Security Policy

Security Policy

We are committed to protect the security of our customers' transactions and the privacy of their personal information. We truly understand your concerns about transmitting and receiving confidential information online.

We employ a wide range of methods to ensure this security.

The following are the security measures implemented.

  • Physical security of our facilities and information stored in those facilities
  • Information obtained is stored on a secured server
  • Secure Socket Layer (SSL) is the encryption technology used in transmitting confidential and personal information between ”income.com.sg” and its users
  • User passwords are encrypted in our database
  • Multiple backup systems to ensure the security of critical data even in the case of a disaster.
  • Additional verification procedures and second level password are implemented to protect more confidential information.
  • Multiple levels of firewall between our internal computer systems and the Internet.
  • Only valid User ID (NRIC) and Password which identify each unique user will be allowed to log in to our secure web site(s). This ensures that only authorised users are admitted into our secure site(s).
  • As an additional security measure, we may log users out the session if there is no activity after a specific period.

Security Guidelines

Your Role In Safeguarding Your Personal Data And Account Information

 

Please ensure that your online Password is kept confidential. Failure to do so exposes you to the risks of fraud and loss. We will not be responsible for losses suffered by customers as a result of:

  • input errors or misuse of its Internet services;
  • negligent handling or sharing of Password;
  • leaving a computer unattended during an online session;
  • failure to report known incidents of unauthorised account access immediately.

The following are some security precautions that you should undertake when accessing the website.

Checking For Authenticity And Security Of Website

 

Having both the User ID (NRIC) and Password will help ensure that only permitted users can gain entry into online systems but there is also a need to check for authenticity and security of the website.

  • You should always check to ensure that the website address changes from http:// to https:// and, look out for a security icon in the form of a yellow lock when authentication and encryption is expected.
  • You should also ensure that the website you are visiting belongs to NTUC Income (Income). You can do so by comparing the URL displayed in your browser with Income's URL in the digital certificate. The digital certificate can be found by clicking on the yellow lock icon.
  • If you notice any discrepancy in the SSL certificate or there is a SSL server certificate warning, please terminate your login session and notify us.

Managing Your Username and Password

 

Your User ID (NRIC) and Password identify you when you use our services. This also includes your One-Time Password (OTP) which is sent to your mobile phone via a SMS text message when you submit your NRIC and password. Following are some of the guidelines on managing your User ID (NRIC), Password and OTP.

  • Ensure that your Password and OTP are not exposed when you log in to our system.
  • Keep your Password and OTP confidential at all times and do not divulge them to anyone.
  • Do not allow anyone to use your User ID (NRIC) and Password, as you are responsible for all transactions undertaken with your User ID (NRIC) and Password.
  • Do not use common or easy-to-guess Passwords like your User ID, personal telephone number, birth date or other personal information.
  • Memorise your Password and do not write or record it anywhere.
  • Do not select the option on browsers for storing or retaining User ID (NRIC) and Password.
  • Change your Password regularly.
  • Change your Password immediately if you suspect that it has been disclosed to others.
  • Never use the same Password for other web-based services such as for email or online services, particularly when they are related to different websites.
  • Do not use shared, public or Internet cafe computers to access our online portals.

Note: No staff member or vendor should ever ask you for your Password for whatsoever reasons. You must not reveal your Password under any circumstances.

Take Precautions Against Virus, Trojan Horse, Worms and Spyware

 

Viruses and malicious software can capture password keystrokes and other personal information. The following are some security precautions you should undertake.

  • Do not use a computer or a device which cannot be trusted.
  • Install anti-virus, anti-spyware and firewall software in your personal computers especially when you are using broadband connections, digital subscriber lines or cable modems.
  • All the anti-virus, anti-spyware and firewall software products should be updated with security patches or newer versions on a regular basis.
  • Do not install software or run programs of unknown origin.
  • Do not open any email or attachment that is from an unknown source.
  • Delete junk or chain emails.
  • Update your operating system patches and service packs.
  • Make regular backup of critical data.
  • Consider the use of encryption technology to protect highly-sensitive data.
  • Remove file and printer sharing in your PCs, especially when they have internet access via cable modems, broadband connections or similar set-ups.
  • Do not disclose personal, financial or credit card information to little-known or suspected websites.

Remember To Log Out

 

Always remember to log out from your [Income] session when you have completed your transactions. Do not leave your computer unattended while Internet transactions are being processed.

Clear Your Browser's Cache

 

It is strongly advised that you clear your browser's disk cache after each Internet session. Default files on a computer, called 'cache' files, can retain images of data sent or received over the Internet, making them a potential target for a system intruder.

Disclaimer

 

We shall in no event be liable to you, our customers or any other party for any damages, loss or expense including without limitation, direct, indirect, special, consequential or punitive damages, or economic loss, loss of profits, loss of opportunity, loss of business or goodwill as a result of, arising from or in connection with the following:

  • any breach in security measures that are undertaken by us;
  • any system, server or connection failure, modification, suspension, discontinuance, error, omission, interruption, delay in transmission, or computer virus;
  • your omission or failure to observe the terms and conditions set out in this Security Policy; or
  • your negligence or fault.