Nedbank ID, digital interaction and authentication mechanisms

Terms and conditions

1. Introduction

1.1 Digital interaction means communication with and access to any services through any systems and devices. 

1.2 Systems and devices mean any digital information systems, digital platforms, equipment, software, mobile devices and/or any other hardware devices.

1.3 When interacting digitally with Nedbank Group Limited or any of its subsidiaries (Nedbank/we/us/our), you will be required to use authentication mechanisms that allow you to access our services and products. An individual will be required to use one level, and a juristic entity two levels, of authentication. The authentication mechanisms are the following:

• First level of authentication mechanism (for individuals and juristic entities). The first level of authentication is the Nedbank ID, which consists of your username, password, personal identification number (PIN) or biometric characteristics, or any combination of these. 
  
  
• Second level authentication mechanism: Two-factor authentication (2FA) mechanism 
  • for juristic entities: The second level of authentication is provided by Fast Identity Online (FIDO) hardware tokens and/or the Nedbank Business Authenticator app, which can be downloaded for free. Linked to the 2FA mechanism is the client-side certificate. The certificate complements the 2FA mechanism to protect you and us against the interception of communications
  • for individuals: Quick Response (QR) code. For these purposes, a QR code means a type of two-dimensional (2D) bar code that is readable and used to provide access to online information through the digital camera on a smartphone or tablet. (Collectively ‘authentication mechanisms).

2. Binding terms

2.1 Please familiarise yourself especially with the bold text set out in the terms and conditions as it may:

• limit our or a 3rd party’s risk or liability;
• create risk or liability for you;
• compel you to indemnify us or a 3rd party; and/or
• mean that you acknowledge a fact.

2.2 Nothing in these terms and conditions is intended or must be understood to restrict, limit, or avoid any rights or obligations you have in terms of the Consumer Protection Act, 68 of 2008, unlawfully. 

2.3 These terms and conditions are in addition to the terms and conditions relating to your Nedbank account(s) or any other Nedbank service channels or products used by you. 

2.4 If there is a dispute about any of the items listed in clause 2.6, these terms and conditions will apply. If there is a dispute about your Nedbank account, other service channels or products, the terms, and conditions applicable to those will apply.

2.5 These terms and conditions are governed by the laws of the Republic of South Africa and will become binding on your acceptance of them. 

2.6 These terms and conditions apply to:

2.6.1 your digital interaction with us;

2.6.2 the creation of a Nedbank ID;

2.6.3 the use of the 2FA mechanisms; and

2.6.4 the use of the QR code scan. 

3. Creating a Nedbank ID

3.1 To create a Nedbank ID, you will receive a prompt to enter your personal details on your device, which may include your identity number, name, surname, cellphone number and email address. If you are an existing Nedbank client, you may also use your existing profile, PIN, and password to create a Nedbank ID.

3.2 You will then have to select a username, password, personal identification number (PIN) or biometric characteristics, or any combination of these, after which we will send you an Approve-it message to the cellphone number you gave us. 

3.3 Once you have reacted positively to the message, your Nedbank ID will have been registered. 

3.4 If you are using any of our services that require 2FA, you must enter your Nedbank ID details correctly to access such services.

4.  Warranties

You warrant that you are duly authorised to:

4.1 engage with us by way of digital interaction;

4.2 create and register a Nedbank ID;

4.3 if applicable, apply for, accept, and use a 2FA mechanism;

4.4. if applicable, select the Nedbank Business Authenticator app;

4.5 if applicable, act on behalf of the juristic entity that is or will become a user of our services; 

4.6 if applicable, use your personal mobile device to access the Nedbank Authenticator app; and

4.7 accept these terms. 

5. Freezing, suspension, modification, restriction and termination

5.1 We may freeze, suspend, modify, or restrict your use of the authentication mechanisms or terminate your use of the authentication mechanisms immediately at any time without prior notice to you due to, including but not limited to, the following circumstances:  

5.1.1 If we are compelled to do so by law.

5.1.2 If we have reasonable suspicion that the authentication mechanisms are being used for illegal, unlawful, or fraudulent purposes.

5.1.3 Your conduct resulting in a breach of our regulatory obligations. 

5.2 We will give you reasonable prior notice if we want to freeze, suspend, modify, or restrict your use of the authentication mechanisms or terminate your use of the authentication mechanisms due to, including but not limited to, the following circumstances, as determined at our sole discretion:

5.2.1 If we are compelled to do so by law. 

5.2.2 If there are reputational risks.

5.2.3 If there are operational or business reasons.

5.2.4 You no longer have a Nedbank account.

5.2.5 You no longer qualify for a Nedbank account according to our product specifications. 

5.2.6 You no longer qualify for the authentication mechanisms.

5.2.7 You breach this agreement. 

5.2.8 You breach any other agreement with us. 

5.2.9 You breach any of the other service channel and/or product terms and conditions.

5.2.10 You do anything (or allowing anything to be done) that we think may damage or affect the operation or security of the authentication mechanisms.

