As per the email and digitally signed document you have received, Trafigura confirms that official banking details for our entities have changed.

Kindly ignore any other form of communication about change in the bank details from any source other than the the PDF that has been digitally signed by Stephan Jansma.

Any banking details communication that is not sent from Trafigura and that is not in a digitally signed PDF you should treat as highly suspicious. Please forward any such communication to fraud@trafigura.com.

Instructions on how to validate the digital signature, to verify the PDF is a legitimate communication, is as follows.

An Introduction to Trafigura Electronic Signatures

Trafigura has implemented digital document signing with Qualified Electronic Signatures, the highest level of trustworthiness and evidentiary value. All signed documents you receive from Trafigura should be signed to this level.

Treat anything signed to a different level as suspicious and forwarded to fraud@trafigura.com.

• A Qualified Electronic Signature (“QES”) is an Electronic Signature which has a qualified digital certificate that has been created by a Qualified Signature Creation Device (QSCD).
• As per Article 25 (2) of EU eIDAS, and as per Article 14 para. 2bis of the Swiss Code of Obligations, documents signed to QES level carry the same legal weight as a handwritten signature.

How to check Digital Signature validity

To establish the validity of the Digital Signature, open the signed PDF document with the Adobe Acrobat Reader program, which is available free of charge from the Adobe.com website.

As a first indicator that the document is valid, you will see that the document status is "Signed and all signatures are valid", indicated with 1 in Figure A below. To complete verifying the validity of the document, check the details of the signatures by clicking on the Signature Panel, indicated with 2 in the below.

Figure A. Document signature overview

1. CHECKING THE SIGNATURE PANEL

The Signature Panel will indicate validity of signature(s) and key properties of the certificates.

 As per the example below, check that the Source of Trust is from "European Union Trusted Lists (EUTL)" and that it states “This is a Qualified Electronic Signature according to EU Regulation 910/2014”. An example of the correct information is indicated by (3) and (4) in the figure below. 

Figure B. Document signature details

The names of the signatory on the letter you receive MUST match the list of digital signatures in the document's Signature Panel on Adobe Acrobat.

2. VERIFYING SIGNING CERTIFICATE DETAILS

You may also examine details of the signing certificate to confirm that it is issued by the expected certificate authority. To do this navigate to certificate details link by expanding Signature Details (1) and clicking on the Certificate Details link (2) in the document, indicated in Figure C below.

Figure C. Document certificate details

Clicking on the "Certificate Details" link will open a dialog box, as shown in Figure D below. Please check that the Certification path (1) and  Issued by field (2) both indicate “TrustPro Qualified CA 1”, and that the values for (3) and (4) match what is shown below.

In example, for (3), your document should also say “This certificate is Qualified according to EU Regulation 910/2014 Annex I” and for (4), “The private key related to this certificate resides in a Qualified Signature Creation Device”.

Figure D. Dialog box for Certificate details

What to do if the signature does not show as valid

If Adobe Acrobat does not reflect that the signatures are valid, try the troubleshooting guidance below.

In order for the signatures to be validated by Adobe Acrobat, the trusted certificates must be loaded.

To verify that the trusted certificates are loaded, go to Edit > Preferences > Trust Manager. In the dialog box, verify that both “Load trusted certificates from an Adobe AATL server” and “Load trusted certificates from an Adobe EUTL server” settings are selected. Refer to the figure below.

If they are not selected, please select both options and refer to the Signature Panel again to verify the validity of the signatures.

If the above information does not resolve the signature validity issue, please contact fraud@trafigura.com for additional support. 

What to do if the signature still does not show as not valid, or
the signatory is issued by an incorrect authority or
the signatory names do not match

Contact fraud@trafigura.com and send the document so we can investigate. To facilitate a thorough investigation, please do also include (as an attachment) the email in which you received the suspicious document.