Sunday, 25 December 2011

Web Security Awareness Inspired

As a frequent traveller, going online has become universal for me. I expect Internet access wherever I am for whatever I need. However, when I am on the road, accessing the Internet can be challenging. Connections may be not only slower but also at greater risk, especially when connecting to public networks or using a public computer in the hotel. The key to using the Internet securely while travelling is to understand these additional risks, use caution, and be prepared.

One of the most effective ways you can protect yourself when travelling is to first take simple, preventive steps before you leave. If you are using a corporate image notebook, most of the following tasks are likely maintained by your IT desktop management, but nevertheless worth to check frequently by your own, in particular if this is your own device that is not managed by IT.
  • Ensure your laptop and smartphone operating systems and applications have the latest version reduce their vulnerability to attack (i.e. use “Windows Update” in your program list to check).
  • Make sure the firewall on your laptop is enabled. This helps prevent others from connecting to your laptop over the network. Check that your anti-virus software is up-to-date and in good working order (i.e. for both firewall and antivirus check the status icon in the taskbar).
  • Laptops and smartphones are targets for thieves and easy to lose - as we all know and always tell our customers. Enable automatic screenlock on your laptop and smartphone using a strong password or, at the very least, a PIN code.
  • If your laptop or smartphone has personal or confidential information stored on it, consider encrypting the information or your entire hard drive. Many organisations already deploy file- and/or whole disk encryption as part of their corporate images. If you are using your own device, consider software for file encryption and/or for whole disk encryption.
  • If you set an out-of-the-office message, identify a colleague as an alternate point of contact while you are gone. In addition, do not provide specific details about your trip. If possible, limit delivery of your out-of-the-office message to recipients within your organisation or to people already in your address book.
  • Make yourself familiar with the travel safety program of your organisation to see what special services it offers to us whilst travelling.

Always keep in mind that in a public network anyone has access, and your online activities can be monitored by others. In addition, malicious individuals may operate fake Wi-Fi networks that are designed to fool you into using them and potentially attack your system.

When possible, use a sponsored Wi-Fi network hosted by a legitimate organisation. Look for signs with the name of the Wi-Fi network displayed in the hotel lobby, airport terminal, or café. Using these sponsored networks is a better security bet than picking a public Wi-Fi network at random. In addition, when possible use encrypted Wi-Fi networks, and pay attention to the type of encryption. In order from best to worst, the common Wi-Fi encryption types are: WPA2, WPA, and WEP. Even with Wi-Fi encryption, your communications could still be intercepted by other users of the same Wi-Fi network

Take the additional precaution of using an encrypted data connection such as HTTPS or Virtual Private Network (VPN). An HTTPS browser session, usually indicated by the familiar padlock icon, encrypts the information you send over the Web. Many websites and online services allow you force that HTTPS encryption be used at all times.

If your organisation provides VPN access, always try to establish a VPN connection via the VPN client into the network of your organisation. A VPN connection ensures that all your online activities are encrypted and unreadable for those that are intercepting your communication.

Another option is to use your smartphone as a Wi-Fi access point – if you have data flat rate and if you are not roaming outside of your home mobile carrier country. If you have a smartphone, contact your service provider about using its +3G capabilities to set up a secure “tethered connection” or “personal Wi-Fi hotspot” for your laptop. In addition, your smartphone’s email and browser capabilities may be enough to meet your needs while on the road. If so, the security afforded by your smartphone’s mobile broadband connection is a better bet than public Wi-Fi.


There is no way for you to know who used a public computer before you. It may have been infected or otherwise compromised accidentally, or malware may have been planted on it deliberately. Any information you enter may be stolen by cybercriminals.

Limit your use of public computers to casual web browsing only, such as checking the weather, the status of your flight, or catching up on the news. If you have no choice but to use a public computer to make a transaction or to communicate sensitive information, you have to assume that any information and your login and password you used have been compromised. Keep track of the accounts you had to access and change your passwords immediately the next time you have access to a trusted computer and network.