6. Privacy consent

6.1 Subject to applicable laws, regulations, and our privacy policies, you give us permission to process your personal information as we see fit for both your and our legitimate interest. This includes your race, biometrics, and alleged criminal behaviour (if necessary) 

6.2 You consent to us accessing your credit bureau data, obtaining your bank statements from your bank, sharing your information with third parties sharing information about your application with third parties, collecting your personal information from third parties, sharing information about your application with the Southern African Fraud Prevention Services and processing your personal information outside South Africa.

6.3 Processing includes doing affordability assessments, credit scorings and profile building that may help us offer you a product or service that will suit your needs. 

6.4 You may ask for a description of your personal information that we have on record and for the details of third parties who have, or having had, access to your personal information. 

6.5 You may withdraw your consent by notifying us in writing. You may also ask that we correct or delete your information, object to us having had your information, and send a complaint to the Information Regulator.

7.  Your responsibilities and obligations

7.1 You acknowledge that we are not responsible for the suitability or maintenance of any systems and devices that you use in relation to Nedbank ID, your 2FA mechanisms, our services, or any digital interaction with us. 

7.2 You must:

7.2.1 ensure that the most recent and applicable security software is installed on all systems and devices, and that there are no destructive programmes, such as viruses, worms and spyware on the systems and devices; 

7.2.2 adhere to all our operating, maintenance and security requirements and procedures (including encryption standards); 

7.2.3 take all reasonable precautions to protect all systems and devices and always keep them free of malware, and likewise, we will take all reasonable precautions to protect you and our services from malware;

7.2.4 not jailbreak, root, or circumvent any standard security settings that have been installed on any systems and devices;

7.2.5 make sure that all systems and devices can communicate with ours and meet our specifications for the installation and configuration of any services;

7.2.6 maintain software licence arrangements, pay licence fees, and get the telecommunications lines, hardware, software, and consumable materials (and any updates or upgrades) necessary to access and use our services; 

7.2.7 ensure the integrity, safekeeping and confidentiality of all communication lines, data, confidential information, and the authentication mechanisms you use; and

7.2.8 not operate or use any systems and devices in a manner that may be prejudicial to us. 

8. Safekeeping of authentication mechanisms

8.1 You may link only one Nedbank ID to the Nedbank Business Authenticator app. 

8.2 You may share the FIDO hardware tokens.

8.3 Except as provided in 8.2 above, your authentication mechanisms are for your exclusive use.

8.4 You must therefore:

8.4.1 keep your Nedbank ID details, as well as 2FA mechanisms and client-side certificate, private and safe and take all reasonable precautions to prevent unauthorised or fraudulent use of that and/or any damage to that; and 

8.4.2 not disclose or respond to any requests for any of your Nedbank ID details to anyone or record your Nedbank ID details in any way that may result in it becoming known to anyone. Do not record your Nedbank ID details anywhere in any form. 

8.5 You must inform us immediately if you become aware of or reasonably suspect any unauthorised access to, or compromise and/or use or loss, of your mobile device, any other devices used to access our digital channels, or your authentication mechanisms. You must have appropriate measures in place to minimise any loss or harm that may result from unauthorised access, including changing / deactivating your Nedbank ID. 

8.6 Once your correct Nedbank ID details have been entered, your chosen 2FA mechanism will be activated and the client-side certificate installed, we will accept and process your instructions, irrespective of whether any of your details may have been entered fraudulently or without your authority.

8.7 You can change your Nedbank ID at a Nedbank branch or on our digital channels or by contacting your relationship manager or banker.

8.8 If you no longer have access to your current 2FA mechanisms and wish to reapply, contact your client administrator, or complete the token replacement form on the Nedbank Business Hub landing page.

8.9 You must remove the FIDO hardware token or other tokens from your device, lock your device and close your applications while you are not transacting. Make sure that your tokens are always kept in a safe place.

8.10 We will not be liable to you for any claims or losses incurred due to an unauthorised person gaining access to any one of your authentication mechanisms or if you are defrauded because your device was stolen or compromised and any of our services or because we acted on an instruction received from such unauthorised person.

9. Digital interaction risks

You accept all risks attached to digital interaction with us. These risks include that: 

9.1 it may not be the safest way of instructing us as digital interaction may be tampered with before, during or after transmission and can be fraudulently manipulated;

9.2 receipt or execution of digital interaction may be delayed because systems and devices failed, malfunctioned or were unavailable; 

9.3 digital interaction may be illegible or inaudible, which may lead to instructions not being executed as intended;

9.4 we cannot verify email addresses, fax numbers and signatures;

9.5 we cannot establish the identity or designation of the sender of the digital interaction; 

9.6 we may not always be able to confirm receipt of digital interaction instructions; and

9.7 natural phenomena, riots, acts of vandalism, sabotage, terrorism, electricity interruptions or any other event beyond our control may affect the receipt or execution of communication through digital interaction.

