Diamond Online Security Tips
DIAMOND BANK uses two types of cookies on our websites: session cookies and persistent cookies. Session cookies are used during a single website visit and are automatically deleted from your computer when you leave the site. Persistent cookies are used to track website activity over a longer period and remain on your computer until either you choose to delete them or they expire.
Session cookies perform several critical functions on DIAMOND BANK's websites. For example, they protect your security while you are using Diamond Online Banking by ensuring that nobody else can view your data while you are signed on. They are also used to ensure that you do not pay the same bill twice during a single banking session. Your web browser must allow session cookies in order for you to use Diamond Online Banking.
Persistent cookies are also used for a number of purposes on DIAMOND BANK's websites. They are used for your convenience to save your Diamond Online Banking personal preferences. For example, you must allow persistent cookies if you want your browser to remember your card number, your language preference and your default home page each time you sign on to Diamond Online Banking.
DIAMOND BANK also uses persistent cookies to collect analytical information about how visitors use our websites. For example, we may measure website usage, access to online services, and the level of interest in particular products. We use this information to improve our service and provide a better experience for visitors to our websites.
Another type of persistent cookie, known as a locally shared object, may be created by software applications running on your computer when viewing material such as Flash enabled videos on DIAMOND BANK websites. These files contain configuration information used by the software to present rich media on DIAMOND BANK websites. DIAMOND BANK does not use the information in locally shared objects for analytical or other purposes.
Report Online Fraud
To report suspected fraud, or if you think you have been a victim of fraud (e-mail fraud, text message fraud, identity fraud, phishing, spyware):
- Describe the fraudulent incident
- Attach or include any fraudulent e-mails you received or anti-virus/anti-spyware scan logs
Online Fraud Alerts
There are "phishing" e-mails in circulation targeting many financial services clients, including Diamond Online Banking services clients. Diamond Bank wants to assure our customers that regulatory authorities are notified regarding messages targeted at our customers.
As some phishing sites have been known to distribute malicious software, we strongly recommend that you do not select the links provided in a phishing e-mail, as visiting these sites could place your computer at risk. We also recommend that you regularly check your account transaction activities and credit card statements to ensure that all transactions are legitimate.
Here are some simple tips that you can follow to ensure that your online banking experience is safe and hassle free.
- Keep your information confidential
- Changing your password
- Look for the lock icon
- Use a firewall
- Use Direct Deposit
- Shop with Verified by Visa
- Install security updates
- Privacy policies
- Safe computing practices
- Online security
- Clear your cache
Direct Deposit and DIAMOND BANK Online Banking
You can arrange with your employer to have your salary deposited directly to your DIAMOND BANK account so you can prevent lost or stolen cheques. With DIAMOND Online Banking, you can also set up recurring transfers and payments from your DIAMOND BANK account so that your obligations are met automatically.
Look for the lock icon
Before entering personal information on a website, look for the "lock" icon in your browser. A closed lock or padlock indicates that the website you are on is secure.
Use a firewall
When your computer is connected to the Internet, it is vulnerable to attack. Although this is a problem for all types of Internet connections, DSL and cable modem connections are more vulnerable because they offer an "always on" capability. You can help protect your computer from attack by using a personal firewall. Personal firewalls can be software, hardware, or both, and create a barrier to attacks.
Microsoft Windows and Apple MacOS X both include automatically activated firewalls. If you are not sure your system has an activated firewall go to the appropriate site below to learn more.
Microsoft Windows XP: Configure the Internet Connection Firewall
Apple MacOS X: Enable MacOS 10.4 firewall protection
Keep your passwords, Personal Identification Number (PIN) and card numbers confidential
Do not share your DIAMOND BANK Online Banking password or ATM machine Personal Identification Number (PIN) with anyone. Giving your password or PIN to another person or company places your finances and privacy at risk.
Change your password regularly and use a different password than you use for other websites. Make it difficult for others to guess your password by using a combination of letters and numbers in your password. If you think someone knows your password, change it right away.
Never share, disclose, or provide your card number or password to another party or website other than DIAMOND BANK. DIAMOND BANK will never send you an e-mail requesting this information.
