Security policy

To be registered on some of our pages (have a username and password) you must meet the minimum conditions required in the password request procedure, otherwise SOUTH AMERICAN reserves the right to reject the application.

For your security, when you use the code we assigned you for the first time, the system will automatically request that you change it. This new code must not be related to events such as birthdays, anniversaries, license plate numbers, or in general any information that is easy to know or find out.

Recommendations:

• Make sure you change your password at least once a month (especially if you have been forced to use it from a public site) or sooner if you suspect that you have lost your confidentiality; in this case, you should also contact the helpline to report the case.
• Your username and password are personal and non-transferable. Please memorize them and always keep them absolutely confidential.
• When you enter your password, make sure no one is watching you.
• If you have forgotten your password, you must enter through the option: Forgot your password? found on the right side of the page and follow the procedure indicated there.

Recommendations:

• Install and constantly update an antivirus and firewall system on your personal computer.
• Install programs or applications from your device's official app stores.
• Periodically update your Internet browser to make the use of the pages even safer.
• Avoid banking or financial transactions from public or unknown computers, such as Internet Cafes, Airports, Hotels or Universities.
• Make your transactions only from your personal computer, from your home or office.
• For your safety, never provide personal information to people who request it under the pretext of participating in contests, prizes or any other type of offer.
• Do not fill out forms included in emails or respond to requests for confidential information through them.
• When you finish an online transaction, make sure you log out, delete temporary files regularly, and NEVER store passwords in your browser.
• Browse on known and safe sites.
• Read the terms and conditions of the applications or services you subscribe to.
• Review the permissions you grant to your installed applications or websites as they may obtain information you do not want to share.
• Avoid connecting USB devices or removable media from unknown sources.
• Make backup copies of your personal information.

A secure site allows all information to travel encrypted, from the client to the server or vice versa.

Recommendations:

• Write directly on the address field www.suramericana.com and verify that the address does not change.
• Unless the alert option is disabled, a message should appear before you enter informing you that you are entering a secure page.
• Padlock: Check that the padlock icon appears in the lower right corner or at the end of the address bar (depending on the type of browser). This indicates that the connection is secure.
• HTTPS: Check that the “S” appears after the protocol (http) in the address field, this indicates that the page is secure.

Suramericana SA has official security certificates with which you can make transactions and operations through our websites in a safe and secure manner.

As Internet users we are exposed to malicious programs, viruses or different techniques that can be used to obtain confidential information.

Its purpose is to alter the normal functioning of the computer, without the permission or knowledge of the user. Viruses usually replace executable files with others infected with the same code. Viruses can intentionally destroy data stored on a computer, although there are also more "benign" viruses, which are only characterized by being annoying.

Computer viruses basically have the function of spreading, they are very harmful and some also contain an additional payload with different objectives, from a simple joke to causing significant damage to systems or even blocking computer networks by generating useless traffic.

Some types of computer viruses and techniques used to compromise your information.

From the English term malicious software, it is a program that aims to infiltrate or damage a device without the knowledge of its owner and for very diverse purposes, since in this category we find everything from a Trojan to a spyware (spyware).

These are applications that collect information about a person or organization without their knowledge. The most common function of these programs is to collect information about the user and distribute it to advertising companies or other interested organizations, but they have also been used in legal circles to gather information against criminal suspects, such as in the case of software piracy.

From the English word ransom, meaning ransom, and ware, short for software, it is a type of malicious program that restricts access to certain parts or files of the infected operating system and demands a ransom in exchange for removing this restriction.

A keylogger is a key recorder that can be harmful to your mobile device because you don't know who is watching what you type, especially if it is something confidential, such as a credit card number or the password of an online account.

Phishing is a type of Internet fraud that uses “misleading” email messages and fraudulent websites designed to confuse recipients into disclosing personal financial information, such as credit or debit card numbers, passwords, usernames, or other personal data such as ID or NIT.

Phishing is a computer term that refers to a type of crime that falls within the scope of scams and is committed through the use of a type of social engineering characterized by attempting to fraudulently acquire confidential information (such as a password or detailed information about credit cards or other banking information).

How to detect it?

Cybercriminals send an email in the name of a supposedly trustworthy entity or person, including urgent situations so that people react immediately and respond with the information they want. They usually include a fake link that appears to take you to the legitimate website they are impersonating, but in reality it leads to a fake site or even a pop-up window that looks just like the financial institution's official website. They may also include attachments that in some cases are malware.

In terms of network security, it refers to the use of identity theft techniques, generally for malicious or investigative purposes. There are different types depending on the technology:

How to detect it?

IP Spoofing: IP spoofing. This basically consists of replacing the source IP address of a TCP/IP packet with another IP address that you wish to spoof. It must be taken into account that the responses from the host that receives the packets will be directed to the spoofed IP.

ARP Spoofing: ARP table spoofing - This involves constructing modified ARP request and response frames in order to falsify a victim's ARP table (IP-MAC relationship) and force it to send packets to an attacking host instead of their legitimate destination.

DNS Spoofing: Domain name spoofing. This involves falsifying a “domain name-IP” relationship in response to a name resolution query, i.e. resolving a certain DNS name with a false IP address or vice versa.

Web Spoofing: Spoofing a real website (not to be confused with phishing). It routes a victim's connection through a fake website to other websites in order to obtain information from the victim (web pages viewed, form information, passwords, etc.). The fake website acts as a proxy, requesting the information required by the victim from each original server and even bypassing SSL protection.

Mail Spoofing: Email impersonation of the email address of other people or entities. This technique is used to send emails for phishing and SPAM purposes.

Date for last update: May of 2021