I hope you find this information useful. If you want to learn more about how to establish a security awareness program within your organisation, please visit the Symantec Security Awareness Program website. This program helps you to train your employees to understand information security issues and behave in a manner that minimizes risks.


Monday, 19 December 2011

Fake Offers For Mobile Airtime Haunts Indian Users

Symantec is familiar with phishing sites which promote fake offers for mobile airtime. In December, 2011, the phishing sites which utilized these fake offers as bait have returned. The phishing sites were hosted with free web hosting.
When end users enter the phishing site, they receive a pop up message stating they can obtain a free recharge of Rs. 100:

Upon closing the pop up message, users would arrive at a phishing page which spoofs the Facebook login page. The contents of the page would be altered to make it look as though the social networking site was giving away free mobile airtime. A list of 12 popular mobile phone services from India would be displayed with their brand logos. Once the page completes loading, the theme songs for each of these mobile services play, one after the other.
This phishing page gives a long (fake) offer description. In the description, users are required to enter their login credentials to receive the free airtime offer. The description further states with pride that the site is the first ever to provide this offer and reminds it is always free for users. In reality, if users enter their credentials the phishing page will redirect to a legitimate web retailer selling online purchases of mobile airtime. The strategy behind bothering to redirect to such a site is to mislead users into believing that a valid login has taken place and avoid suspicion. If users do fall victim to these phishing sites, phishers will have successfully stolen their information for identity theft purposes.
Users should be careful. In the fake login below (in blue and purple text) you can see the claims of free airtime:

The URLs on the phishing page also contained text in them to further lead users to believe this social networking website has a relationship with online mobile airtime recharging. The examples:
hxxp://www.******.******.com/Facebook-rc/facebook2011.html  [Domain name removed]
hxxp://free-r3charg3.******.cc/facebook2011.html  [Domain name removed]
hxxp://free-rechargess.******.cc/recharge/1/3.php  [Domain name removed]
Here are a few best practices for Facebook users to combat these threats:
  • Use unique logins and passwords for each of the websites you use.
  • Check to see that you're logging in from a legitimate Facebook page with the domain.
  • Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.
  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • Become a fan of the Facebook Security Page for more updates on new threats as well as helpful information on how to protect yourself online.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.
Secure your Facebook Apps by Facebook Apps SSL


Tuesday, 13 December 2011

SSL Certificate and Cyber Security

This article provides plenty of information about Cyber Security and usefulness of SSL certificates to protect your ecommerce website. Know about how to protect Cyber Security & Online transaction(payment) with SSL Certificates.

Since last 20 to 25 years world is rapidly changed to cyber world. Cyber made all things fast and closest. Living miles away, people can see, speak, and live as sitting on coffee table. Cyber innovation changed the growth of world beyond imagination in last 25 years. When a computer was invented it was a giant and now people use it as notebook. Technology is developing rapidly with unmeasured growth.

A rapid growth of cyber required security and safety. People started talking online, shopping online, banking online even getting married online. Let’s talk about cyber security, many online shoppers, sellers and bankers were abused by Hackers (Kind of thieves). These thieves were major problem on cyber invention. People started feeling unsecure started avoiding online dealings. Innovation is on growth and did not want to stop or running back to zero. Technology gurus found key to secure online data and this key is SSL certificate.

What are hackers and hacking?

Hackers are thieves who try to gain un-authorized access to your computer via network or program. Stealing data from computer or network is called hacking. Like as thieves Hackers do not knock your door. They get un-authorized access and start stealing your personal data. You realize once see loose of data, money and everything

Who invented SSL certificate?

SSL certificates are developed on protocol SSL (Secure Socket Layer) by Netscape in 1994. Netscape used encryption and decryption technology to make data unreadable for hackers. Incase hackers steal encrypted data then even he can not read get correct data.

Later technology established SSL certificate standards and authorized few organizations to work as SSL certificate issuer. They are called SSL CA – Certificate Authorities. Few of them are VeriSign, GeoTrust, Thawte, Equifax, Entrust, Global Sign, RapidSSL, Comodo. All these CAs are authorized for issuing Web Trust certificates. SSL technology started supporting up to 256 bit encryption to secure online data.


