The security and confidentiality of the data in MultiLine are doubly protected through the use of both a LuxTrust certificate (Smartcard, signing stick, Scan or LuxTrust Mobile app) and a PIN. All exchanges of data with the bank are protected by a secure connection based on sophisticated encryption algorithms.
In order to protect yourself as far as possible, we urge you to remain extremely vigilant and comply with security recommendations and best practice when using e-commerce and banking apps.
As a MultiLine user, you must adhere to the following specific security recommendations, especially if you alone validate transactions (no countersignature).
- Remove your LuxTrust smartcard or signing stick from the reader or the USB port when you are not using it to log in or sign a transaction. Put your device in a safe place when not in use.
- Always quit MultiLine by pressing the logout button, and then close all browser windows.
- Check whether your MultiLine access rights are still adequate and do not expose you to the risk of unnecessarily high signing authorities or usage limits.
- Avoid being the only person to validate a transaction. We strongly recommend separating input rights and signing rights.
- Always check the amount and the beneficiary account displayed on the approval screens. Also check that this is your LuxTrust secret image. Finally check data to be signed that is shown in the secret image.
- Never respond to an email asking you to enter your personal data or containing a link to a webpage requesting this data.
The MultiLine Helpdesk never contacts its users via an unsecured Internet e-mail or via phone, in order to ask for confidential data (PIN, PUK,…). Possible contacts requesting such data is to ignore. The MultiLine Helpdesk invites its users to forward such e-mails to the address firstname.lastname@example.org or to contact the call number +352 26 588 588.
- Be wary of files attached to an email, as they may be infected with malware or a virus. If you have any doubts do not open them.
- Be very vigilant if you receive an unusual pop-up message in your banking app (for example a technical maintenance screen).
The above recommendations are to be followed in addition to the usual precautions:
- Always keep your anti-virus software, browser, operating system and firewall up-to-date.
- We advise you to install IBM Trusteer available here (choose MultiLine), which allows you to improve the security of your workstation.
- The letters “https” at the beginning of the internet address and a closed lock symbol indicate that it is a secure website. By double-clicking on the closed lock you can check the validity of the website’s certificate (it must specify the holder, issuer and expiry date).
- If you use a Smartcard or Signing Stick, you must use the latest version of the LuxTrust security components (Middleware). The MultiLine Middleware is recommended. Users are informed that a new version of the Multiline security components is available on the login page. This Middleware is available on www.multiline.lu.
- Never share your tools and login codes with another person and keep them in a safe place.
- Regularly change your PIN and never disclose it to colleagues.
- Regularly check the transactions entered on your computer and on your account statements in order to detect any fraud as soon as possible.
- If you lose your LuxTrust product or it is stolen, you should ask for it and your MultiLine access to be blocked immediately.
In the event of loss, you can suspend or cancel the certificate linked to the lost product. To suspend it go to http://suspend.luxtrust.lu. Simply enter the serial number (without spaces), as well as the “Challenge” code of your certificate as shown on the LuxTrust Codes letter or text message received at the time of your order.
The suspension is valid for 30 days. If the certificate is not reactivated within this period it will automatically be cancelled and made irreversibly unusable.
To cancel it go to http://revoke.luxtrust.lu: simply enter the PIN (Smartcard) and then the “Challenge” code shown under the scratch-off layer in the LuxTrust Codes letter.
Note: cancellation is irreversible.
If you notice something unusual or if you have the slightest doubt, contact the MultiLine Helpdesk immediately by email at email@example.com or by phone on +352 26 588 588.
- What is phishing?
False e-mails, dummy websites or bogus phone calls are often used by hackers and cybercriminals to get their hands on your personal data and to initiate fraudulent transactions. This practice is called phishing, and clearly evokes that of fishing: “fishing for personal data”.
- How can you protect yourself from it?
Never react to e-mails or phone calls asking for your pin code, to install software or to execute tests. The HelpDesk MultiLine or your bank will never ask that.
Always check that addresses in your browser start with https://. Secure addresses can be recognized by the ‘s’ in https.
- Victim of phishing?
Do not hesitate to contact the HelpDesk MultiLine or your bank.
Websites www.cases.lu and www.circl.lu, maintained by the Luxembourg Government, contains numerous information and recommendations for a responsible use of the Internet.
Cyberworld Awareness Security Enhancement Structure :
Computer Incident Response Center Luxembourg :