Update your browser

Update your browser

You are using an old version of your browser. We recommend you update it or change browser for a better web experience.

Group website

Home

Security

1. Advice for your online security
Read this basic advice for your security

2. System security
At SabadellAtlántico we have incorporated the most advance security technology together with supplementary measures.

3. Security measures 
Below you will find advice to hep you keep confidentiality and security when browsing the Internet and Distance Banking Services of Sabadell

4. Preventions

5. Protections
The protection described below is supplementary and no single one replaces the others

6. Good practices
To prevent any possible problems arising from the vulnerabilities that are occasionally discovered in the software used, it is a good idea to visit the security pages of the manufacturers of the programmes that you use, in particular the navigator and the operating system itself.

7. Electronic Signature
Banco Sabadell has initiated the use of the electronic signature in its dispatches of e-mail

 

 

1. Advice for your online security

Read this basic advice for your security
 
Security in online services
 
When you surf the Internet and/or receive e-mails, it is important that you do not enter your DNI, your access codes to online banking, your secret numbers for carrying out operations, or other sensitive data (such as numbers and codes of your debit and credit cards) in the following cases:
 
We inform you that Banco Sabadell will never ask for your confidential details, such as passwords or secret numbers, either by phone or by means of a form.
Never keep your access code (PIN) together with your personal code card for online banking and avoid access or viewing of the same by third parties.
In order to strengthen the protection of your computer
For a greater security and confidence, the bank is progressively incorporating digital certification for your e-mail communications.
For further information, call our telephone advice service on 902 323 000, or consult the recommendations and the information available on the various portals of the Banco Sabadell group.
 
 
 

2. System Security


At SabadellAtlántico we have incorporated the most advance security technology together with supplementary measures.


128 BIT SSL ENCRYPTION PROTOCOL. SECURE SERVER

This technology enables the data entered on the screen and which pass over the network to be encrypted using an algorithm with variable codes in each connection. These codes are an essential security component of a “secure server”.

Solbank Online is housed on a secure server and has 128 bit codes, using the latest certificate versions available, called extended validation certificates or SS LEV certificates. These certificates use additional security mechanisms which incorporate fraud prevention technologies, informing the use on the security level of the page visited. The latest versions of browsers, such as Internet Explorer 7 or higher, for example, or Firefox as from version 3 support these types of certificates, indicating the authenticity of the webpage visited, by shading the address bar in green.

Pie de mensaje

In addition, next to the padlock, information of the Juridical Corporation which owns the webpage is shown (in our case Banco de Sabadell, S.A.) By pressing on this area additional details about the certificate used can be obtained.

If, on the other hand, the address bar appears red, do not trust the page as it may be a fraud.

If you use browser versions which do not support these functionalities, the address bar will not be shaded.

more information

 

ACCESS CODE CONTROLS

  1. The access code you enter in SabadellAtlántico must pass a series of controls: reaching a maximum number of mistakes a day, or accumulated over several days, will automatically cancel the access code. In this case, you reactivate it you will need to request it in writing or in person at your SabadellAtlántico office.
     
  2. Those operations requiring greater security (transfers, market orders, etc.) request a second code. This second code is one of those appearing on the BS Online code card. This code card is different and personalised for each customer. For each operation of this nature you are asked a different code at random. The code card is of the utmost importance for security matters and you must always keep it in your possession and notify us immediately of its loss or mislaid at the BS Online service on 902 323 000.
     
  3. When you connect to BS Online, you are shown the date and time of your last connection. Check that this information is correct. This enables you to check that only you know your security codes and are therefore the only person accessing the service.


LIMIT ON THE AMOUNT OF OPERATIONS

For certain operations, the amount of same is limited (or the aggregate over a period of time is limited).

For certain operations, over a certain limit the branch is immediately notified and should any abnormality be detected, it carries out the appropriate security checks.


CONCLUSION

The three elements described above, message encryption, access code control and amount limits create a security level at which you may rest assured when operating via the BS Online system.
 

RECOMMENDATIONS

We have described the measures we have taken as regards our service, but there are also measures you should take with your PC, not so much to protect the communications with the bank, but to protect your system and the information it contains. Your PC is the only element for which the Bank cannot take responsibility; this responsibility is yours.

