MyBonusBonds Security

We take the security of MyBonusBonds very seriously. Here are just some of the ways we ensure your Bonus Bonds are secure online:

• Our promise to you
  In the unlikely event that you incur a loss from online fraud involving MyBonusBonds, we'll reimburse you the full amount of any unauthorised transaction (provided that you are not involved in the fraud and act within MyBonusBonds' Conditions of Use).
• Data encryption
  All MyBonusBonds sessions are secured using a 128-bit encrypted connection (Microsoft Server Gated Cryptography). This means the data travelling across the internet, your computer and MyBonusBonds is encrypted, ensuring only you can access your personal information.
• MyBonusBonds session time-outs
  You should always sign out of MyBonusBonds when you have finished using it. But if you forget, a session 'time-out' automatically logs you off the system if there has been no activity for 10 minutes. This protects your Bonus Bonds as well as your privacy.
• Firewalls
  We regularly update our firewall technology to protect our systems from unauthorised access via the internet. You should also make sure you have up-to-date firewalls and virus detection software.
• Verification of your identity
  We require you to activate your registration before you can use MyBonusBonds. This provides extra security to ensure your identity is fully verified. We also require proof of your ownership of the bank account number you provided.
• Security alerts
  You'll see a Security Alert on the MyBonusBonds log on page if there's any suspicious activity going on - for instance scams such as 'phishing' emails that pretend to come from MyBonusBonds in an attempt to gain access to your Bonus Bonds.
• Bondmail
  Our Bondmail email system allows you to exchange confidential information with us in a secure environment. Ordinary email systems are not generally secure, but with Bondmail you can send and receive private or confidential information with confidence.

Ideas for protecting yourself from online fraud

• Let us know immediately if you think someone else may know your password.
• Check your Bonus Bonds transactions carefully and let us know if anything appears wrong.
• Don't tell anyone your password or let anyone see you using it. Never write it down.
• Take the same precautions as you would for internet banking.
• Keep your security software up-to-date.

Information on phishing emails

Hoax emails, also known as phishing, are scams where hackers "fish" for your personal details by sending emails claiming to be from financial institutions. Hoax emails claiming to be from financial institutions are often generated overseas and sent in bulk. The email asks the recipient to provide sensitive information such as the username or access number and password by providing a link leading to a fake website, enabling thieves to gather the details for later fraudulent use.

Bonus Bonds will never email you seeking your personal access details (e.g. your MyBonusBonds Access Number or password). We'll also never send you an email containing a direct link to the MyBonusBonds log on page and ask you to log on. We may however send you emails from time to time containing links to the Bonus Bonds website about current promotions if you have signed up to receive email marketing about Bonus Bonds.

Protect yourself against phishing emails

You can minimise your chances of being a victim of phishing scams in a number of ways.

• Always log on to MyBonusBonds by entering the website address www.bonusbonds.co.nz into the address bar of your website browser
• Treat all emails requesting personal log on information, such as MyBonusBonds Access Number and password, with extreme caution. Authentic Bonus Bonds emails will not request personal details, information regarding your bondholding or log on information.
• Immediately delete emails of unknown origin, no matter how innocent or provocative the subject headings sound.
• Keep your anti-virus and firewall software up-to-date and perform regular scans of your computer.

If you receive a hoax / phishing email

If you receive an email that you think is fraudulent (for example, a 'phishing' or fake email that pretends to come from Bonus Bonds), there are a number of actions we'd like you to take:

1. Report the incident

   Please forward the email to emailalert@anz.com.

2. Delete the email
   • Delete the email immediately (first from your Inbox, and then from your 'Deleted items')
   • Do not click on any links.
   • Do not open any attachments.

   Never provide personal details or sensitive information such as your MyBonusBonds Access Number and password, or other log on details.

   Bonus Bonds does not send out emails requesting personal details or information regarding your bondholdings.

3. Scan your computer for viruses

   Many hoax emails contain viruses or trojan horses (key logger), which are downloaded to your computer when you open any attachments or select any included links.

   If you have clicked on any items within the email, run a complete virus check of your computer. It is recommended that you perform virus scans on your computer regularly.

4. Change your MyBonusBonds password

   After scanning your computer and ensuring it is free of viruses or trojans, you should change your MyBonusBonds password by clicking on 'My details' and 'Change password' in MyBonusBonds.