FAB Security Measures enabling secure online banking
- Online Banking Login Security
A unique Customer ID and a password are required to access FAB Online Banking.
The password must be alphanumeric, complex and a minimum of ten characters, with at least one lowercase letter, one uppercase letter, one numeric character and one special character. It must be changed every 90 days.
- Account Lockout
Online Banking accounts will be locked after three unsuccessful attempts. Customers need to call FAB customer care, and the account will be unlocked after due verification.
- One time Password (OTP)
A one-time password is an additional verification parameter implemented to ensure that the person accessing FAB Online Banking is a genuine FAB customer. An OTP is a random password that can only be used within a few minutes of its generation.
FAB has set up this dual authentication process for critical activities such as beneficiary addition, online transactions and password regeneration. An OTP is generated and valid for three minutes only.
- Data Masking
To safeguard the customer against the risk of disclosure of personal data through social engineering or shoulder surfing, only a few digits of the mobile number and credit card number are displayed.
- Cooling/Wait Period
Fund transfers can only be made to beneficiaries after a 15-minute waiting period.
- TLS-Enabled and 256-Bit Encryption
TLS is the leading security protocol on the internet and it allows secure communication.
256-bit encryption refers to the size of the key used to encrypt the message. A longer key means the encryption is more random.
- Third Party Transfer (TPT) Limit
Specific limits can be set to limit the amount of money transferred to a third party.
- Transaction Monitoring
All high-value transactions are monitored by various FAB teams.
- Automatic Sign-Off
If there is no customer activity on FAB Online Banking for 15 minutes, then the customer will be securely signed off automatically.
- Customer Service
FAB Customer Service will assist you with account-related activities only after confirming your identity through SMS OTP sent to your mobile device and/or additional verification questions as needed.