Go up

3.Security measures


Glossary of terms:

Below you will find advice to hep you keep confidentiality and security when browsing the Internet and Distance Banking Services of Sabadell:

  1. Take care with e-mail messages from unknown sites those containing incoherent information.
  2. Never give your identifier and password or other personal details when requested to by SMS messages, faxes, e-mail messages or via a link provided in same which does not lead to a secure address (https:).
  3. Remember that your access code is personal and non-transferable. You are recommended to change it regularly to prevent access by third parties. Also, remember to memorise it and avoid noting it down.
  4. Be careful how you keep your code card or Digital Identification Card, not allowing third-party access to them. These cards are the key to performing operations.
  5. Avoid showing your card or giving access to it by third parties and make no copies of it. If you use a Digital Identification Card, remember to withdraw it from the reader when you have finished; also, regularly change the card PIN, memorise it and avoid noting it down.
  6. Use an antivirus and antispyware system, update it often, preferably automatically.
  7. Update your browser and operating system with the manufacturers’ security improvements and in accordance with their instructions.
  8. If you have a permanent connection(ADSL, cable or similar), it is advisable to install a personal firewall.
  9. Take additional precautions when using public or shared computers.
  10. If you detect or suspect any security issue, immediately contact the Bank.
  11. Security Policy
  12. Applicable law and jurisdiction

You can contact the bank for security reasons via different channel. If you use the electronic form, select the "Security" option as the reason for your communication.

  1. Do not trust e-mail messages which come from unknown sites or which contain incoherent information.
    E-mail messages from unknown addresses are highly likely to contain computer viruses of malware, especially when the subject line we see before opening it contains incoherent information: it is written in an unusual language or not related to subjects usually discussed with the sender.

    You should remember that even if the message sender is known, when the subject we see is inconsistent with the sender, the message could have been sent by a computer virus or malware, either from the sender’s own computer or from another infected computer which has their e-mail address stored.

    Further information.
  2. Never give your identifier and password or other personal details when requested to by SMS messages, faxes, e-mail messages or via a link provided in same which does not lead to a secure address (https:).
    Banco Sabadell will never ask you for confidential or personal details such as codes, account numbers, card numbers, etc. via SMS messages, fax, e-mail or forms.

    Banco Sabadell will only direct you to its portals via secure pages (https:), which show a closed padlock on the browser screen. If you double-click on its, you can see a digital certificate issued by a trusted company (Verisign) and see that the identity of the certificate belongs to Banco Sabadell (Organization = BANCO SABADELL).

    When entering the Electronic Banking service, check that it correctly shows your name and surnames and the last date and time you connected .
    Further information.
  3. Remember that your access code is personal and non-transferable. You are recommended to change it regularly to prevent access by third parties. Remember to memorise it and avoid noting it down.
    As an additional security measure, you must refrain from choosing a number associated with your personal details, or with any other code which may be easily predicted by third parties (date of birth, telephone nº, series of consecutive numbers, repetitions of the same digit, etc.). You must also refrain from noting down the codes or passwords on any physical medium and if so, together with supplementary identification elements (cards).
  4. Be careful how you keep your code card or Digital Identification Card, not allowing third-party access to them. These cards are the key to performing operations.
  5. Avoid showing your cardor giving access to it by third parties and make no copies of it. If you use a Digital Identification Card, remember to withdraw it from the reader when you have finished; also, regularly change the card PIN, memorise it and avoid noting it down.
    Check if the date and time of the last access shown on entering the Distance Banking services really coincides with the last time you used them.

    Remember that if you are registered with a service which adds accounts from another bank, this service may periodically access the Distance Banking services you have set, showing the date and time of the last access via this method.

    If you suspect that the date and time of the last access does not match your last session or access via the above service, immediately notify the Bank of this situation.
  6. Use an antivirus and antispyware system, updating it often, preferably automatically
    The proliferation of virus is increasingly common. Make sure you have a good antivirus system and, most importantly, make sure to keep its virus detection tables permanently updated. Just having an antivirus system may be of little use if it does not have the latest detection tables for the most recent viruses.

    In addition, do not install software from unknown sources nor browse sites which do not appear trustworthy.

