How You can Protect Yourself

While BOB applies rigorous and tested standards to ensure the confidentiality and security of your financial transactions at BOB Express ATMs and online, it is very important that you also do your part to ensure that your information remains safe and secure. Please observe the following recommendations:

Protect your Online ID Password and PIN
You access and use the Bank’s internet banking application BOB Express Online by Online ID, Password, and PIN (personal identification number). The Password and PIN is known only by its holder.  After you first visit BOB Express Online:
  • Choose your initial Password. Use a password that is at least 8 characters long and is at most 50 characters long, and use a combination of lowercase letters, uppercase letters, digits and special characters from the set listed here    these    !  @  #  $  %  ^  *  ?  (  )  _  +  =  -  }  {  [  ]  |  \
  • DO NOT use easy-to-guess combinations such as your birth dates, address or telephone numbers
  • DO NOT use your BOB Express Online password for any other security login or for other non-related websites that you access.
  • Do not disclose your Password or PIN to anyone, this includes your colleagues, relatives or friends. Treat your Password and PIN as personal and confidential.
  • Change your PIN. You have to create new PIN 4 number long.
  • Do not disclose your PIN to anyone.  Treat your PIN as personal and confidential.
  • Commit your PIN and passwords to memory.  DO NOT write down nor store your Online ID, Password, PIN on paper or on another permanent electronic or other media.
  • Use BOB Express Online in the protected/ "private" browsing regime.
  • DO NOT use the options for remembering Online ID / Password in the browser, even on your personal computer / mobile device.
  • At least once every 2 months change your Password and PIN for BOB Express Online using the “Settings” menu option.
  • Lost or stolen ATM Easy Banking cards should be reported to the bank at once.
  • If you your data (incl. Online ID, Password, PIN) has been compromised or has been attempted to be compromised, immediately change your Password and PIN using the “Settings” menu option and inform the bank.
  • If you must contact the bank’s Call Center for assistance with resetting your secret credentials, the BOB representative will use BOB Express Online to send you an email from bob.expressonline, i.e. bob.expressonline@bankbhamas.com. Treat any other email for this service that is not from this address as suspicious, and contact and inform the bank.

Back to Top

Verify the authenticity of the site and the security of the communication protocol

Enter your Online ID and password on the internet site only with the URL provided by the bank.  If you receive a message, or if you are notified by any other way of a sudden change in the procedure for entering your login credentials and identification, please, do not take any action and notify immediately the bank.

When accessing BOB Online, please verify the validity of the webpage – there is a green address bar and padlock sign in the browser, together with GlobalSign SSL verification.

  • The URL address provided uses a secure Extended Validation SSL* security certificate for use with the new high security browsers and asserts the highest level of authenticity
    • *SSL, Security Socket Layer is one of the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network.

    • The HTTPS tells the browser that the connection between the BOB Express Online server and your internet browser must be secured using SSL
    • The Address bar turns from white to green, indicating that the web site is using Extended Validation SSL
    • The padlock is activated, showing that the browser connection to the BOB Express Online server is now secure. If there is no padlock or the padlock shows a broken symbol, the page does not use SSL.
    • The bank’s name is displayed on the address bar

      * SSL References from Globalsign.

  • Be aware that with this secure bank URL, all information exchanged with the bank is encrypted and is transferred by using the SSL protocol, and each web page of BOB Express
  • Online is accessible only via the weblink provided by the bank.
  • DO NOT use dubious links from other websites, emails from unknown senders, etc. to access BOB Express Online.
  • The BOB ExpressOnline site is identified (presented) to the customers by a server certificate issued by Thawte SGC CA (thawte.com). When you load the ebanking page, an icon of a lock appears near the address field or in the lower corner of the browser depending on the type and version of the browser used.  By clicking on the lock icon you will get more information about the server certificate of the page, which must be issued to Bank of The Bahamas, Ltd.  See examples in table below for your reference:
    BOB Express Online  -  Secure connection certificate Examples
    Mozilla Firefox Google Chrome  Microsoft Internet Explorer

Back to Top

Logoff from BOB Express Online when not in use

When you finish your session on BOB Express Online, use the “Logoff” menu option to terminate your session.

We advise you not to leave your computer without supervision while in active session on BOB Express Online.

If you plan to leave your computer or mobile device unattended, please, click the “Logoff” menu option to terminate the open session with the bank.

To protect your online banking service from unauthorised access, your unattended session will terminate after 10 minutes.

Back to Top

Use updated Operating Systems and reliable Anti-Virus and Anti-Spyware Software
  • Use updated operating systems and software and use reliable antivirus software for your computer or mobile device used to access BOB Express Online.
  • Regularly update the software on your computer. This way you can be sure that your operating system, antivirus and other scans are working optimally to protect you.
  • Install and use anti-spyware software, anti-spam software for your email and computer.  Spyware is a computer program that monitors user activity, recording input user data and sending it to malicious persons. Spyware can be installed on your computer by malicious software, website and email. There are bundled solutions of antivirus/antispyware /firewall. It's recommended to get specialized support for the solution used.
  • Keep your personal or corporate firewalls updated. This security software prevents unwanted incoming and outgoing connections with your personal computer/computer network, especially when connected with Internet.
  • Monitor the warning messages for viruses and especially Trojans. They can be used for identity and personal data theft.  Usually viruses and Trojans are installed automatically when you click on links or open applications in your email or download software of entrusted sources.
  • Do not use beta versions of operating systems and software.

Back to Top

Use Supported Browsers

For maximum security use the following browsers:

  • Desktop/Laptop: Internet Explorer version 9.0 or later or Mozilla Firefox version 45 or later, or Google Chrome 48 or later.
  • Mobile devices:  Specifics will be provided when the mobile banking platform is released.
  • Use BOB ExpressOnline in the protected/ "private" browsing regime.

Back to Top

Do not use public Wi-Fi and computing services when banking online
  • Avoid using BOB Express Online from public computers and public hotspots with internet access (such as internet clubs, cafes, libraries, etc.).  Use your own secure wireless data connection.
  • Avoid using BOB Express Online from computers where you are unable to trust what software is installed.
  • Consider protecting access to your computer with a password, especially if is accessible to other members of your family or roommates.

Back to Top