As online shopper, seller or banker trust only SSL certificate website. Real merchants always used SSL certificate securing customer credit card details and private information. Do not get abused with good web designs and words, as scammers always use such scamming ideas. Trust only ssl certificate secured websites.
To know more about Different types of SSL Security Certificate visit

Source: cybernewsnetwork

Friday, 9 December 2011

Skype Security Flaw

The researchers found several properties of Skype that can track not only users' locations over time, but also their peer-to-peer (P2P) file-sharing activity, according to a summary of the findings on the NYU-Poly web site. Earlier this year, a German researcher found a cross-site scripting flaw in Skype that could allow someone to change an account password without the user's consent.

"Even when a user blocks callers or connects from behind a Network Address Translation (NAT) ­-- a common type of firewall ­-- it does not prevent the privacy risk," according to a release from NYU-Poly.

The research team tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and found that callers using VoIP systems can obtain the IP address of another user when establishing a call with that person. The caller can then use commercial geo-IP mapping services to determine the other user's location and Internet Service Provider (ISP).

The user can also initiate a Skype call, block some packets and quickly terminate the call to obtain an unsuspecting person's IP address without alerting them with ringing or pop-up windows. Users do not need to be on a contact list, and it can be done even when a user explicitly configures Skype to block calls from non-contacts.

This has always made me wonder why these programs have their own security policies. Can't it be possible for products such as skype, which millions of people use to connect to friends and family globaly, to work with dedicated secuirty software to stop any unwanted threats. For instance, both Xbox Live and the Playstation online network have been hit by fraudsters this year and stolen millions from unsuspecting users. So wouldn't working together be benificial for all parties, if the technology is already there why develop your own inferior product?

For more Information about security certificates visit

Source: symantec

Monday, 21 November 2011

Keep in mind of Your Vacation Take a trip E-Ticket Confirmation

How does Symantec know it's the week of Thanksgiving? Because as the most popular travel day of the year day quickly strategies, the day just before Christmas, there is an increase in bogus mail solution confirmations that lead to infections.

Here is what bogus air travel information looks like:

 If you examine the HTML development for this information properly, you will see a destructive weblink in the core tag:

This weblink markets to a known malware-hosting site in Italy which in the past put Virus.Maljava. Virus.Maljava is a recognition name used by Symantec to recognize destructive Coffee information that uses one or more weaknesses, one of many risks looking forward to an trusting person.

So before you click through messages during the trip hurry, here are some best methods to secure yourself from these types of destructive mail attacks:

    * Be particular about sites you give your mail to.
    * Before coming into personal or financial information online, ensure the website has SSL security (look for things like HTTPS, a 'lock', or a natural deal with bar).
    * Avoid hitting dubious links in mail or information as these may be links to spoofed sites. We recommend writing Web covers immediately into the technique rather than based upon links within your information.
    * Do not start trash information
    * Do not respond to trash. Generally the sender’s mail is cast, and responding may only result in more trash.
    * Do not start unfamiliar mail emotions. These emotions could give up your computer.
    * Always be sure that your os is up-to-date with the newest messages and use a complete security selection. For information on SSL Certificates choices, visit

source: symantec

Wednesday, 2 November 2011

Google to offer free websites to Indian businesses

Google Inc said it will offer free websites to small and medium businesses in India in a move to boost Internet usage in Asia's third-largest economy and aims to get half a million of these businesses online in the next three years.

India is the world's second-biggest mobile phone market with about 870 million users, but Internet penetration is low. About 100 million, or less than a tenth of a country of 1.2 billion people, use Internet although that still makes it the world's third-biggest Internet user market.

The country is home to an estimated 8 million small and medium businesses, of which about 400,000 have a website and 100,000 have active online presence, Google said in a presentation on Wednesday.

The online commerce, or e-commerce, market in India is small now but few people doubt one day it will be a big business in the country. Google said in the presentation e-commerce in India has hit an "inflection point."
"We want to build an ecosystem...We are investing in the market," Nikesh Arora, Google's chief business officer, told reporters in Delhi, adding the country was not a big revenue market yet but a good user market.
Rajan Anandan, managing director of Google's Indian unit, said the Internet search giant was making "significant" investments in the free web hosting initiative but had no "near-term revenue expectations" from it.