Install security updates
Most personal computers use the Microsoft Windows and Apple MacOS operating systems. The makers of these systems regularly issue security updates to protect against new and emerging threats. You should download and install security updates regularly or configure your operating system to automatically check for new updates.
Windows: To download the latest Microsoft Windows updates, visit Windows
MacOS X: Choose "Software Update" from the Apple menu.
Safe Computing Practices
With DIAMOND Online Banking, you can manage almost all of your everyday banking, anywhere you have Internet access, using your laptop or a trusted computer terminal.
- When youre traveling, always use a trusted computer whenever possible
- Never leave your computer unattended once you have signed on to DIAMOND Online Banking
- After completing your transactions, ensure that you sign out of DIAMOND Online Banking and close your browser
- If you are using an older version of Internet Explorer we recommend that you upgrade to Internet Explorer 7.
We want you to be confident when accessing your financial information online. DIAMOND BANK uses multiple layers of protection to increase your security while using DIAMOND Online Banking or accessing your investment accounts online.
Web browser encryption
Web browsers use encryption to communicate securely over the Internet. You must have a browser with 128-bit encryption to use DIAMOND Online Banking. All of the browsers supported by DIAMOND Online Banking and these online services offer 128-bit encryption.
To protect you further, your online session will end after a period of inactivity. If you wish to continue accessing your online banking , you will have to sign on again. You should always sign off when you are done and, if using a computer that isnt your own.
How phishing works
Phishing e-mails and text messages are often sent out as spam to numerous recipients and appear to come from legitimate businesses, sometimes even duplicating legitimate logos and text. Within a phishing e-mail, you may be requested to click on a link that takes you to a fraudulent site or pop-up window where you are asked to submit personal and financial information. A phishing text message may request that you send personal information back to the sender through text message or call a phone number.
In order to increase the chances of a response, messages may imply a sense of urgency or an immediate risk to bank accounts or credit cards if you fail to answer. Special offers and prizes may also be promoted as incentives.
What phishers do with your personal information
Phishers can access your accounts using your passwords and other information to withdraw money or make purchases. Personal information can also be used by phishers for other purposes in your name.
What to look for in a valid message from DIAMOND BANK
The message below illustrates some of the e-mail components that are acceptable in an e-mail coming from DIAMOND BANK. DIAMOND BANK will never send you an e-mail or text message asking you for personal or financial information.
DIAMOND BANK is continuously working to ensure your security against phishing schemes.
Any unsolicited e-mail that appears to be from DIAMOND BANK or any organization with which you do business including a request that you click a link and re-enter your personal information or password, should prompt you to contact the company directly. Type www.diamondbank.comaddress directly into your browser, instead of using the link in the e-mail. If you are unsure of the authenticity of an e-mail, please delete it.
If you receive a text message that appears to be from DIAMOND BANK with any requests to you send personal information, do not respond to it. Instead forward it to firstname.lastname@example.org.
At DIAMOND BANK, we go to great lengths to protect your personal information and ensure DIAMOND Online Banking is secure. If you ever doubt the legitimacy of any e-mail or text message claiming to originate from DIAMOND BANK, please call.
Protect your personal information
Do not give account or card number information to anyone, whether in person, over the phone or online, unless you are confident to do so.
Memorize your passwords and Card Personal Identification Number (PIN)
Do not give account or card number information to anyone, whether in person, over the phone or online, unless you are confident to do so.Don't write down your bank machine Personal Identification Number (PIN) or your online banking password. If you must write these down, keep them in a safe place and do not carry them in your wallet or purse. Never give this information to anyone, even a DIAMOND BANK employee. Our employees will never ask you for this information, so be suspicious of anyone asking for it.
Report thefts and losses immediately
If your wallet or purse is lost or stolen, contact DIAMOND BANK immediately at 0700-300-0000 to block your accounts and cards from use.
Shred or tear up junk mail and statements
Identity fraud often occurs by thieves going through trash looking for these offers. As well, tear up or shred any personal information you are going to throw away, such as receipts that show your card numbers or bank statements.
Review your account statements
Ensure that all transactions on your statement are genuine. Report suspicious transactions immediately to DIAMOND BANK at 0700-300-0000.
How to Protect Yourself from Identity Theft
Identity theft is a growing concern around the world. Identity thieves are criminals that will learn and use your personal information to access your financial accounts. Checking your accounts regularly and using the following tips will help keep your banking experience as secure as possible.
- DIAMOND BANK will never ask you to respond via e-mail to any requests for personal information, PINs or passwords
- Beware of people asking you to move money for them or notices that you have won a lottery you didn't play
Protect your PIN, password and personal information
- Your PIN and password are the keys to your account; never share your PIN or password with anyone
- For added protection, try covering your hand when entering in your PIN number; this will prevent others from seeing it
- Before you recycle old documents, be sure to shred them first
Practice safe computing
Installing up-to-date anti-virus/spyware software and a firewall on your computer will help make your DIAMOND Online Banking experience a safe one
The new Diamond Online is very safe as it has different levels of authorization that ensure your online banking transactions and information remains private. The service utilizes your Username and password to provide secure access to the account and a second (higher) level of protection by use of onetime passcode (OTP) for sensitive transactions that require an extra level of security such as beneficiary maintenance for third party fund transfers, interbank funds transfers, Bill payments, etc.
This onetime passcode (OTP) is dynamic as it is an auto generated pass code on demand and it is only valid for one time use. This significantly reduces the possibility of the one time passcode falling into the wrong hands.
An OTP can be derived in any of the following three ways:
- System generated OTP
- Software token
- Hard ware
System Generated onetime passcode (OTPs)
The most basic of the three. It does not require the use of hardware or software tokens devices. Customers can just click on the request pass-code button every time they need a higher level of authentication. The pass-code will then be automatically generated via the system and sent as an SMS to the customer's phone. Thereafter the customer can then type the 5- digit code he receives in the space provided and submit.
Software tokens can be generated via an application installed on Java enabled mobile phones. The application does not make use of the mobile network and does not require mobile network coverage for use. The application generates and provides you with the 6-digit code you need to transact.
This is a small mobile device which is used to generate a onetime passcode (OTP) to enable you carry out transactions requiring a higher level of authentication
The onetime passcode (OTP) will expire if not used within 3 minutes. In this case, you may be required to generate another one-time-pass code.
As a retail customer, you are automatically enabled to generate your onetime passcode (OTPs) via the system by clicking on the Request Passcode button. However retail customers have the option of using either the Hardware or Software token for onetime passcode (OTP) generation but not both.
We require that all corporate customers use the hardware tokens for onetime passcode (OTP) generation to be able to access the Diamond Online Banking Service.
Diamond TOKEN is a security device which is used to generate one-time password (OTP). The Diamond Token (which comes in 2 variants) may have gotten to you as either: Physical hardware token Or Software token which would have come to you as an SMS from Diamond Bank with a link to download.
The Hardware token is a small physical device which is used to generate one-time password (OTP) on the device itself. Users are required to set their token PIN themselves upon receipt. The PIN is to be used anytime the user wants to generate a token (pass code).
The software token is installed on your mobile phone. This is used to generate a one-time password (OTP). The software token requires a local password and it is self defined by the user. This password is required anytime the user wants to generate a token (pass code).
Click Token Form (603.2 KiB) to Download Diamond Token Application Form
Activating your Token
To activate your Hardware Token
Step 1: Press the play button at the bottom right of the device you have received to turn it ON
Step 2: PIN --- Enter the 4 digits activation PIN above
Step 3: NEW PIN --- Choose any 4 digits PIN of your choice (This is your Token password/PIN for OTP generation)
Step 4: CONF PIN --- Reconfirm your chosen 4 digits PIN (screen presents you with a message APPL 1)
Step 5: Press key 1 to generate 6 digits OTP for your Log In
With your password, you can always obtain your one-time pass code (OTP) any time you need to log into your Internet banking account.