    It is also advisable to have protection against Spyware. You can use an antivirus program which also protects you against Spyware or use a specific Spyware program.

    Further information.
  7. Update your browser and operating system with the manufacturers’ security improvements, in accordance with their instructions.
    Periodically, improvements and new browser and operating system versions appear which offer greater security when browsing and using the Internet.
    Read the manufacturer’s recommendations and update your browser and operating system in accordance with their instructions

    Further information.
  8. If you have a permanent connection (ADSL, cable or similar) it is advisable to install a personal firewall.
    While your computer is connected to the Internet, it can communicate with any network user. To prevent any possible access to the information stored on your computer, you are recommend to install a personal firewall, especially when using a permanent connection (ADSL, cable or similar).
    Further information.
  9. Take additional precautions when using public or shared computers.
    Use public computers for queries which are not of a private nature. Remember you can be observed by others, even via electronic surveillance means.
  10. If you detect or suspect a security issue, contact the Bank immediately.
    You can contact the Bank via different channels. If you use the electronic form, select the "SECURITY" option as the reason for the communication.
  11. Security Policy
    Banco Sabadell Empresas has incorporated the most advanced security technology, together with a series of supplementary measures to ensure the confidentiality of transactions. For this purpose, the User must meet the following conditions:

    In general: the User must have the devices and elements which are the "system requirements" referred to on the pages of the Portal and, for security reasons, the latest browser versions. The User is expressly warned that he/she must not leave the computer unattended when operating via the Portal.

    Banco de Sabadell, S.A. reserves the right to adopt all the security standards and measures it considers appropriate to ensure proper use and confidentiality of the service. The User authorizes Banco de Sabadell, S.A. not to execute the requests or orders received when the identification is incorrect or there is reasonable doubt as to the identity of the person issuing them.

    The User irrevocably authorises Banco de Sabadell, S.A. to record and file the communications and transactions performed via the Portal.

    It is well known that a PC can be infected by a computer virus via diskettes or simply by browsing the Internet. The User must install a virus detector in their PC which runs every time the computer is started and the detector must be updated and backup copies made frequently of the files contained on the User’s computer. Banco de Sabadell, S.A. does not guarantee or control the absence of viruses or other service elements provided by third parties via the Portal (files; mails; electronic documents; etc.), nor can it guarantee or take any liability for any alterations or defects which may occur in the User’s computer system due to a computer virus or damaging element which has infected the computer or been transmitted by a third part via the Portal. The User must act prudently when visiting unknown websites, and take care when invited to download files and programs from the network. A virus is simply a program created to cause problems in the information stored or the PC itself. The User shall attempt not to store on their PC programs whose origin is unknown.

    BS Online: Users who are also customers of the BS Online service must adopt the necessary measures to duly safeguard the personal identification elements of the service and to immediately use the service suspension or blocking systems provided for that purpose. They are recommended not to type or use these identification elements on computers in public places or locations where the communications or third party access to the codes may occur. Neither should they note down the secret number of access codes on any document or object which the User keeps or carries or together with cards of digital identification, and are expressly warned that if they choose or voluntarily modify the codes, it is inadvisable to choose a number associated with their personal details, as these can be easily predicted or guessed (date of birth, telephone nº or similar).
     
  12. Applicable law and jurisdiction
    These general conditions are governed by Spanish law, and the parties shall submit any dispute arising in relation with the Portal to the appropriate Courts of the domicile of Banco de Sabadell, S.A.

Go up

4. Preventions
 


Computer viruses and malware

Viruses and malware are small programs which install themselves on the computer without the user’s knowledge and for malicious purposes, such as destroying or stealing information or causing dysfunctions in the system or network it is connected to.

A virus, in addition to affecting the machine, propagates to other computers the original system is related with or connected to, using different ways which have evolved over time. Years ago, viruses propagated chiefly via diskettes. With the arrival of networks, the Internet and e-mail, viruses have found an ideal means of propagating although data media are still used.

New viruses appear on the Internet on a daily basis and not all are equally dangerous.