Google and its partner web hosting firm HostGator will facilitate free web domain names and will maintain the websites for a year without charging any fee. At the end of the first year, users will have to pay a "nominal charge" if they wish to renew their domain name, Google said in a statement.


Sunday, 25 September 2011

Lync Deskphones and Wildcard Certificates

A critical component of any Lync deployment is the deskphone.  While some users may be comfortable with using a headset/PC combo as their primary telephony interface, I've found that most users still prefer a deskphone.

However, getting a Lync deskphone to work with Lync can be a bit tricky if you aren't diligent about following Microsoft best-practices to the letter.  You may have a Lync environment that works perfectly well for computer-based Lync clients, but you may come across various connectivity issues when you plug in a Lync deskphone that does presence and Exchange calendaring. 

I recently came across a client who were having Exchange connectivity issues with their Polycom CX600 phones.  The Polycom CX600 is likely the most popular Lync deskphone. It provides a very slick interface into Lync and Exchange so you can see your presence, contacts and upcoming meeting information. It is also very cost-effective compared to other similar products.

When users signed into Lync on their CX600 (either via keypad or USB-PC integration), they were soon presented with the following error:
Microsoft Exchange integration unavailable.  Connection to Exchange is unavailable due to invalid network credentials.
The CX600 uses Exchange Web Services (EWS) and autodiscover to find the connection to Exchange.  If there are issues with either service, it will pretty much guarantee that the CX600 won't connect.  I verified that both EWS and autodiscover were working properly.

When I reviewed the certificate loaded on the Exchange Client Access Server, I saw that the common name (CN) was set to their public domain (ie.  The Subject Alternate Names (SAN) included all the required names.  Microsoft Lync documentation recommends that you do not use certificates with the CN set to a wildcard domain name.  You CAN use wildcards in the SAN, but the CN really should be a valid name.  In this case is the same as * 

The client replaced the certificate with one whose CN matched the externally accessible name of the CAS server ( as reported by Exchange.  They issued an IISReset, restarted the CX600 and the error went away.  They now have full connectivity to Exchange via the CX600.

I've seen variations on this many times on both Exchange and Lync.  If you're only using Lync PC clients, you may never notice any issues, but as soon as you bring deskphones and even mobile phones into the mix, these sort of things often come up. 

So as a general rule, if you're creating certificates for Lync or Exchange, 
DON'T use a Wildcard SSL as the first name.

The Symantec® NetSure® Protection Plan, the Best in the Biz

Yet another hands down reason to choose a Symantec® SSL product over the other guys. Symantec® now offers an incomparable NetSure® Protection Plan with each and every Secured Sockets Layer (SSL) certificate. The NetSure® Protection Plan is an extended warranty program that keeps its customers and their companies first. It protects SSL Certificate customers against certain losses that possibly resulted from a breach on Symantec®.

This one-of-a-kind warranty extension applies to the VeriSign®, Thawte® & GeoTrust® brands and is just another distinct advantage over the competition.

VeriSign SSL Certificates now include up to a whopping $1,500,000 of NetSure® protection…just to give you a peace of mind and to show you that they truly believe that they are the best security company out there. They truly put their money where their mouth is.

The True Symantec® Advantage

This dramatic increase in warranty coverage across all of the different Symantec® SSL products is a true testament to their confidence in their products and provides VeriSign®, Thawte®, and GeoTrust® customers with the level of trust and security they have come to expect only from Symantec® and The SSL Store.

The New Warranty Limits
The new warranty limits for NetSure® protected SSL certificates are as follows and coverage applies to the following certificates issued on or after 
July 30th, 2011:

VeriSign Trust Network Certificates


USD $1,500,000


USD $1,250,000


USD $1,000,000


USD $500,000


USD $10,000


USD $0

Thawte Certificates


USD $750,000


USD $500,000


USD $250,000


USD $125,000


USD $100,000


USD $50,000

Geotrust Certificates


USD $500,000


USD $250,000


USD $250,000


USD $125,000


USD $100,000


USD $0

RapidSSL Certificates


USD $10,000


USD $10,000


USD $5,000

Please contact us for more information on the NetSure® Extended Warranty Protection Plan.

