The information exchanged between the user and Banca March is processed so it is transmitted in a way it cannot be intercepted by third parties.

Details are sent through a secure connection after encryption through a SSL tunnel (Secure Socket Layer), making the information unintelligible to third parties who may capture it.

When you access the server you will see on the status bar, at the bottom of your navigator, a closed padlock or a key meaning that you are using a safe connection:

If you double click on the padlock, an informative window will open with the certificate’s details so you can check its validity and verify that you are connected to a Banca March S.A. service, thus making sure that under Subject, underneath Details, there is the field CN = telemarch.bancamarch.es and checking that the certificate has been issued by Verisign (www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 Verisign).

To guarantee the identity of the server to which users get connected, Banca March uses a digital certification by Verisign, a company certifying the authenticity of the telemarch.bancamarch.es server.

To make sure that you are really viewing the Banca March page and not that of an impostor, please check that the address is https://telemarch.bancamarch.es, that on the status bar at the bottom of your navigator there is a padlock and that when you click on it, you can see the digital certificate of Banca March, issued by Verisign and relating to the address telemarch.bancamarch.es.

The user gains access to the Home Banking Service through a user code and a password, which unequivocally identify him. Otherwise, he can also use the electronic DNI instead of the password.

Moreover, for those transactions implying an account movement or update, an additional validation will be requested in the shape of a key, which is obtained at random from the Home Banking Service key card. This card is meant for only one customer and can be regarded as a significant security element. Please remember that you will be asked by the Home Banking Service to enter only one coordinate of your card in order to validate every transaction. You will never be requested to enter more than a single coordinate at a given time in order to validate an operation.

These identification details are only to be used in the secure pages of the Banca March On-line Service. In order to identity such pages please check that they belong to the address https://telemarch.bancamarch.es, that on the status bar at the bottom of your navigator there is a padlock and that when you click on it, you can see the digital certificate of Banca March, issued by Verisign and relating to the address telemarch.bancamarch.es.

If you are requested to reveal any of the previous personal identification elements through any other method outside the secure environment previously described, such as a page alien to the On-line Banking service, an e-mail, a telephone call, etc., do not ever give any of them even if this person pretended to be acting on behalf of Banca March.

If for whatever reason you had disclosed these details, please change your Access Code immediately and contact Banca March as soon as possible.

In order to step up the security level of your communication we recommend you the following actions:

• Do not reveal your password to another person

• Change your password every now and then, or when you suspect that it could be known to other people.

• Check that the date and time of your last connection, which are shown every time you get connected to the On-line Banking service, coincide with the ones of your previous connection.

• Do not leave your computer unattended when you are connected to the On-line Banking service. As an additional security measure the system will automatically log you out after a certain period of inactivity.

• Once you have carried out all your operations, exit the On-line Banking application.

• If your computer can be used by other people, close your navigator right after logging out of the On-line Banking application.

• If you ever lose your Home Banking card, inform Banca March immediately.
  Apart from having it blocked, you will obtain a new one shortly with a new set of keys.

At present there are several techniques used to try to commit financial fraud through the Internet but, without any doubt, one that is rapidly growing on the Net and that has had major social repercussion as well as on the media is the attempt to supplant Internet web sites, better known as "phishing", which tries to steal private and personal access details meant for trusted sites.

"Phishing" basically uses the massive sending of e-mails from false e-mail addresses which pretend to look like the real addressesof the institution they are trying to supplant. Such mails will make use of any type of argument associated with security issues in order to justify the need to respond to them, by introducing to the subject of the message a text which is similar to the following ones:

• Technical problems.

• Security warning.

• Detection of fraud attempts against the bank.

• Changes in security measures, etc.

Moreover, in the message’s body you will be invited to click on the link included in the text and that pretends to be the real address of the bank but which will take you, when clicking on it, to a false web site which looks very similar to the real page it tries to supplant, the one where your access code is requested. Much care is taken so the image, logotypes, colours and formats of the legitimate pages are exactly forged.

In order to avoid such fraud attempts we advise you to follow these recommendations:

• Banca March will never request you to disclose your access code in writing, per e-mail or over the telephone, so you should not take any notice of this type of petitions.

• Do not trust in e-mails making urgent petitions to disclose sensitive information. In case of any doubt please call the bank.

• Only trust in mails containing a digital signature as well as a certificate that has been duly verified.

• Messages used by phishing attacks tend to be impersonal and do not usually make any reference to the mail’s receiver, however those sent by real banks write to the addressee personally.

