Booster's cyber security measures

18 February 2020

Online security is more important than ever. Earlier this month, it was revealed that a KiwiSaver provider had been hacked and over 26,000 of its members' details were accessed illegitimately. 

Reports of this nature are always concerning. James Story, our Head of Technology, outlines the steps Booster takes to ensure your personal information is protected.

Firstly, are my savings safe with Booster? Where is my money held?

Your account is invested in shares and the like and any cash awaiting investment or withdrawal is held at BNZ. Getting this money out of the system requires selling your investments, meeting varying different types of criteria and a number of identity checks. It is not as simple as transferring cash held in a regular bank account.

We have regular 3rd party audits that make sure that everything is accounted for and that all the books balance.

How can I keep my online account secure?

We encourage our members to follow cyber-security best practice steps - including having a strong and unique password, enabling 2-factor authentication, using a modern and secure device and browser, regularly checking their account and questioning any unusual contact to avoid falling for phishing or other online scams.

Not sure where to start? Check out our handy guide to keeping your online data safe.

What personal information does Booster hold about me? 

Under the government regulations we operate under, we hold your:

  • Full name

  • Date of birth

  • IRD number

  • Tax rates

We also hold your last known/supplied contact details which may include your email address, phone numbers and residential and postal addresses. We may also have a nominated bank account number on file.

Depending on how you entered our system we may also have proof of identity documents on file that you would have supplied to us. These can include:

  • Driver licence details

  • Passport details

  • Utility details

  • Proof of identity selfies

The Anti-Money Laundering and Countering Financing of Terrorism Act and other, required us to keep these documents on file.

All of this information is held in secure locations and we do regular security checks.

How do I know Booster won’t be the victim of a data breach?

No system can absolutely guarantee that there is not going to be some form of breach. However, to minimise any risk of a data breach, we:

  • Adopt industry best practices for IT security, data privacy and financial record keeping 

  • Constantly review critical areas of the system and look for ways we can reduce any potential impact

  • Require you to look after your online account credentials

If at any time you think your account details might have been illegitimately accessed, change your password and contact us as soon as possible.

What security measurements does Booster have in place?

All of our systems are continuously monitored and updated to ensure that we are as best protected as we can be. IT security is complex and hackers develop new methods daily. We have dedicated staff who keep up with what is known of their methods and protect our system accordingly.

  • We only use software that is known and trusted and from reputable suppliers that take security seriously and provide regular updates.

  • Our systems are regularly audited by 3rd party auditors and security experts to ensure they are as protected as they can.

  • All of our staff know their obligations in terms of handling data and take the privacy of your personal information very seriously. They also undergo cyber-security awareness training.

  • We have our systems segregated and use industry-standard architectural practices.

  • We monitor password attempts on your account and will lock it if there are too many failures in a set time period.
  • We use industry-standard cryptography as and where needed. Your password is stored as a salted hash and is never stored in plain text - we will never ask you for your password.

Are Booster's systems up to scratch? How do you prove that?

Yes - we believe so. No IT system can guarantee with absolute certainty that it can’t be hacked or illegitimately accessed but we do take as many steps as possible to prevent this from happening.

We have regular 3rd party audits, security and data policies in place, and regularly update our systems to keep your data as secure as we can whilst working within the bounds of all of our regulatory obligations.

Does Booster have a data security policy?

In addition to our Terms and conditions and Privacy policy, we have a number of different IT user and system policies that our staff are bound by and uphold. These all cover various aspects of data security and usage of data.

Are there any measures I can take to make sure my account is more secure?

Yes, absolutely. You can make your account more secure by ensuring that you:

  • Have 2-factor authentication enabled. Go to your mybooster account to set this up.

  • Use a unique password that you use only to access your Booster account.

  • Use a strong password at least 12 characters long, using a mix of letters, numbers and symbols and that is not based on a word from the dictionary or a common phrase.

  • Don’t share your password with anyone.

  • Don’t record your password anywhere (don’t write in down).

  • Don’t access your account using public wifi or computer systems that may be compromised e.g. don’t access your account using a computer at an internet café.

  • Only access your account using a computer that is patched and free from viruses and uses a fully up-to-date browser.

  • Use an email address that only you have access to that also has a strong and unique password.

  • Change your password if you think that someone else might know it.

  • Ensure any links always resolve to booster.co.nz with a secure padlock in your browser.

  • Don’t click unknown links or give up information to people you can’t be sure are from Booster.

Make sure you regularly review your account. Do you see any unusual activity? If so, please phone us on 0800 336 338 or contact us directly.

Here's Booster's guide to keeping your online data safe

 

James Story

By James Story

James is Booster's Head of Technology. He is responsible for ensuring the Booster platform is future-ready and keeps up to date with the changing world of business and technology.