Source URL:-

Thursday, 22 September 2011

Best SSL Affiliate Program Launced

SSL Affiliate Program - is one of the largest SSL certificate providers globally and now it’s offering Highest Paying Affiliate Programs "SSL Affiliate" to affiliate community where one can sale SSL certificates using their robust affiliate tracking system and earn commission.

SSL Affiliate Program

Earn commissions for a full year and maximize your income.
You’ve got plenty of traffic coming to your site. Why not give all your visitors a way to gain the confidence of their potential buyers and get paid for it? Virtually every business that collects information or payments online knows the importance of Security Certificates (SSL) to build customer trust and protect personal and financial data. Now you can help business owners give their customers peace of mind while creating a new source of income for your business - automatically.
How does The SSL Store Affiliate program work?
1.    The site visitor clicks your affiliate link
2.    The IP address is logged and a cookie is placed for tracking purposes
3.    The site visitor links to our site and may or may not purchase a package at that time
4.    If the visitor orders a package on that visit you receive your commission
5.    If the site visitor does not purchase during his first visit but comes back to the site within 90 days and makes a purchase you still receive commission.

How much does The SSL Store Affiliate Program pay?

1.    10% for Retail Customers - The simplest, most affordable way for business owners to earn their customer’s trust, increase sales, and protect personal and financial information using SSL certificates.
2.    5% for Enterprise Customers - Streamlined solutions for Corporations, Educational Organizations, Government Agencies, State, County and City Entities, and Civic Organizations to manage all their SSL certificates under one control panel.
3.    5% for Resellers - The industry’s most flexible and lucrative program for IT and web solution providers looking to resell SSL certificates.

Wednesday, 21 September 2011

Get Geotrust quickssl Premium Seal At Discount Price by GeoTrust QuickSSL Platinum Authority

Questions? Call 727-388-4240 is an authorized and the leading GeoTrust QuickSSL Premium platinum authority on Global Scale. We offer GeoTrust QuickSSL Premium Seal @ $62.80/yr.

GeoTrust QuickSSL Premium Seal

GeoTrust QuickSSL Premium certificates are the most convenient and cost effective solution for any business that needs to conduct secure online transactions. These certificates enable up to 256-bit encryption and instill confidence and trust in your customers and business partners when providing sensitive information over the Web or mobile devices. 

Features & Benefits:-
  1. Secures both NON-WWW and WWW domain (FQDN)
  2. Single Root Certificate, Enables up to 256-bit SSL encryption
  3. Fully automated provision process
  4. FREE self-service reissues during validity period
  5. Enables up to 256-bit SSL encryption
  6. Compatible with 99% of current browser
  7. Present in 99%+ of mobile devices and smart phones
  8. Real-time, two-factor telephone authentication

Dynamically-generated site seal with a time/date stamp that identifies your site as authentic and validated by a trusted 3rd party to avail the advantage of real time extra discount offer visit

GeoTrust QuickSSL Premium

Monday, 19 September 2011

EV SSL Certificate with Optimal Security Protection

The EV SSL Certificate interacts with the address bar of your browser. The user can visually identify the reliability of the site as recognized by their web browser. It changes to green – “GO” – to indicate the safety of the site, in opposition to the red color – “STOP” – seen if a certificate is expired or contains mismatching data.

How an EV SSL Certificate Works?

Highly secure browsers perceive whether an SSL Certificate has been authenticated on the basis of Extended Validation. If so, they show in the web address “https” and a closed lock as signs of an encrypted session. In addition, the address bar turns green. The name of the organization and the certification authority that authenticates the data will be displayed next to the address. In this way the user can see at a glance if a site meets the industry’s most stringent authentication standards.

Is a higher level of authentication necessary?

