Investing with Fundsmith online is quick, easy, convenient and safe.
Fundsmith makes every effort to maintain customer confidentiality when securing an online payment. This includes ensuring the security of your payment details and other personal information.
All of your personal information is encrypted as it travels over the Internet.
How we secure your payment information when you invest online;
- When you invest with Fundsmith over the Internet, your web browser connects with the website through an SSL ("Secure Sockets Layer"). When information is encrypted, it is scrambled between your computer and our server. The information is only unscrambled when it safely reaches us. It's fast and safe, and it ensures that your personal information cannot be read by anyone else. Server-Gated Cryptography (SGC) Certificates enable 128-bit SSL encryption, the most powerful SSL encryption commercially available today.
When an SSL handshake occurs between a client and server, a level of encryption is determined by the Web browser, the client computer operating system, and the SSL Certificate. Strong encryption, at 128 bits, can calculate 288 times as many combinations as 40-bit encryption. That's over a trillion times stronger. At current computing speeds, a hacker with the time, tools, and motivation to attack using brute force would require a trillion years to break into a session protected by an SGC-enabled certificate.
- We have implemented CSA - Cisco Security Agency - which is an endpoint intrusion protection system. This is rule based software which examines system activity and network traffic and determines which behaviours are normal and which may indicate an attack. CSA uses a two or three-tier client-server architecture. The Management Centre contains the program logic, a Microsoft SQL database backend is used to store alerts and configuration information. The Agent is installed on the servers to be protected. The Agent then communicates with the Management Centre, sending logged events to the Management Centre and receiving updates in rules when they occur.
- On top of that there are numerous firewalls between our own servers and we use Sophos Endpoint Security and Control virus protection.
As you invest we need to capture your personal details. At this point the information is encrypted. You can tell this is happening as browsers will display a key or padlock in the bottom left corner of the screen.
Completing the transaction
When you send your personal details to us, none of the information is stored on the website, it is passed straight back to our secure servers at IFDS Ltd, the fund registrar, where it only exists as part of the record of your transaction.
Using My Account section to securely monitor your investment
Fundsmith makes every effort to ensure only authorised access is made to the My Account section of the website.
A PIN will be generated when you become an investor and sent to your registered address by post. You will need this for access to the My Account section of the website along with your Internet ID which is included in your email confirmation at the time of investment.
You will also be asked a security question (your mother’s maiden name) in order to verify your identification on your first login to our system.
Access to your information is via the My Account section, which also uses SSL.
Note: This information reflects our current security policy. If there are any changes in industry standards, the law or our procedures, the information in these pages will be updated.
Important notice about Internet fraud - "Phishing"
There is an Internet fraud practice known as "Phishing" which is the illegal gathering of personal information by deception. Unsolicited emails are sent to customers from lists illegally gathered by a third party, and ask them to enter or reconfirm bank or password details into a 'cloned' or illegal copy website.
For your protection please be aware of the following facts:
Fundsmith will never ask you to enter personal bank account or credit card details into an email or through a link sent via an email.
You will only be asked for your card payment details at the time of investment on fundsmith.co.uk. We require this information specifically to debit your card in relation to your investment.
Legitimate emails from Fundsmith will contain your unitholder ID and the email will not have been sent from a web-based mail server such as, gmail, hotmail or yahoo.
Fundsmith will never request money payments through a third party, such as Western Union.
N.B. If you have reason to suspect an email claiming to be from Fundsmith is fraudulent, please forward it to firstname.lastname@example.org to investigate its authenticity and take appropriate action.