UBS Investment Bank

UBS Investment Bank

Security Guidelines

UBS definitions and usage

PIN

  • A personal identity number (PIN) is a sequence of alphanumeric characters, which is used to authenticate (confirm) a user's claimed identity.
  • For new users, PIN registration forms part of their initial login process.
  • For existing users, PIN registration forms part of the security enhancement system.
  • PINs are used to confirm the identity of a user wishing to use the password self service system.
  • PINs can only be changed by the owner of the account using the 'Client Services – Update my account' link, which is only available once they have logged into the UBS client portal.

Username

  • A username is defined as a sequence of alphanumeric characters issued by UBS to its users to uniquely identify them.
  • A user is provided with their unique username as part of their account setup process.
  • In some cases the sequence of alphanumeric characters is chosen so that the public identity of the user cannot be guessed.
  • Usernames are used to establish who wishes to access a specific UBS application or service; it does not provide authentication or authorization.
  • Usernames cannot be changed.

Password

  • A password is defined as a sequence of alphanumeric characters which is case sensitive.
  • Passwords are used to authenticate a user's identity as part of an application or system login process.
  • Their initial value is provided by UBS to its users at the time the user's account is set up.
  • The maintenance of the password is the user’s responsibility.
  • It provides one factor authentication when used in conjunction with a username.

Activation code

  • This is a sequence of alphanumeric characters which is case sensitive.
  • The length and complexity of an activation code varies in accordance with the system it is being used with.
  • Within UBS the words "Activation Code" and "One Time Password" are used to refer to a set of alphanumeric characters which need to be input into a system or application only once as part of a special authentication process.
  • Activation codes are only sent to a user's registered email address and form a second channel of authentication.

Personal identity protection

PIN Numbers

  • should contain non repeated alphanumeric characters.
  • must be kept confidential and not divulged to anyone.
  • must be memorized and not recorded anywhere.

Passwords

  • should contain at least eight non repeating alphanumeric upper and lower case characters; special characters may also be used.
  • should not be based on username, telephone number or publicly known information about yourself.
  • should be changed on initial login after being provided by UBS personnel.
  • should be changed regularly.
  • must be kept confidential and not be divulged to anyone.
  • must be memorized and not be recorded anywhere.
  • The same password should not be used for more that one website, application or system.

Usernames

  • must be kept confidential and not be divulged to anyone.
  • must be memorized and not be recorded anywhere.
  • The browser option to store or retain the username and password should not be selected.

Computer and network security

Firewalls and anti-virus software

  • Anti-virus, anti-spyware and firewall software should be installed on personal computers, particularly when connected to broadband connections, digital subscriber lines, cable modems or used on wireless networks.
  • Regularly update anti-virus, anti-spyware and firewall software with security patches and new versions.

Emails

  • Do not open emails attachments from unknown sources or people.
  • Delete junk and chain emails without opening them.

Software

  • Do not install software or run programs of unknown origin.

Website security confirmation

Checking website URLs

  • You should check the authenticity of a financial institution’s website by comparing the URL and the financial institution’s name in its digital certificate or by observing the indicators provided by an extended validation certificate.
  • You should check that the financial institution’s website address changes from http:// to https:// and a security icon that looks like a lock or key appears when authentication and data encryption is expected.

Secure website access

  • You should not divulge the private key of your digital certificate to anyone.
  • You should take all reasonable and necessary precautions to protect your digital certificate and private key.
  • You should not allow anyone to copy, use or tamper with your digital certificate.
  • Do not use a computer or a device which cannot be trusted.
  • Do not use a public or internet café computer to access online financial systems or perform financial transactions.

Best practice

  • Do not disclose personal or financial information to little known or suspect websites.
  • Make regular backups of critical data.
  • Check all financial transactions and activity summaries frequently and report any discrepancies.
  • Report any suspect system activities or responses and security compromises to your system administrator or application owner.
  • Consider using encryption technologies to protect highly sensitive data.
  • Log out of applications and systems once you have finished using them.
  • Browser caches should be cleared at regular intervals.
  • Remove file and printer sharing on your computer, especially when used over the internet via cable modems, broadband or wireless connections or similar set-ups.
If you have any changes to your contact details such as your phone number or postal address, then please contact your UBS Client Relationship Manager in a timely manner.