To avoid becoming infected, a series of precautions should be taken:

  • Only browse known sites for which we have references and appear trustworthy, as certain viruses and malware are hidden in untrustworthy Internet pages.
  • Do not use files or programs whose origin is unknown.
  • Do not open e-mail messages of unknown origin.
  • Be careful with e-mail messages from acquaintances which have a nonsense or unexpected subject line. Before opening these messages, contact the supposed sender and make sure that that person has really sent the message as it may be a virus-generated message.
  • Have a recognised antivirus program and keep its virus detection tables permanently updated. It is not sufficient to have the latest version of the antivirus program. To be effective against the latest viruses, we must maintain the tables updated.
  • Do not directly open attached files in e-mail messages. It is safer to save them first on the computer and open then outside the e-mail program.

Expert users should protect confidential information using coding programs.

Useful links on viruses

Below we provide some informative links:

 

Alerts
http://www.alerta-antivirus.es/
http://www.hispasec.com/
http://www.virusprot.com/

 

Manufacturers
http://www.trendmicro.es/
http://www.mcafee.com/ (ENGLISH)
http://www.pandasoftware.es/
http://www.symantec.com/ (ENGLISH)
http://www.avp-es.com/
http://www.norton.com/ (ENGLISH)
http://esp.sophos.com/

Links of interest with "Spyware"
http://lavasoft.de/spanish/default.shtml
http://microsoft,com/athome/security/spyware/software/default.mspx 
http://ca.com/products/pestpatrol/ 
http://www.webroot.com/es/index.php

Links of interest with regard to the above
http://www.pgp.com/products/personal/index.html (ENGLISH)
http://www.pgpi.org/ (ENGLISH)


Attempt to steal access codes or other confidential information ("Phishing")

One of the frauds on the Internet consists of creating false pages and/or portals and falsifying the origin of e-mail messages.

These two techniques are combined to fraudulently capture access codes to third party services and applications or other confidential information such as account or card numbers (including the expiry date), so as to access the information or perform operations in your name.

The way access codes are stolen in this manner is to create an Internet address and page whose name is practically identical to the company or portal whose identity they wish to steal. The name differs from the original in just a few characters, often only one. At the fraudulent address pages have been created which are identical or highly similar to the true ones.

The victims of this type of fraud receive e-mails which supposedly come from the real company (in this case the e-mail address of the sender is identical), inviting the victim to go to the fraudulent pages on a false pretext, here they are asked for their identification, password or other access data. If this information is entered on these pages, it will have been stolen and can be used to access the real website and perform functions and operations which is possible using the stolen information.

Some variations on the above technique are to request the same information via SMS messages, fax or by telephone.

How can this be prevented?

Follow the above instructions and security notifications and information provided by Banco Sabadell . Contact the Bank if you have any doubts. You can contact us via different channels. If you use the electronic form, select the "SECURITY" option as the reasons for your communication.

Useful links on attempts to steal access codes and confidential information ("Phishing").

 

http://www.msn.es/security/phishing/
http://iblnews.com/noticias/06/129350.html
http://es.wikipedia.org/wiki/Phishing
http://www.consumer.gov/idtheft/ (ENGLISH)

Go up

5. Protections


The protection described below is supplementary and no single one replaces the others

Digital certificate

A digital certificate is a guarantee of the identity of a given sever and associated pages which offer a service in the electronic world (chiefly the Internet).

The digital certificate is issued by a trusted company (Certification Service Provider), such as Verisign or the FNMT (Fábrica Nacional de Moneda y Timbre), which after thoroughly identifying the applicant, assigns them a certificate by creating one.

The digital certificate contains the data on the address to be certified (e.g.: www.SabadellAtlantico.com), the identity of who operates at the said address, the expiry date of the certificate and other technical data. The digital certificate, in turn, is digitally signed by the Certification Service Provider.

The trust in a digital certificate therefore, in addition to the content of same, is due to the trust we have in the Certification Service Provider which has issued and signed it. Certification Service Providers publicly show the processes used to perform the certification: these are the Certification Practices and Policies. In this way, we can evaluate the trust to be placed in a given Certification Service Provider.


How can I validate the pages of an Internet service?

A digital certificate may appear in different situations. The most common is to check whether the pages of a given Internet service belong to their true owner or an impostor who has copied them. Thus, we can ensure that the personal and confidential information we send is received by the proper identity.

It is advisable never to provide confidential data to pages activated via a link contained in an e-mail. We recommend you always access our webpages via the Internet addresses given by the Bank.

