Online banking related fraud

Online Banking Related fraud

While we have implemented industry standard security features on our network and server to protect our online banking system from being hacked by fraudsters, they will still find ways and means of gaining access using your online banking username and password to get directly into your account.


To further protect you, we have implemented an additional layer of security at the login stage called two-factor authentication. In addition to inputting your username and password, you will have to input a One Time Password (OTP) that will be sent as a text message to the phone that you have registered with us.


Any fraudster trying to get into your account through online banking will thus need to have your username, your password and your telephone, and as such you must protect these to the best of your ability.


Social Engineering Techniques

A determined fraudster will use one or more social engineering techniques to con you into divulging your security credentials to them.



Phishing is the attempt by fraudsters to getting hold of your username and password by convincing you to access a link, usually in an email or instant online message claiming to be from the Bank, and inputting these security credentials on a webpage, which may appear to be the Bank’s online banking login page.

The Bank will never send you an email asking you to click a link to login into online banking account. If you receive such an email, immediately forward to This email address is being protected from spambots. You need JavaScript enabled to view it. for the Fraud Department to investigate. Do not click on the link and if you accidentally do so, do not enter your username and password on the webpage that comes up.



Vishing is ‘voice phishing’, where the fraudster will contact you over the telephone, usually claiming to be a bank staff, asking you to provide your username and password for online banking. The Bank will never ever ask you for these details and as such if you receive such a phone call, immediately end the call and report the incident to the Fraud Department.


Use of Malicious Software

Fraudsters may also get access to your username and password through malicious software such as keyloggers and screen capture software that may have silently installed themselves from the internet or shared storage devices, which send keystrokes and screenshots of your web activities to fraudsters, when you are logging into the Bank’s online banking platform.


To protect yourself and avoid your username and password from being stolen through malicious software:

  • Ensure that the operating system of your computing devices have the latest security patches installed and that they run an up to date antivirus software, which is used to regularly scan the devices for malicious software.
  • Avoid accessing the online banking platform on shared or public computers. These could be infected with malicious software.


Before logging into online banking with your username and password, check the following:

  • The website address is
  • A padlock is shown on the browser, indicating that the website is secure
  • The security certificate is registered to Seychelles Commercial Bank


Access to the One Time Password

Once a fraudster has your username and password, now they only need to steal your phone or make a clone of your SIM card to get the OTP that is sent by the online banking system after the username and password are entered on the login page.