond.apk
  9. After completing the installation, click on Run to launch the Software
  10. Enter the Serial Number, Activation Code & Preferred Local Password (we recommend 6 digit code) and select Ok
  11. Click on Never Ask Me Again option and submit
  12. Your Token is now ready for use.

 

Click Here to Download Software Token for Blackberry Phones

Click Here to Download Software Token for Java Enabled Phones

Click Here to Download Software Token for Android Enabled Phones
Note: Please note that you are required to fill a Token Request Form, scan and send to enquiries@diamondbank.com, Your Activation code and Serial number will be sent to your registered email address or mobile phone.
Click HERE to Download Diamond Token Application Form

Following the spate of scam mails in circulation, please note the following:

  • Diamond Bank will NEVER request for your account information or an update of your personal banking details (including BVN) via e-mail or telephone.
  • Please DISREGARD and DELETE all such emails as these are scam emails intended to defraud you.
  • In addition, NEVER generate a token or passcode for anyone via telephone, e-mail or internet chat.
  • Always ensure you check that the sender of all Email messages is ‘’Diamond Bank noreply@diamondbank.com’’ before responding to any Email.
  • Diamond Bank contact centre will never call you to request that you click or respond to any email.

To report such emails or for more information, please call 0700-300-0000, send an SMS to 30811 or email us at enquiries@diamondbank.com. To offer feedback or make a complaint, Kindly send an email to complaints@diamondbank.com

See links below for samples of the fraudulent messages currently in circulation. Customers should guard against falling victim of such mails.

Sample Scam mail 1
Sample Scam mail 2
Sample Scam mail 3
Sample Scam mail 4

Enquire Now