Steps to check the pages of an Internet service (secure pages):

  1. Check that the address (url) of the pages starts with the prefix https and that your browser shows the locked padlock icon in the lower right of your window ( in Internet Explorer,  in Netscape Navigator).
  2. Click on the padlock (double click in Internet Explorer and one click in Netscape Navigator) to see the digital certificate and check the identity of who is showing the pages which are going to collect your information:
    1. In Internet Explorer:

      Check the address (URL), the issuer of the certificate and validity of same.

      Then select the "Details" tab to check the identity of the party showing the pages displayed and where we enter our information.

      In the upper window which appears, select the "Re:" field. We can now display the information in the lower window. For Banco Sabadell companies, the O field (Organization) must contain the information "BANCO SABADELL" and, as supplementary information, the L, S and C fields are Sabadell, Barcelona and ES respectively.

    2.  In Internet Explorer:

In Netscape Navigator:

     

    Click on the "See" in the previous window.

     

This action causes a new window to appear with the information concerning the digital certificate:

 

Using the same address (URL) check the pages downloaded for the issuer of the certificate and validity of same.

For Banco Sabadell companies, the O (Organization) field must contain "BANCO SABADELL".

 

    1. In other browsers:

     

      The way of showing the certificate is similar in other browsers. Remember to check that the O field O (Organisation) shows the expected identity (in the case of Banco Sabadell companies, O = BANCO SABADELL).

Data encryption

In addition, when using secure pages (pages protected by a digital certificate), all the information transmitted between your browser and the server hosting the pages is transmitted in encrypted form, making it immune to interception by third parties.

To achieve maximum encryption protection for secure pages (necessary when using financial services or another type of confidential information), it is necessary to use a browser which provides strong encryptions (bits).

Certification Practices and Policies

Using the certification practices and policies, the Certification Service Providers show the public the mechanisms and steps (identity checks) used to issue the digital certificates on request. Thus, the party checking the certificate can trust the certificates issued by the provider.

In practice, as the policies and practices are long documents, one trusts a certification service provider according to the prior knowledge we have of them, , with Verisign as the most well-known worldwide for certifying pages of portals and servers.

Certification Policies (CP).

The policies indicate what the certification service providers do and the types of services and certificates they issue.

The link below shows the certification policies (CP) of Verisign, world leader in certification services

https://www.verisign.com/repository/vtnCp.html(ENGLISH).

Certification Practices (CPS).

The certification practices detail how the policies are ensured, i.e. what specific procedures and mechanisms are used to issue the digital certificates.

The link below shows the certification practices (CPS or Certification Practice Statements) of Verisign, world leader in certification services:

http://www.verisign.com/repository/CPS/ (ENGLISH)

Links of interest concerning digital certificates and Certification Service Providers

Verisign (ENGLISH)
ACE
Thawte (ENGLISH)
Camerfirma


Personal Firewall

A firewall is a program which blocks non-authorised access from the Internet to our computer and also uncontrolled access (caused by a new virus or malware) from our computer to the Internet.

Nowadays, we can find firewalls in separate programs or forming part of other security programs (such as an antivirus) or in the operating systems themselves (such as Windows XP).

It is called a personal firewall to distinguish it from a perimeter firewall which is generally used to protect an entire group of networked computers against a connection from an unknown network (generally the Internet or another, third party network).

BY using a personal firewall we can control the connections made with the Internet or with other networks and towards all the programs on our computer. When the firewall is installed, all the connections are prohibited and those generally used must be expressly authorised according to how we use our computer. When the firewall notifies us of an attempted connection which has not been expressly authorised, we must indicate if we wish to authorise it for our present purpose or if the connection is due to an external agent (attempted access via the Internet, virus or similar). The personal firewall is a program intended for users already familiar with the Internet.

It is also advisable to periodically update the version of our firewall, in accordance with the manufacturers’ recommendations.

Useful links about firewalls.

Below we provide several links for informative purposes:

http://www.pc-actual.com/Actualidad/Reportajes/Seguridad/Virus/20030130012/6 

http://www.zonealarm.com

http://www.symantec.com/region/mx/product/consumer/npf/

http://www.protegerse.com/outpost/

Go up

6. Good Practices


Security updates for the navigator and the operating system

To prevent any possible problems arising from the vulnerabilities that are occasionally discovered in the software used, it is a good idea to visit the security pages of the manufacturers of the programmes that you use, in particular the navigator and the operating system itself.

