At Scotiabank, we want you to feel confident that your accounts and identity are well protected. This is why during September 2007 we will introduce Multi Factor Authentication (MFA), a new way to access our Internet Banking Services.

Some key points about Multi Factor Authentication:

• MFA is an extra layer of security, which ensures that only you can access your bank accounts.
• MFA is FREE and it is a simple way to help prevent unauthorized account access and identity theft.
  
• MFA confirms your identity before account access is granted.
  
• Setup takes approximately 5 minutes.
  
• MFA does not replace or change your current card number, login ID or password. They will stay the same unless you choose to change them.

If you already use Internet Banking, you will just need to take a few minutes to enroll in MFA. During enrollment you will be asked to select five authentication questions and enter your response to each of these questions. You will also be asked if you want to register the computer you are using to access Internet Banking. If you access Internet Banking using a computer that is not registered you will be prompted to answer the authentication questions you selected when you enrolled in MFA.

If you need assistance or have any question about MFA, call us at TeleScotia at 787-766-4999 or toll free at 1-877-766-4999.

For more information on the MFA please click on the links below:

• MFA Guide in pdf
• Click here to view our FAQ section in pdf.

PLEASE READ THE FOLLOWING INFORMATION REGARDING IDENTITY THEFT AND HOW YOU COULD PREVENT IT

Identity theft typically happens when someone wrongfully acquires or uses another person's personal data to that other individual’s financial advantage. The activity is also referred to as identity fraud because the criminal impersonates, rather than “eliminates” the victim's identity.

Identity theft results in thousands of dollars in daily losses to consumers and corporations alike worldwide. This fact does not even consider the hours and effort involved in reporting, investigating and correcting the incident itself.

In addressing the negative results of identity theft, many companies, including banks, have invested large amounts of money and resources in providing safety and technology tools to protect customers’ private information. Such initiatives have been primarily directed at protecting banks’ Internet service users during the execution of banking transactions.

The response to new safety measures has propelled identity burglars to modify their strategies in developing new techniques to target Internet users directly.

“Phishing” or “Pharming”
A regularly used technique is named “phishing or “pharming”. This approach utilizes an electronic mail (e-mail) to obtain consumer identity information and their credentials, such as account number, username, and password, among others.

The method consists of an e-mail that is sent to a user requesting the user to visit the Web page of a legitimate entity or soliciting the user to access an Internet address that appears legitimate through a link that is directed to an illicit Web page. Once the user reaches the illegitimate page, identity thieves steal all personal information disclosed for future illegitimate use, including usernames and passwords. In some cases, while claiming a security breach, users are requested to validate their personal information such as name, address, social security number, and bank accounts, among others.

Key Logging
This strategy utilizes a computer program to send through the Internet to another personal computer the full sequence of keys previously used in the computer’s keyboard. This unsolicited program usually appears in the form of a computer virus attached to an incoming e-mail, or as a download of other Internet programs without the customer’s knowledge. This infectious method is known as Spyware or Adware.

HOW TO PROTECT YOUR IDENTITY WHILE USING THE INTERNET

Scotiabank de Puerto Rico recommends being extremely cautious when receiving e-mail and paying close attention to messages, particularly to those that solicit personal information. Scotiabank WILL NEVER send an e-mail to request your personal information.

Keep in mind the following security guidelines to prevent or avoid identity theft via the Internet:

1. Never respond to an e-mail that requests your personal information.
2. Always make sure that you are accessing the correct Internet Web page. Scotiabank de Puerto Rico’s Internet Banking Web page address is as follows:
   https://enterprise2.openbank.com/scopr/logon/user
3. Make sure that there is an “s” following the letters “http” in the web address. The “s” indicates that the connection is secure.
4. Verify that there is a lock symbol in the lower right hand side of your monitor that resembles this one . This symbol signals that an authenticity certificate protects the page. The lock symbol must be present on all Internet Banking service pages of Scotiabank de Puerto Rico (except on the main page, scotiabankpr.com). If the lock symbol does not appear, do not utilize the Web page for bank transactions or for personal data submission.

FREQUENTLY ASKED QUESTIONS ABOUT INFORMATION SECURITY IN THE INTERNET

Is my confidential information secure?
Every time there is a request for confidential information through the Internet, including details of your personal accounts, we require a safe session utilizing Secure Socket Layer (SSL) technology. This constitutes an encrypted technology that employs public codes to encrypt communications between your SSL browser and our Web page. Such safety mechanism prevents data interception.

Which browsers support SSL?
We recommend the use of browsers supporting SSL encryption such as Microsoft Internet Explorer version 5.5 or over, Netscape version 7.x or over, Mozilla version 1.x or over, Safari version 1.x or over, and Opera version 6.x or over. Should you utilize a different browser, verify the documentation to confirm SSL capability. Do not use any Beta version browser for secure transmittals.

How can I verify that a session is secure?
Safe communication through a Netscape browser will show a locked yellow padlock symbol on the lower section of your monitor. With an active Microsoft Internet Explorer browser, a secure session will be illustrated by a padlock at the bottom of the browser window similar to this symbol . On a Macintosh system, a securely encrypted session will be represented by a blue line under the menu and a yellow padlock at the bottom of the browser window. Additionally, you can be certain of a secure session on any browser if the address starts with https://.

Which browser is required for Internet Banking?
We recommend using a browser with SSL supporting an encryption of 128-bit, which provides an even more secure communication at no additional cost. The following browsers are recommended for use with Scotiabank Internet Banking:

Internet Explorer version 5.5 SP1 or over for Windows 2000 and XP,
Internet Explorer version 5.x or over for Mac OS 9 and X,
Netscape version 6.1 or over for Windows 2000 and XP, and Mac OS 9 and X.

Scotiabank is committed to continuing with our efforts of protecting our customers’ security and privacy. Should you have any questions regarding this information, contact TeleScotia at 787-766-4999 or 1-877-766-4999.

Trademark of the Bank of Nova Scotia, used under licence.
Member FDIC. OCIF Lic. 22.