Security information for CIC eLounge
On this page you will find the most important information and rules of conduct about security for CIC eLounge. Other useful tips and rules of conduct are published on the website https://www.ebas.ch/de/
The most important rules of conduct
- Only download the CIC eLounge app from the Apple App Store, Google Play Store or Bank CIC website.
- Always store the letter with your personal user ID separately from your other CIC eLounge documents.
- Your personal password is secret. Never write it down and never give it to third parties.
- Never give strangers or unauthorised persons access to your computer or mobile devices.
- Protect your computer and your mobile device with an anti-virus program and a firewall and regularly update these programs.
- Regularly run updates for your computer, mobile device and browser to ensure that you always use the latest technology.
- Never log in to CIC eLounge by clicking on a link sent to you by e-mail. Only navigate directly or via the CIC homepage to our eLounge page. Always check that the address is correct before you enter your login data.
- Never pass on any information about CIC eLounge or your mobile device to third parties via e-mail or telephone.
- If you are in any doubt, please get in touch with your Bank CIC contact person at the usual address. Never use a telephone number or email address provided in an email. Do not call the telephone number displayed on your device, as this may be fake.
- In the event of the loss or theft of your access information, contact the CIC eLounge Hotline immediately to have your access to CIC eLounge blocked.
Keep your devices up to date
Download the latest updates for your system, programs and apps on a regular basis.
Software updates are important. They may include security features as well as new and expanded functions or better interoperability with other devices and apps. They also make the software more stable and remove outmoded functionalities.
Ensure you always use the latest version of any software. An updated operating system is a basic requirement. All other programs you have installed (e.g. browsers such as Mozilla Firefox and Google Chrome or Adobe Acrobat Reader) must also be kept up to date. This is easy to arrange and takes little effort; if you activate the automated update function, the programs or operating system search for the latest updates regularly and generally install them independently.
Protecting yourself against phishing and social engineering
Phishing is where fraudsters attempt to gain your confidence in emails, text messages or on the phone by claiming to be your financial institution, for example, and hoodwink you with a link to a website that looks like your bank’s. If you are taken in and enter your access data, criminals can empty your account.
There are also fraudulent support calls from people claiming to be employees of Microsoft or an IT support firm in an attempt to gain access to your device.
Remember: Bank CIC will never ask you for your e-banking access details by email or over the telephone.
Fraudsters often find the starting point for these attacks on social media and networks. Be cautious on these and think hard about the information you disclose.
Source: www.ebas.ch/en/5-exercising-care-and-remaining-alert/
Web address
Check the address shown in the Internet browser:
- Follow the tips given at https://www.ebas.ch/en/checking-certificates/.
- Never launch CIC eLounge via a link sent by e-mail. Only navigate directly or via the CIC homepage to our eLounge page. Always check that the address is correct before you enter your login data.
- Access to our secure website is only guaranteed if the address starts with https://www.cic.ch. Our website uses an up-to-date encryption procedure. This enables a secure connection to be established and the secure exchange of your confidential data.
- If the address begins with “https”, the connection is encrypted. Depending on the browser used, the entire address line or part of it will be green. A padlock symbol will always appear to indicate a secure SSL connection and Bank CIC (Switzerland) Ltd. will be shown as the certified remote station.
Password
Never disclose your password to others:
- We will never ask you (e.g. by e-mail, telephone, in writing etc.) to disclose your password or other confidential data to us.
- Never install software if you are instructed to do so without your initiative by telephone or in writing. Never allow active remote access to your computer.
Change your password regularly:
- Configure a secure password. Avoid obvious names and digits, and passwords that you use elsewhere. Follow the tips given at https://www.ebas.ch/en/4-protecting-online-access/.
- You have to change your initial password when you register. The new password must have at least ten characters, consisting of a combination of numbers, caps and small letters. We strongly recommend also using at least one special character.
- We recommend changing your password regularly. If you are in doubt and suspect that someone could have discovered your password then change it immediately.
- Deactivate input assistance and password storage in your Internet browser.
Login/logout
Check your last login:
- Check the date and time of the last login every time you log in. This information is displayed when you log in from the registered mobile device or CIC Digipass that you need for registration.
Unsuccessful login:
- You have three chances to enter the correct password. After the third unsuccessful attempt, your user ID will be temporarily blocked. After the fifth unsuccessful attempt, your user ID will be blocked. Only the CIC eLounge Hotline is authorised to reactivate your user ID and your password or send you a new password.
- For security reasons, the password is only sent by registered mail.
Log out after each use:
- End every CIC eLounge session by clicking on the “Logout” button.
Automatic logout:
- If you forget to end your session by clicking on the “Logout” button, the connection will be automatically suspended after ten minutes of inactivity for your own security.
Temporary internet files:
Your computer stores the websites you have visited in a directory on the hard drive so that they can be displayed more quickly at a later time. However, if you wish to protect your data against unauthorised access then you should block the storage of secured sites or delete the temporary internet files after each use. See also https://www.ebas.ch/en/deleting-browser-history/.
Signing off on transactions
To increase the security of payment transactions, you have to sign off on payments. After a payment is entered in CIC eLounge, the payment details (recipient, currency, amount) are shown in your CIC Digipass or CIC eLounge, depending on the authentication procedure you have selected. Only approve payments if the details match the invoice.
Under “Settings > Limits” in CIC eLounge you can determine whether you wish to sign off payments for all or only for some transactions and from what amount you wish to sign off transactions.
Check computer
The security of our website is one of our most important concerns. We strive to offer you the highest level of security. In order to benefit fully from this, you must also make sure that your computer is secure.
Please therefore pay attention to the following:
You will find all the information you need to securely use the CIC eLounge at https://www.ebas.ch. Please pay particular attention to the five steps for safeguarding your IT security at https://www.ebas.ch/en/5-steps-for-your-digital-securtity/.
Please also pay attention to the continuously updated news on the EBAS homepage.
Any other questions?
If you have any further questions, please contact our CIC eLounge Hotline by sending an e-mail to elounge@cic.ch or calling us on bank working days from 8 a.m. to 5.30 p.m. at +41 (0)58 268 16 30.