• Do not click on any of the links sent in e-mails, key in the address in your navigator instead.

• Do not reveal any confidential information per e-mail, only do so when using secure web sites.

• Whenever you enter any details in a webpage, make sure that it is a safe environment by checking that the status bar starts with https, that there is a padlock or a key at the navigator’s status bar and that the information on the certificate of the web site is correct.

Should you have any doubt on the veracity of these messages or on the details requested through the web, do not hesitate to contact us on telephone numbers:

• (+34) 971 779 111

This is a new fraudulent technique aimed at capturing the access code the user enters through his keypad. This method works by installing a programme that is executed in the computer and that permits to capture the keystrokes at the time certain pages of different institutions (financial, purchase and sales, travel agencies, auctions, etc.) are accessed. Such institutions have been predefined in the programme’s code, in particular in those where access codes, coordinates of authentication cards, card numbers, electronic signatures, etc. are required.

This programme (virus, worm, trojan, etc.) is loaded on the computer without the user realizing it while installing other apparently inoffensive programmes (music reproductors, games, videos, etc.) from servers with scarcely trustable contents, or those being received through e-mails, CD copies, communication sessions in real time (IRC, chat, messenger) or other tools.

Once the details have been captured, the programme forwards the information to the attacker with the objective of carrying out a fraudulent action with them.

In order to avoid this type of fraud, Banca March has added to its Internet banking service the use of a virtual keypad which allows you to enter the relevant coordinates to validate any transaction. This prevents the user from entering such details with his keypad.

Pharming is the manipulation of the resolution of Internet domain names, carried out through a malicious code, usually in the shape of a trojan, which has entered the computer without the user realizing it while installing other apparently inoffensive programmes (music reproductors, games, videos, etc.) from servers with scarcely trustable contents, or those being received through e-mails, CD copies, communication sessions in real time (IRC, chat, messenger) or other tools.

When a user keys in an address in his navigator, it must be converted into a numerical IP address. This process is called ‘name resolution’ and is performed by DNS servers (Domain Name Server). Charts are saved in them with the IP address of each domain name. At a lower scale, each computer with an Internet connection contains a file in which a small chart with server names and IP addresses can be kept so it is no longer required to access DNS for certain server names, or so it can be even avoided.

Pharming implies modifying this name resolution system in such a way that the user thinks he is entering a specific Internet address although he is really gaining access to the IP of a false web site. As a result, attackers would finally obtain the identification and authentication details that would later be used fraudulently.

Furthermore, pharming does not work at a precise moment, unlike phishing through its messages, as the changes in DNS are saved in the computer waiting for a user to access the pages predefined in the programme’s code.

In order to verify that the page you are viewing is the one belonging to Banca March and not to an impostor, please check that the address reads https://telemarch.bancamarch.es, that on the status bar at the bottom of your navigator there is a padlock and that when you click on it, you can see the digital certificate of Banca March, issued by Verisign and relating to the address telemarch.bancamarch.es.

Please update your computer’s software on a regular basis in order to keep the operative system and its utilities always to the latest stand. Just remember that every day new vulnerable points are discovered in the software that can be used by cyberdelinquents in a fraudulent way.

Update your navigator regularly. Internet navigators as well as Internet Explorer, Netscape, Firefox, etc. are regularly revised by the manufacturer with the aim of incorporating the latest security tools as a result of new menaces and vulnerabilities. Get frequently connected to your navigator’s editor in order to keep the system correctly updated.

Have an antivirus software installed and update it frequently as such programmes protect your computer, detect any existing viruses, trojans and other known malicious elements that may get installed or that can be found when surfing the Net. For this tool to be efficient it is necessary that it be periodically updated as there are new viruses every now and then against which the right protection is needed. Just remember: "There is only a small difference between not having your antivirus correctly updated and not having any at all".

Have a firewall installed, which is actually a hardware or software tool aimed at controlling the information reaching your computer, by permitting or forbidding its access depending on the established policy. With a firewall you can be protected against the non-authorized access of other people to the confidential information saved in your PC. Using a firewall is especially recommended if you have an Internet high-speed connection which is permanently in use.

Whenever possible avoid accessing the On-line Banking or other institutions and/or services requiring previous identification and authentication from computers in public places, telephone booths, etc. as they can be used by many people and it is impossible to get to know or trust in their configuration, the installed software, the security parameters, etc.