Online fraud is increasing more and more, and it’s becoming more difficult to perceive fraudulent web sites as criminal methods become increasingly sophisticated. Given the fears about identity theft and online scams, users want to know if a site is trustworthy or not. The green address bar boldly announces security and trust. It is a valuable tool to increase sales that many e-commerce sites overlook. Though sites like PayPal and large corporate banks use it both to enhance trust and to foil phishers (because EV is far more difficult to mimic), EV SSL is even more important for smaller companies. Presenting the green bar means not just a logo on the site but the browser itself says, “You can trust this organization.”

Who can buy an EV SSL Certificate?

EV SSL Certificates involve the most rigorous application process of any SSL certificate. The Certification Authority/Browser (CA/B) Forum sets the standards. To qualify, an organization must be registered with an official registration authority within their jurisdiction. Corporations, partnerships, unincorporated companies, government agencies and sole proprietors can apply. The Certification Authority (such as VeriSign, Thawte, GeoTrust, or RapidSSL) replies with full qualifying questions and instructions.

Application may not be from “blacklisted” countries. These applications will simply bounce back and be refunded. Individuals and unregistered companies cannot currently qualify for Extended Validation EV SSL Certificates.

About the Author:-

RapidSSLonline is the world leader in major brand SSL certificates: it is at the top of the list when hovering over “Partners” at’s homepage. provides a Price Match program to meet or beat any competitor pricing, along with 24/7 support for anytime problem-solving. NASA, IBM, Microsoft, Harvard University, the UN, and thousands of small organizations and businesses have trusted The SSL Store since its founding in 2007. offers Extended Validation SSL (EV SSL) including the following: VeriSign Secure Site Pro (SGC) EV, VeriSign Secure Site EVGeoTrust True BusinessID EV, GeoTrust True BusinessID Multi-Domain EV (SAN/UCC), and Thawte SSL Web Server EV. Retail Director Kent Roberts can be reached anytime at (727) 820-1161.

Thursday, 15 September 2011

Plug & Play with The SSL Store - Fully Integrated Application Plug-In

St. Petersburg, Florida - September 8th, 2011 – One of the world leaders within the SSL industry is making their services even easier. The SSL Store has developed fully integrated application plug-in solutions so that their partners can operate as smooth & seamless as possible. Now, any partner can just plug and begin to “play" or seamlessly offer SSL to all of their customers within their control panels.

“We at The SSL Store believe our partners don’t have to adjust their business based on our solutions. We allow our partners to choose their own platform to sell SSL certificates. It is our mission to make the SSL business seamless with a variety of platforms, giving our partners maximum flexibility in choosing their panels or billing systems while at the same time giving them the best rates and of course, our fully committed 24/7 support guarantee."

There will be many more plug-ins available soon, but currently, The SSL Store has WHMCS, Client Exec, Parallels PLESK & Parallels Business Automation Standad PBAS) available and plans to continue to constantly development new ones. Actually, they are in the process of developing quite a few other ones right now according to their Director of Global Channel Development, Bill Grueninger.

These plugins allow a partner to operate as efficiently as possible by eliminating the manual workflow usually associated with the sale of SSL certificates. With The SSL Store plug-ins, partners can access a wide range of globally renowned & trusted SSL and security products all under one roof. The plug-ins support everything from sign-ups to termination, automated & recurring billing, multiple currencies, estimates, ticket support, provisioning & management and last but, certainly not least, all of the plugins are backed by the industry’s best 24/7 support. Also, all of the plug-ins is based on a fully secure API to ensure privacy.

By utilizing one of The SSL Store’s fully integrated plug-in options, you can increase your ticket value and maximize your profits.For more information contact Bill Grueninger at bill[at] or 727-820-1164.

About the Author: The SSL Store is based in St. Petersburg, Florida, in the United States. Organizations large and small, including NASA, Microsoft, the United Nations, and many other organizations, have trusted The SSL Store with their SSL security certificate needs since 2007.