10.  Liability

10.1 Except where damage or loss arises directly or indirectly from our wilful misconduct or gross negligence (or any person acting for or controlled by us), we will not be liable to you for any damage or loss that you may suffer because of:

10.1.1 your using Digital Interaction to communicate with us and any of the associated risks explained above;

10.1.2 any access to your Nedbank ID, the 2FA mechanism selected and used by you, the client-side certificate or QR code or from any breach of security or any destruction of your information; 

10.1.3 any action taken in terms of clause 5;

10.1.4 any person having gained unauthorised access to any information or data;

10.1.5 incorrect information having been given to us or to any person, and reliance thereon; 

10.1.6 the use of or inability to use your authentication mechanisms and/or our services; 

10.1.7 any breach of these terms; 

10.1.8 an infringement of any intellectual property rights;

10.1.9 any instruction you gave us, including any incorrect, illegible, incomplete, or inaccurate information or data;

10.1.10 any inadvertent delays in accessing or using our services;

10.1.11 any use, misuse, abuse, or possession of any software used to access our services;

10.1.12 any unauthorised or unlawful access to any of your accounts or data or any loss, destruction, or theft of or damage to any of your or our data or equipment;

10.1.13 your failure to comply with any of your obligations or any banking and security procedures and requirements we have specified;

10.1.14 any malfunction, distortion, interruption, failure, glitch, bug, or defect experienced with, or the unavailability of, any systems and devices or communication links used in relation to our services; 

10.1.15 any security breaches caused by you or a third party;

10.1.16 the destruction of or damage to our or your systems and devices because of power failures or similar occurrences; 

10.1.17 any false, fraudulent, or altered instruction, mandate, consent, commitment or the like that is allegedly given by you; 

10.1.18 any lack of or failing in your authority to represent or act on behalf of any third party; and

10.1.19 your acting outside of your mandate. 

10.2 Any demand, claim or action arising against us in connection with the circumstances in this clause will be limited to direct damages. Special or consequential damages are hereby specifically excluded. 

11. Intellectual property rights

11.1 We will retain all intellectual property rights to any of our authentication mechanisms, services, systems and devices, and documentation used to provide the services.

11.2 You may not duplicate, reproduce, decompile, reverse-engineer, create derivative works from or in any way tamper with any of our intellectual property or any device, certificate, software, or documentation. 

11.3 You may not infringe or misappropriate any of our or a third party’s intellectual property or other proprietary rights when accessing and using our services and performing your obligations as recorded in these terms.

12. Contact us

If you have any questions or want to report fraud or submit a complaint or claim in connection with your authentication mechanisms, call us on any of the numbers listed below.

Retail: 0800 555 111

Retail Relationship Banking: 0860 116 400

Retail Business Banking: 0860 111 055

Nedbank Corporate Invest Banking Service Desk: 010 217 4340

13.  Address for notices 

13.1 The physical or email address that you gave us in the application, or the most recent address given to us is the address you choose as your domicilium citandi et executandi where we can deliver legal notices, orders, or other documents to you.  

13.2 Either party may change their physical or email address by notifying the other party via email. The email address to which you may send a change of address notification can be obtained from a branch or NCC. The change of address will be effective on the 5th Business Day after receipt of the email. 

13.3 A legal notice, order or other document will have been properly served when it has been sent by email or delivered to that party or sent by registered mail to that party’s last known address. If you have not informed us of a change of your email or physical address, we will continue to use the last address given, even though the information may be incorrect. 

13.4 You may send any legal notices, orders, or other documents to our domicilium citandi et executandi: 

 Group Legal Counsel

 Nedbank Group Legal 

 Nedbank 135 Rivonia Campus, 135 Rivonia Road, Sandown, Sandton, 2196 

13.5 Unless the contrary is proved, any legal notice, order, or other document: 

13.5.1 sent by email to the chosen email address will be considered received on the date it was sent.  

13.5.2 delivered by registered mail, will be considered received within seven Business Days of the posting date. 

13.5.3 delivered by hand will be considered received on the date of delivery, provided it was delivered to a responsible person during ordinary business hours. 

13.6 If the date of delivery falls on a weekend or public holiday, the legal notice, order, or other document will be considered received on the next Business Day.

13.7 Any legal notice, order or other document received by a party will be adequate written notice or communication to that party, even though it may not have been sent to or delivered at the chosen address.  

13.8 It is your responsibility to notify us of any changes to your address and contact details. 

14. Complaints process and alternative dispute resolution

14.1 If you have a dispute or complaint regarding these terms, you can call our Client Complaints Helpline on 0860 444 000 or email us at clientfeedback@nedbank.co.za. You will need to give us a written statement setting out the dispute or complaint. We will investigate your dispute or complaint within a reasonable time, keep you informed during the investigation, and give you a final written response.

14.2 If your dispute or complaint remains unresolved or you are dissatisfied with the outcome, please email us at complaintappeals@nedbank.co.za.

14.3 You also have the right to contact the National Financial Ombudsman and/or the Financial Sector Conduct Authority and/or the National Consumer Tribunal at any time using the details below: