Security and Privacy
1. How do you ensure you are accessing a genuine website?
It is a secured website which uses TLS (Transport Layer Security) encryption technology enabled by SSL certificate to protect your information and secure your online transactions. Please ensure that you are accessing its web address that starts with https:// and you will usually see a security padlock when you are accessing a secured website.
2. How secured and safe is it to perform transactions?
All transactions are processed with strict security using the Secure Sockets Layer (SSL) protocol, the security standard used by most financial institution. It is verified by DigiCert, the leading authority on internet security. When you login your account, a padlock will be shown in the status bar and you can always check the server digital certificate. Please check out our security advisory on Phishing and Spyware. You can also view security practice to safeguard your password
3. Do you need to clear browser cache (internet browsing history/information) after you have completed your session?
The better way is to access the browser by using InPrivate, Incognito or Private Browsing mode:
| Internet Explorer | On the menu, choose "New InPrivate window." |
| Google Chrome | On the Chrome, click "New incognito window". |
| Mozilla Firefox | On the Firefox, click on "Open Menu", click "New Private Window" |
| Safari (iPhone or iPad) |
1. Launch Safari from your Home screen. 2. Tap on the show pages button at the bottom right of your screen. It looks like two squares. 3.Tap on Private in the lower left-hand corner. 4.Tap on done at the bottom right of your screen in the prompt that appears confirming you are in Private Browsing Mode. |
If your browsing is not in InPrivate, incognito or Private Browsing mode, as an added privacy measure, you should clear the browser cache (internet browsing history/information that is stored in internet files) after each online transaction session. This is to prevent others from viewing confidential transactional information done.
| Internet Explorer |
1. On the menu, click "Tools" and select "Internet Options". 2. In the "Internet Options" window, select the "General" tab. 3. In the "General" tab, under the browsing history section, click on "Delete”. 4. In Delete Browser History window, select "Temporary Internet files and website files" and "Cookies and website data". 5. Click "Delete" to delete all temporary internet files and cookies. |
| Google Chrome |
1. On the Chrome, at the top right click on "Customise and Control Google Chrome" and select "Settings". 2. At the bottom of the Setting page, click "Advanced". 3. Under "Privacy and security" section, click "Clear browsing data". 4. In the "Clear browsing data" window, set "Time range" value to "All time". 5. Select "Browsing history", "Cookies and other site data" and "Cache images and files" then click "CLEAR DATA". |
| Mozilla Firefox |
1. On the Firefox, click on "Open Menu" and then select "History". Click on "Clear recent history". 2. In the Clear All History window, set "time range to clear" value to "Everything". 3. Under "Details" section, check "Browsing & Download History", "Cookies" and "Cache" boxes then click "Clear Now". |
| Safari (iPhone or iPad) |
1. Go to Settings > Safari. 2. Tap Clear History and Website Data. |
4. What can you do to protect your online information?
• Do not disclose your password or account details to any unauthorised persons.
• Do not click on links in an e-mail from senders whom you are not familiar with. These emails often contain misspelled words in the sender’s e-mail address or fill out forms in e-mails messages and un-trusted websites.
• Be wary of unexpected calls or emails requesting personal information, passwords or financial details. The Manager will never send you an email or SMS asking you to verify or provide sensitive/confidential information.
• Create smart passwords by using combination of numbers, upper- and lower-case letters. Avoid using dictionary or generic passwords or a password that is easily identified with you (e.g.family name, birthday, pass1234, etc.)
• Do not share your password or write it down. Prevent browser from storing your login id and password. Passwords should never be automatically filled in by a computer.
• Change passwords regularly. Choose a different password for each online account. For example, using the same password on bank accounts and social media or email may Increase risk of identity theft or fraud.
• When you log in, you are in a secure session. Ensure the web address starts with https://.
• Remember to log out if you step away from your computer or you have completed your tasks.
• Avoid using public Wi-Fi or public computers to perform online transactions.
• Only use online services on computers with up-to-date anti-virus and anti-spam software.
• Clear browser cache (internet browsing history/information) after each internet transaction session.
• Do not disclose your password or account details to any unauthorised persons.
• Do not click on links in an e-mail from senders whom you are not familiar with. These emails often contain misspelled words in the sender’s e-mail address or fill out forms in e-mails messages and un-trusted websites.
• Be wary of unexpected calls or emails requesting personal information, passwords or financial details. The Manager will never send you an email or SMS asking you to verify or provide sensitive/confidential information.
• Create smart passwords by using combination of numbers, upper- and lower-case letters. Avoid using dictionary or generic passwords or a password that is easily identified with you (e.g.family name, birthday, pass1234, etc.)
• Do not share your password or write it down. Prevent browser from storing your login id and password. Passwords should never be automatically filled in by a computer.
• Change passwords regularly. Choose a different password for each online account. For example, using the same password on bank accounts and social media or email may increase risk of identity theft or fraud.
• When you log in, you are in a secure session. Ensure the web address starts with https://.
• Remember to log out if you step away from your computer or you have completed your tasks.
• Avoid using public Wi-Fi or public computers to perform online transactions.
• Only use online services on computers with up-to-date anti-virus and anti-spam software.
• Clear browser cache (internet browsing history/information) after each internet transaction session.
5. What is OTP?
One-Time Password or Pin “OTP” is a unique 6-digit authentication code which is system generated. OTP acts as an additional security for you when you make transactions submissions and perform profile update.
6. How do you obtain your OTP?
Your OTP will be generated and sent to your registered mobile in our record prior to each transaction request submission. The 6-digit authentication code will be sent to your mobile number via SMS.
Note: For customers who are overseas, your mobile network must be supported by your mobile network myprovider and you are able to receive the relevant security protocols.
7. What is the validity period of OTP?
OTP is only valid for 4 minutes.
8. What should you do if you did not receive your OTP?
You may click the “Resend” button. However, the OTP is limited for 3 times regeneration in 5 minutes. After the first 5 minutes, you must wait for 15 minutes to regenerate the OTP again. You may also check with your mobile service provider on any connectivity issues.
9. What is TAC
Transaction Authorised Code a unique 6-digit authentication code which is system generated by EPF.
10. Why do you see “Security Logout” page after you have logged in or have left it idle for a long time?
If you leave the login session idle from your last activity in 15-min or forget to log out, system will reset the session and automatically log you out after 15-min.