Plug and play With TheSSLstore

Sunday, 11 September 2011

Multi-level protection to ensure security of online transactions

Using advanced EV SSL server certificate and establishing SSL encrypted safety passageway

The EV SSL server certificate used by our website is a certificate issued in accordance with strict global authentication standards and has higher security than ordinary SSL certificates, so it’s used to protect the user against online transactions with banks not rigorously authenticated, addressing the growing online fraud, and guarding against phishing websites.

The EV SSL certificate is compatible with the regular SSL certificate. If a customer uses a browser of IE6 edition or below, the EV SSL certificate will be treated as a regular SSL certificate. If a customer uses a browser of IE7 or IE8 edition to visit a website protected by the EV SSL certificate, a green address bar will appear in the browser and the unit name of the website, and the issuer of the certificate will recursively appear in the security status bar on the right of the address bar, while in case of other SSL certificates the address bar still remain in white.

In the IE7 or IE8 browser, a green address bar will appear in a website encrypted with the EV SSL certificate telling the user that the website they are visiting has been rigorously authenticated. These new interface features can be directly displayed to convince customers that they are visiting their intended website rather than a fake website.

If you log in to CGB online banking and the address bar does not become green, you can click and download the root certificate.

Advanced encryption technology

We use the state-of-the-art SSL128-bit encryption technology to ensure the confidentiality of your information during the transmission between your computer and our bank. Once the information is encrypted, only the specified receiver can read it.

Dual Identity Authentication

We use the state-of-the-art SSL128-bit encryption technology to ensure the confidentiality of your information during the transmission between your computer and our bank. Once the information is encrypted, only the specified receiver can read it.

If the username and password registered through our online banking system is one of the keys for you to log in to the system, the digital certificate is another key for you to log in to our online banking system for account transactions, and the Key Shield provided by our bank is used to protect this key. When you download and save your digital certificate into the Key Shield, you can use it as the lawful and valid certificate for fund transfer between accounts through the online banking system. Due to its uniqueness and irreproducibility, you just need to keep the Key Shield properly and then even if your account number and password are disclosed accidentally, no one can impersonate you and transfer your fund from your account.

Password Security Protection

For the common version of personal online banking, you need to enter the login password in order to log in to our online banking system. To prevent others from stealing your username and making malicious login attempts, if the login password is entered incorrectly for three consecutive times, the system will suspend this account for thirty minutes. If the password is entered incorrectly for ten consecutively times, the system will lock the account. Then you need to go to any CGB outlet under the branch that holds the online banking account to defreeze it before you can use the online banking services again.

Customers of the certificate-based version of personal online banking and those of the corporate online banking system need to enter two passwords in order to log in to our online banking system, namely, the Key Shield password and the login password. If the Key Shield password is entered incorrectly for ten consecutive times, the Key Shield will be automatically locked. In this case, personal customers need to go to any CGB outlet under the branch that holds the online banking account to restore the certificate, and corporate customers need to go to the CGB outlet that holds the online banking account to restore the certificate.

Transaction Interface Time Control

When you are using our online banking system, we monitor the system all the time to see if it works properly. If you open the transaction interface and do not perform any operation for a specific period of time, the system will automatically exit and prompt you to log in to the online banking system again so as to avoid the risk that may be caused when you need to stay away from the computer for a long time but forget to exit the transaction interface.

Transaction Limit Control

To ensure your fund safety, customers of the common version of personal online banking are not allowed to conduct transactions such as making large-sum online payment and transferring money to accounts other than their own for remittance, but are allowed to transfer money between accounts under the same name and make small-sum online payment. When signing up for the transfer service between accounts under the same name, you can go to the counter of a CGB outlet to specify the transfer limit. If you do not specify it, there will be no limit. When making the small-sum online payment, you can set the payment limit by yourself through online banking, but the per-transaction amount cannot exceed RMB 500, and the per-day accumulated amount cannot exceed RMB 1,500. A credit card account is also subject to its own credit line.

Customers of the certificate-based version of personal online banking can freely set the maximum per-transaction online payment amount, maximum per-day accumulated online payment amount, maximum per-transaction outgoing amount and maximum per-day accumulated number of outgoing transfers. If you do not specify these, the system will assume that you do not set any limit for the above transactions. A credit card account is also subject to its own credit line.