To generate a Token from your Hardware to Login to Diamond Online Banking, use the steps below
Step 1: Press the play button at the bottom right of the device to SWITCH ON your token
Step 2: Enter your 4 digit password/PIN & screen presents you with a message APPL 1
Step 3: Press key 1 a 6 digits OTP is generated (Token ID for Log In)
Please note that your Token would be automatically locked after 5 wrong PIN inputs. In the event of a Token lock, kindly send a mail to email@example.com
Software token Download Guide
Step 1- Request for your Diamond Software Token Activation Details at any Diamond Bank Branch, by email to firstname.lastname@example.org or by calling our 24 hour Contact Centre. Once request is made, your token activation details will be sent via SMS to your registered phone number.
Step 2- Visit your device App Store, search for "Diamond Token", download and install on your device (Blackberry App World for Blackberry devices, Google Play Store for Android devices or iTunes for Apple devices).
Step 3- Click on the software token icon to open token for activation, then input the token activation details in the spaces provided and click OK.
Step 4- Click on OTP, input your password to generate a token.
How to use your software Token:
Step 1: Load your software Token
Step 2: Select and click on One Time Password
Step 3: Put in your local password and click your phone ok button- OTP appears.
Please note that your Software Tokens would generate invalid OTP after 3 wrong PASSWORD inputs. In the event of this, a reactivation process is required.
Reactivation/Reset of your Software Token & this option allows you to reset your software token when your local password has been forgotten.
Software Token Reactivation/Reset Process
Step 1: Load your Token application
Step 2: Go back 1 step to APPLICATIONS
Step 3: Select Settings
Step 4: Select REACTIVATE
Step 5: Select MANUAL
Step 6: Enter your Activation Code
Step 7: Enter your new local password (reactivation password not required)
Step 8: You have been unlocked and can use the Token to generate valid OTP now.
- For Apple Devices (ipad, iphone, itouch), go to the apps store and download digipass for mobile. When the download is done, go to the digipass page and add the Diamond Bank customized digipass using this url: https://appsecure.diamondbank.com:8070/DiamondToken/pkg/iphone/DIGIPASS.xml. Select DIAMOND BANK Token DIGIPASS and click yes to install token.
- For blackberry phones and other Java supported phones click on the applicable link
- Save the zip file to a location on your computer
- Right click on the zip file, go to open with and click on compressed (zipped) folders.
- For Blackberry Phones copy the files in the compressed folder (DIGIPASSv3-1.cod, DIGIPASSv3-2.cod, DIGIPASSv3-3.cod, DIGIPASSv3.cod and DIGIPASSv3.jad). For Java Supported Phones copy the files in the compressed folder (DIGIPASSv3.jar and DIGIPASSv3.jad). For Android Supported Phones, click on the link below to download and install the Diamond Token (diamond.apk).
- Connect your mobile phone to your computer via your data cable
- Move the folders to a location on your mobile phone
- To install software token on your phone, kindly navigate to the folder location and click on the DIGIPASSv3.jad or diamond.apk
- After completing the installation, click on Run to launch the Software
- Enter the Serial Number, Activation Code & Preferred Local Password (we recommend 6 digit code) and select Ok
- Click on Never Ask Me Again option and submit
- Your Token is now ready for use.
Click Here to Download Software Token for Android Enabled Phones
Note: Please note that you are required to fill a Token Request Form, scan and send to email@example.com, Your Activation code and Serial number will be sent to your registered email address or mobile phone.
Click Token Form (603.2 KiB) to Download Diamond Token Application Form
Following the spate of scam mails in circulation, please note the following:
- Diamond Bank will NEVER request for your account information or an update of your personal banking details (including BVN) via e-mail or telephone.
- Please DISREGARD and DELETE all such emails as these are scam emails intended to defraud you.
- In addition, NEVER generate a token or passcode for anyone via telephone, e-mail or internet chat.
- Always ensure you check that the sender of all Email messages is Diamond Bank firstname.lastname@example.org before responding to any Email.
- Diamond Bank contact centre will never call you to request that you click or respond to any email.
To report such emails or for more information, please call 0700-300-0000, send an SMS to 30811 or email us at email@example.com. To offer feedback or make a complaint, Kindly send an email to firstname.lastname@example.org
See links below for samples of the fraudulent messages currently in circulation. Customers should guard against falling victim of such mails.