Your Role In Safeguarding Your Personal Data And Account Information
Please ensure that your online Password is kept confidential. Failure to do so exposes you to the risks of fraud and loss. We will not be responsible for losses suffered by customers as a result of:
- input errors or misuse of its Internet services;
- negligent handling or sharing of Password;
- leaving a computer unattended during an online session;
- failure to report known incidents of unauthorised account access immediately.
The following are some security precautions that you should undertake when accessing the website.
Checking For Authenticity And Security Of Website
Having both the User ID (NRIC) and Password will help ensure that only permitted users can gain entry into online systems but there is also a need to check for authenticity and security of the website.
- You should always check to ensure that the website address changes from http:// to https:// and, look out for a security icon in the form of a yellow lock when authentication and encryption is expected.
- You should also ensure that the website you are visiting belongs to NTUC Income (Income). You can do so by comparing the URL displayed in your browser with Income's URL in the digital certificate. The digital certificate can be found by clicking on the yellow lock icon.
- If you notice any discrepancy in the SSL certificate or there is a SSL server certificate warning, please terminate your login session and notify us.
Managing Your Username and Password
Your User ID (NRIC) and Password identify you when you use our services. This also includes your One-Time Password (OTP) which is sent to your mobile phone via a SMS text message when you submit your NRIC and password. Following are some of the guidelines on managing your User ID (NRIC), Password and OTP.
- Ensure that your Password and OTP are not exposed when you log in to our system.
- Keep your Password and OTP confidential at all times and do not divulge them to anyone.
- Do not allow anyone to use your User ID (NRIC) and Password, as you are responsible for all transactions undertaken with your User ID (NRIC) and Password.
- Do not use common or easy-to-guess Passwords like your User ID, personal telephone number, birth date or other personal information.
- Memorise your Password and do not write or record it anywhere.
- Do not select the option on browsers for storing or retaining User ID (NRIC) and Password.
- Change your Password regularly.
- Change your Password immediately if you suspect that it has been disclosed to others.
- Never use the same Password for other web-based services such as for email or online services, particularly when they are related to different websites.
- Do not use shared, public or Internet cafe computers to access our online portals.
Note: No staff member or vendor should ever ask you for your Password for whatsoever reasons. You must not reveal your Password under any circumstances.
Take Precautions Against Virus, Trojan Horse, Worms and Spyware
Viruses and malicious software can capture password keystrokes and other personal information. The following are some security precautions you should undertake.
- Do not use a computer or a device which cannot be trusted.
- Install anti-virus, anti-spyware and firewall software in your personal computers especially when you are using broadband connections, digital subscriber lines or cable modems.
- All the anti-virus, anti-spyware and firewall software products should be updated with security patches or newer versions on a regular basis.
- Do not install software or run programs of unknown origin.
- Do not open any email or attachment that is from an unknown source.
- Delete junk or chain emails.
- Update your operating system patches and service packs.
- Make regular backup of critical data.
- Consider the use of encryption technology to protect highly-sensitive data.
- Remove file and printer sharing in your PCs, especially when they have internet access via cable modems, broadband connections or similar set-ups.
- Do not disclose personal, financial or credit card information to little-known or suspected websites.
Remember To Log Out
Always remember to log out from your [Income] session when you have completed your transactions. Do not leave your computer unattended while Internet transactions are being processed.
Clear Your Browser's Cache
It is strongly advised that you clear your browser's disk cache after each Internet session. Default files on a computer, called 'cache' files, can retain images of data sent or received over the Internet, making them a potential target for a system intruder.
We shall in no event be liable to you, our customers or any other party for any damages, loss or expense including without limitation, direct, indirect, special, consequential or punitive damages, or economic loss, loss of profits, loss of opportunity, loss of business or goodwill as a result of, arising from or in connection with the following:
- any breach in security measures that are undertaken by us;
- any system, server or connection failure, modification, suspension, discontinuance, error, omission, interruption, delay in transmission, or computer virus;
- your omission or failure to observe the terms and conditions set out in this Security Policy; or
- your negligence or fault.