Security Policy

The Zurich Financial Services Australia Group

In this Security Policy, “we”, “us” and “our” means Zurich Financial Services Australia Limited ABN 11 008 423 372, Zurich Investment Management Limited ABN 56 063 278 400), Zurich Australian Insurance Limited ABN 13 000 296 640, Zurich Australia Limited ABN 92 000 010 195, and OnePath General Insurance Limited ABN 56 072 892 365, all companies within the Zurich Financial Services Australia Group (“Zurich’).

Zurich's commitment to your security

We take the security of its customers seriously and has implemented a number of steps to ensure your information and transactions remain secure. While we have implemented these measures to ensure your security, there are additional security measures you should carry out yourself. While these measures will not eliminate all risks associated with the Internet, they are designed to protect you against the major risks.

Recommended user practices to protect your online security

Connection to the Internet does involve risks, including the possibility of being exposed to online fraud; and unauthorised disclosure of your personal information. There are a number of practical measures listed below which we recommend you follow to minimise your Internet risk.

Passwords

Your user name and password are used to identify and validate who you are to Zurich. To protect your password and user name you should:

  • always keep your password secret. Do not write it down or store it on or near your computer.
  • change your password regularly (good practice is every three months)
  • do not let anyone see you entering your password
  • use different passwords to access Zurich's online services to those you use to log on to other services on the Internet
  • do not disclose your password or financial information to anyone via email, or as a response to any request you did not initiate.

Virus scanning

Viruses are one of the more common risks associated with being connected to the Internet. A virus is a program capable of replicating itself and performing a set of instructions often without the knowledge of the person using the computer. You may be exposed to a virus simply by opening an email, or visiting certain web sites on the Internet. While viruses may come in a number of forms, they are all capable of damaging your computer by copying information or gaining unauthorised access to your computer. Recently, a number of viruses capable of capturing the keystrokes entered into a computer (including details of user names and passwords) have been detected. These viruses are capable of sending the details captured to unauthorised parties without the knowledge of the person using the computer.

To protect against viruses you should:

  • install and use a reputable anti-virus program
  • scan for viruses regularly
  • update your anti-virus program regularly
  • scan all email and attachments automatically
  • delete any email you receive from unknown sources
  • be aware that email from known sources can also contain viruses. You should therefore scan all email and attachments you receive. It is recommended you use an anti-virus program, which automatically scans all email and attachments as they are received or opened.

Firewalls

A firewall is a program or specialised hardware device designed to protect the security of your computer by filtering and controlling connections between it, and the Internet. It is recommended you use a reputable firewall program which is regularly updated with appropriate security patches.

Browsers

A browser is the program you use to view web sites on the Internet. Usually this will be Internet Explorer or Netscape, depending on your preference, however other browsers do exist. The security of your computer is also affected by the version of the browser you are using. This can be improved by using the most current version of the browser and ensuring that you install any updates recommended by the vendor.

Logging off

You should log off from our online services when you have completed your session. This will prevent an individual from gaining access to your information when you are not at the computer. Note however, that if you do not log off, we have controls in place which will automatically terminate your session after a period of time.

If you use a computer in a shared environment (eg an office or Internet cafe it is even more important that you log off, to ensure that the next person using the computer does not have the opportunity to use the session.

Beware of fake web sites

Some web sites have been known to exist which masquerade as other, legitimate web sites, for the purpose of fraudulently obtaining information about people who visit the site. These sites may capture user IDs and password information, for the purpose of subsequently defrauding these site visitors.

If you are visiting a secure web site, you should be able to perform a check to determine that the site actually belongs to the organisation stated. For example, to ensure that you are accessing a secure online service that belongs to us, check its online certificate. You can do this by clicking on the padlock symbol on the bottom of your browser screen. Acertificate will then pop up in a display window. You can check the certificate to ensure it belongs to us and that the date is valid.

Security provided by Zurich

We have implemented a number of security controls, including the encryption of sensitive data communications, and time-out facilities, to minimise the chance of anyone else being able to access your online information.

Authorisation and authentication

To access your online details, a unique user name, registration email and password are required. These are used to identify you to our systems and to ensure that you are only able to access those areas of the site for which you are authorised. Without knowledge of your user name, registration email and the associated password, no one else is able to access your information.

Automatic time-out

Our portals have been designed to ensure that a user is automatically logged off after a period of inactivity. You should however, remember to log off when you have completed your online session with us.  The automatic time-out facility is provided in case you forget to log off, as this prevents other people from accessing your information.

Encryption

Encryption is used to protect the information sent between your computer and our web sites to prevent someone on the Internet from monitoring and intercepting the transmission of your user name, password or account information. We use 128-bit Secure Sockets Layer (SSL) technology to protect the communication between your computer and our web sites. However, to take full advantage of this technology, you must be using a version of your preferred browser that supports 128-bit encryption. This may mean you need to update the browser you are using. You can obtain advice on whether your browser supports 128-bit encryption from your browser vendor.

SSL uses cryptographic techniques and the trust processes built into Public Key Infrastructure (PKI) to protect the communication between your computer and the our Secure Server’ web site. SSL also allows you to identify and authenticate our web site by checking the site certificate. This will confirm that you have actually accessed a server owned by us. You can check the status of the online certificate by clicking on the padlock or key symbol appearing in your browser. The certificate ownership can then be confirmed and the date to which the certificate is valid verified.

More detailed information on PKI and encryption is available from leading vendors of PKI.