You should not voluntarily disclose any access code, including account password, one-time password(OTP), 2 Factor authentication code (2FA) to any third party except as instructed by Xfers to initiate or execute any payment transaction.
You should also not disclose any access code in a recognisable way on any payment account (e.g. your bank account or Xfers account).
You are also advised not to keep records of any access code, including account password, one-time password(OTP), 2 Factor authentication code (2FA) in a way that allows any third party to easily misuse.
If you keep a record of any access code, please make reasonable efforts to secure the record, including: (a) keeping the record in a secure electronic or physical location accessible or known only to you; and (b) keeping the record in a place where the record is unlikely to be found by a third party.
Where you are using a device to access your Xfers account, please make sure you have done the following:
Update the device’s browser to the latest version available;
Patch the device’s operating systems with regular security updates as recommended by the operating system provider;
Install and maintain the latest anti-virus software on the device, where applicable; and
Use strong passwords, such as a mixture of letters, numbers and symbols