Navigator.

The navigator, as the main tool for Internet access, is the programme that it is most important to keep updated with the latest security recommendations.

Use strong encryption (128 bit encryption) for communications with secure pages (https).

Periodically visit the manufacturer’s Internet pages and update the programme following the security recommendations that appear there.

 Links of interest concerning new versions and security updates for the navigator

In continuation, and merely for informative purposes, we indicate the following links:

http://windowsupdate.microsoft.com

http://www.microsoft.com/downloads/search.aspx?langid=18&displaylang=es

http://wp.netscape.com/es/es/index.html

http://wp.netscape.com/security/index.html (ENGLISH)

http://www.netscape.com/download (ENGLISH)

Operating system.

Some operating systems, such as Windows with its Windows Update function, have utilities for verifying the existence of operating system updates, including security updates.

Make use of these utilities or periodically visit the manufacturer’s operating system Internet pages and update the system according to the security recommendations that appear there.

Links of interest concerning security updating for the operating system

In continuation, and merely for informative purposes, we indicate the following links:

http://windowsupdate.microsoft.com

http://www.microsoft.com/spain/technet/seguridad/default.asp

http://www.microsoft.com/security/ (ENGLISH)

 

Use of strong encryption (128 bit encryption) in communications with secure pages

Strong encryption (implemented through the use of 128 bit encrypted codes) is achieved by means of the combined use of specific software in servers that have secure pages and the use of navigators with the capacity to work with encryption of this kind.

Because of its strength use is usually only authorised for servers where the pages belong to financial entities and other companies with similar security requirements. On the other hand use is unrestricted for the navigators.

To this end, the remote banking services of financial entities are usually capable of using strong encryption. The use of strong encryption for the communications carried out by these services will, then, depend on your navigator having strong encryption capacity.

 

Make sure that you use a version of your preferred navigator that has strong encryption capacity (128 bits). If it does not then update your navigator to a versions that will allow for strong encryption.

How to know whether a server allows strong encryption (128 bits)

A server that uses strong encryption will usually announce this on its pages, usually in a specific security section. If this is not the case you must have a navigator with strong encryption to verify the type of encryption that a determined server uses.

How to know if you are using communications with strong encryption (128 bits)

In order to know whether you are exchanging information by means of strong encryption you must first observe whether the padlock at the bottom right hand corner of the window of your navigator is closed. Once this has been done:

     

  • For Internet Explorer, by moving the mouse, place the courser over the padlock, leaving it there for an instant, until the length of the encrypted code appears. This should be 128 bits.

     

     

  • For Netscape Navigator, click once on the closed padlock. A window will then open that will indicate the type of encryption, which should be 128 bits (high grade encryption).

     

If you have a navigator that is enabled to use strong encryption you can also communicate in a secure manner with servers that do not have this characteristic. In this case it will automatically be used for communications of the type of encryption that is higher than that which is supported by the server and as the code length of the encryption will appear a value that is lower than 128 (normally 40 to 56 bits).

How to update your navigator so that it can use strong encryption (128 bit)

Go to the download and update pages of the manufacturer of your favourite navigator and search for the 128 bit versions or updates for your navigator. Remember that you will only be able to communicate with those servers that have this characteristic.

Links of interest concerning 128 bit encryption

In continuation, and merely for informative purposes, we indicate the following links:

http://www.microsoft.com/windows/ie_intl/es/download/128bit/intro.asp

http://www.aola.com/netscape/download/

 

Backup copies

In order to be able to recover the information available in the computer prior to the appearance of a problem, you should make backup copies and keep them up to date.

An important aspect for being able to achieve the recuperation of backup copies is where you keep them. The copies must be kept apart from the equipment that contains the original data so that, in the case of an incident, the copies are not also lost. This is particularly important in the case of a laptop computer, a situation where it is recommended that you avoid keeping the backup copies in the same bag or case as the laptop.

Backup copies can be made on mediums known as "removables", which can be extracted from the computer which contains the original data. These removable mediums may be floppies, recordable CD’s or DVD’s, tape units, ZIP units, USB (Universal Serial Bus) such as external disks, persistent memories, etc.

Links of interest concerning backup copies

In continuation, and merely for informative purposes, we indicate the following links:

http://www.conozcasuhardware.com/quees/almacen4.htm#backups

http://www.iomega-europe.com/eu/en/products/products_en.aspx (ENGLISH)

http://www.pricingcentral.com/best/backup_utility_software.html (ENGLISH)

Go up

7. Electronic Signature 


Banco Sabadell has initiated the use of the electronic signature in its dispatches of e-mail

The electronic signature of the e-mails guarantees the identification of the issuer, who has received the validation of his e-mail address by means of the Verisign,

electronic signature, the digital certification authority with worldwide recognition, and which at the same time technically guarantees that the content of the message has not been altered on route by a third party.

Additionally, for greater ease and better identification of the issuer, every e-mail message issued includes at the foot a random image which is associated to the receiver, with a number which increases with every dispatch and which helps to quickly identify the origin of the message.

The image is always the same for a specific issuer and receiver, but the number increases with each dispatch.

Example of an e-mail signed electronically

The following gives an example of how to distinguish an e-mail signed electronically in «incoming mail». The e-mail is shown with an icon that differentiates it as an electronically signed e-mail:

In the Microsoft Outlook e-mail programme:

- When opening the « incoming mail », we can observe a different icon for messages signed electronically:

Bandeja de entrada

- On "double-clicking" on the message, we can also see that the message on the right has an icon corresponding to the electronic signature:

Mensaje con Firma electrónica

In the Thunderbird e-mail programme:

- On selecting the message, we observe that it shows a different icon on the right that indicates that the message has been signed electronically:

Mensaje con Firma electrónica

If we double click on the icon located on the right hand side of the message, in both mail systems we will obtain information on the electronic signature and on the certificate issued by Verisign:

In the Microsoft Outlook e-mail programme:

The following window will appear:

Ventana de propiedades

When you click on the button for further details, the next window will open up. Once in that window, by clicking on the button to view the certificate, you will access the details of the certificate in a new window:

Ventana de la firma

Here, finally, once you have clicked on the “Details” tab and on the “Subject” line, you may view all the details corresponding to the certificate obtained from Verisign, hence certifying the authenticity of the issuer (issuer e-mail address, containing the suffix   “@bancsabadell.com”, and the rest of the issuer and Verisign information).

In the Thunderbird mail programme:

The following window will appear:

Ventana de seguridad del mensaje

This window indicates that the message is electronically signed, with a valid signature, identifying the person who has signed it (issuer e-mail address, containing the suffix  “@bancsabadell.com”) and the rest of the  Verisign certifier information.

 

If you click on the button to view the electronic signature certificate, you may view its details in a new window.

Visor de certificados

Here, finally, once you have clicked on the “Details” tab and on the “Subject” line, you may view all the details corresponding to the certificate obtained from Verisign, certifying the authenticity of the issuer (issuer e-mail address, containing the suffix “@bancsabadell.com”, and the rest of the issuer and  Verisign information).

 

In other mail programmes:

In other mail programmes, the authenticity of electronically signed messages is recognised in a similar manner.

 

Most of the mail systems that do not require a mail programme in order to be accessed, but are rather accessed via a web search engine (webmail-type mail systems), do not have the facilities described above to recognise signed messages. In these types of mail systems we can make use of the additional measure that is described below to better validate the issuer of an email, although this email issuer recognition mechanism is not as secure as the one described above.

 

Added measure of confidence:

As an added measure of confidence, to facilitate the recognition of the messages electronically signed by the companies within the group, at the foot of the signed message there is an image that has been randomly assigned to the addressee’s specific address, meaning that each addressee receives a different image that will always be the same, as long as that person’s email address does not change. Over this image there is a sequential number, which will increase with each messaged received by the same email address.

Hence, a given addressee will always receive the same additional image at the foot of the signed message, and printed over that image there will be a number that will increase with each mailing.
Next to the image and sequential number are the data corresponding to the Verisign-issued digital certificate that has been used for the electronic signature of the message.

Example of the foot of a message:

Pie de mensaje

Go up