Information Security Guidelines

Information Security Guidelines

The security of a client’s personal information is always a priority at Trade Bank of Iraq, as we work hard to help ensure that client account information remains secure. The guidelines page on this website is designed to help clients protect their financial property (assets) and their personal details in order to achieve the same level of cooperation from clients as required and to ensure that your online banking transactions are conducted securely, and to achieve all of the above please follow the security tips next:

Do not use public or shared computers:

Avoid accessing your online bank account from an internet cafe or a shared computer, but if you do, please change your passwords from your computer as soon as possible, and as a safer precaution we ask that you change your password regularly.

Safe Online Banking Services:

  • Use an internet browser with strong security controls such as pop-up blocker, check for malicious and suspicious websites, and more.
  • Make sure that the bank’s website address is on the Internet and that a security token that looks like a padlock appears in the browser’s status bar or at the end of the site address in some browsers. However, we must keep in mind that (lock code) is not a guarantee of security, but rather a temporary security solution as there is no solution when hackers are able to master this code.
  • Every time you complete your online banking transaction, log out of the site and don’t just close your browser.
  • Update your contact details with the bank for any change so that we can contact you in a timely manner when needed.
  • Regularly check your account statement using either online banking or an ATM.
  • Use the credit card only at trusted sites.

Protect your password:

  • Choose strong passwords consisting of at least (8) characters using a mixture of alphabets, numbers and special symbols such as $, & and other symbols, and avoid easy-to-guess passwords such as (wife / children’s name / birthday / pet name / car number…etc.).
  • Save your password and do not write it down in your mobile phone or email and use a separate password for online banking services and access to other non-banking sites.
  • Make sure that no one is watching you while you enter your password / PIN or any other sensitive information and do not share your password or make it accessible to others.
  • You must not disclose your password/PIN to anyone even if they claim to be a bank employee.


Beware of scams (Phishing):

Online fraud called phishing is a method of identity theft by tricking you into revealing your personal or financial information on the Internet, where fraudsters use fake websites or deceptive emails that mimic businesses and brands in order to steal your personal data such as username, password, credit card numbers and Invoices information.


Do not trust anyone even if they claim to be from the bank:

If you receive a phone call from an unknown number or person claiming to be from your bank, please contact your bank and your account manager and report it.

  • Be careful when opening e-mail messages and make sure of the sender, especially if they contain attachments that may carry viruses.
  • Do not respond to any e-mail requesting personal information, a password.


Unauthorized access:

To block unauthorized access to your account, your bank will lock/disable your account after several consecutive unsuccessful attempts to log you in.


Protect your computer:

  • Do not share your computer with anyone.
  • Use a password on your computer.
  • Make sure your computer’s operating system and browsers are up to date with the latest patches and security updates.
  • Do not select the AutoSave option on browsers to store or keep your username or password when logging in to the Online Banking Service.
  • Avoid downloading software from unknown websites as these programs may contain viruses that enable hackers to monitor or take over your computer.


Phone protection:

  • Set and use a PIN or fingerprint (to enable device lock).
  • Do not store passwords or sensitive information on your phone.
  • Keep your mobile device software updated.
  • Be wary of voicemails and voice messages. Clicking on links in text messages can be dangerous, so make sure that the source of the messages and websites you visit are trustworthy.
  • Scammers create fake apps that look like legitimate apps, and when you log in they can steal your password, personal data and sensitive information, make sure you download apps from trusted app stores and sources.
  • If you lose your phone, inform your service provider immediately.


Bank card insurance

When using any ATM:

  • Be aware of your surroundings and if something raises your suspicions, use another ATM.
  • If any attempt of manipulation is observed in the ATM, do not use it and inform the bank immediately.
  • If anyone offers to help you use the ATM, refuse and leave immediately.
  • For extra security, always cover the keypad when entering your PIN.
  • If the ATM keeps your card or the transaction is not completed, call the bank’s call center number.
  • Immediately report any unknown transactions in your account by calling the bank’s call center number.


When paying at point-of-sale (POS) terminal:

  • Verify the transaction amount on the point-of-sale screen, and also check the receipt and transaction details in the SMS alert you will receive.
  • Always protect the keypad when entering your PIN and make sure you receive your card and receipt.
  • Never reveal your PIN to anyone.
  • Immediately report any unknown information in your account by calling the Bank’s call center number.


Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming ‘poisons’ a DNS server by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect.

Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.


General Notes: –

  • If you are a victim of identity theft, account fraud, or any of the above, you should contact Trade Bank of Iraq immediately.
  • It is impossible for the bank to promote any banking service such as loans, for example, but not limited to, through WhatsApp, Viber, Telegram messages, or through Facebook Groups.
  • When following the social media pages of the Trade Bank of Iraq, you must check the blue verification mark for the accounts of the Trade Bank of Iraq in the social media platforms, otherwise these pages are fake and unreliable
  • To ensure the services provided by the bank, you must go to the nearest branch of the Trade Bank of Iraq, and the banking team will be fully prepared to cooperate and answer all your inquiries.

Last but not least, the only way for your security is your security awareness.

Back to top button