Security

Commitment to Your Privacy

The Bank is committed to ensure that all transaction performed by customers through our Internet Banking Services are always secure, safe and confidential. The Bank however does not have the control over the computer, software, systems and other incidentals used by Customer to access to our Internet Banking Services. As such, please observe and ensure that your computer do not provide anyone to gain access to your information. For added security, the Bank has incorporated a function to automatically log out when no activity is detected for a preset duration.

Data Integrity

All the Customers information transmitted over Bank Islam Malaysia Berhad Internet Banking Service are stored using the SSL (secured socket layer) and they are assured to enjoy the high standard of confidentiality, integrity and security.

Employees Access To The Information

The Bank authorizes only such employees as are strictly relevant or required to access the Customer’s information. Our authorized employees, who are fully trained and well equipped, are required to adhere to safeguarding the privacy of the Customer information.

Use and Disclosure of information

Customer’s information are required to enable the Bank to process the Customer’s applications to provide instructions and conduct transactions pertaining to online services offered by the Bank. Generally, the nature of information that are required includes but shall not be limited to address, telephone number, age, gender, identity card or passport number and where applicable, financial information such as information of income, liabilities, account information, account balance, payments records and in case of a corporate customer, names and particulars of authorized officers, directors, shareholders, country of incorporation and such financial information of the company as the Bank shall require from time to time.

^{With strict compliance to Islamic Banking Act 1983, the Bank will not disclose the Customer’s information to any third party or external organizations.}

Nevertheless, the Bank may disclose the Customer information where:

• It is required by law, Court order or is otherwise legally permitted;
• Such disclosure is required under pursuant to any legislation or regulation to be divulged to any agency, agencies or bodies established or approved by Bank Negara Malaysia;
• Requested or permitted by the Customer in writing;
• In connection with examination by banking authorities.

Accuracy of Information

The Bank understands that keeping your information and data accurate, complete and updated are important. However, to ensure these, the Customer is advised to help the Bank maintains accurate and complete and most updated information by furnishing this information timely.

Customers Queries, Concerns and Complaints

Customer may address any queries, concerns or complaints relating to the Bank handling of your data and information via telephone, post or e-mail to our Contact Center at:

^{Bank Islam Contact Centre
Level 17, Menara Bank Islam
No. 22, Jalan Perak
50450 Kuala Lumpur
Telephone: +603 2690 0900
Email: contactcenter@bankislam.com.my}

Security Statement

Bank Islam Malaysia Berhad is dedicated in ensuring all online financial service is not only geared for the ease and speed of performing banking transactions but also to maintain a secured site to commensurate with the basic security principles to protect your transactions: Confidentiality, Integrity and Availability.

Authentication

• All users access to our Internet Banking system is authenticated via User ID and password. User IDs and passwords help maintain individual accountability for Internet resource usage. Any user who obtains a password or ID for an Internet resource must keep that password confidential. The Bank’s policy prohibits the sharing of User IDs or passwords obtained for access to online financial sites. Therefore, our advice to our client is to keep User ID and password unique and should not be revealed.
• The Bank cannot be held responsible for any breach of security in relation to password sharing. In order to help you to ensure integrity of your passwords, the Bank would advise the following:
  • For bankislam.biz User- id and Password, you have to select your own preferred user- id and between 8-18 alphanumeric password.
  • Do not write passwords down and store them anywhere. Do not store passwords in a file on ANY computer system (including Palm Pilots or similar devices) without encryption. The most secured way of storing password is your memory.
  • Try avoiding easily guessable passwords and refrain from creating password based on name, birth date or simple word. Do not use simple words, your name, birth date, telephone number.
  • Strong passwords have the following characteristics :
    • Contain both upper and lower case characters (e.g., a-z, A-Z)
    • Have digits and punctuation characters as well as letters e.g. 0 – 9 , ! @ # $ % ^ & * ()_+l~-={}[]:”;`<>?,./
    • Must be between 8-18 alphanumeric characters long
    • Are not a word in any language, slang, dialect, jargon, etc.
    • Are not based on personal information, names of family, etc.
  • Do not share your password with another person as this is also giving the authority to that person to use your User ID and password when performing transactions. It should not be disclosed even if requested by an authorized Bank Islam officer.
  • Do change passwords frequently.
  • Users are warned to be aware of fictitious websites and not to disclose their User ID and password on such websites. Users should ensure only genuine Bank Islam websites are accessed to guard against spoofing of User ID, password and PIN information.
  • In addition, we have also put in place the password expiry system and auto disabled access for inactive users for such duration.
  • Any suspicious encounters, call our Contact Center at +603 2690 0900.
• While the Internet Banking is essentially an additional banking channel that the Bank is offering to the Customers for convenience, the Bank has assessed the risk from operational as well as from technology and security perspective. However, the Bank do not have the control on the usage of the computer which the Customers are accessing to the Bank Internet Banking Service, therefore, Customers are advised to observe the following when performing transactions at Internet:
  • Please ensure that your computer does not provide anyone the opportunity to gain access to your information. As an added security feature, we have incorporated a function to automatically log out when no activity is detected for a preset duration.
  • Please ensure that the computer you are using does not allow eavesdropping or recording of activities.
  • Customers are advised to perform log out from bankislam.biz before visiting other websites or immediately upon completion of transactions.
  • Do not send any information pertaining to your account via internet
  • Please disable the Auto complete function on the computer browser to avoid the automatic completion of your id when User ID is type.
• To turn on or off the function in MS Internet Explorer browser:
  1. Click the “Tool” menu to get the “Internet Options” function,
  2. Click “Internet Options” to get the ” Content ” tab
  3. From this tab, click the “Auto Complete ” button,
  4. To disable the “User ID and Passwords on forms”

Data Privacy, Confidentiality and Integrity

• From the technology perspective, the Bank will ensure and use the best available technology for security and protection where all information transmitted over the Internet is encrypted using the 128-bit Secure Sockets Layer (SSL) protocol.
• All information portrayed on Bank Islam Malaysia Berhad websites is classified in accordance with our data classification policy. All transactional related information on our websites is classified as Highly Confidential and kept encrypted.
• Our banking application is designed to allow complete session termination and does not allow caching of information.

Access Control/System Design

• The Bank has installed a variety of firewalls, proxies, Internet address screening programs and other security systems to assure the safety and security of the Bank’s networks.
• Files containing sensitive company data as defined by existing corporate data security policy that are transferred in any way across the Internet must be encrypted.
• Only those Internet services and functions with documented business purposes for the Bank will be enabled at the Internet firewall.
• The Bank’s network security policy requires that all FTP transactions and JAVA downloads be blocked at the [outermost] firewall.
• The Bank’s network segments are organized to prevent access by unauthorized persons. Corporate computing resources are isolated from internet-based servers.

Anti Virus Protection

• In line with our Corporate anti virus policy, all our servers/platforms are equipped with appropriate software protection and are not susceptible to any malicious code attack.
• Although the Bank has a very stringent corporate security policy on anti virus protection, we are unsure of computers used to access our online financial portal. All desktops used to access our online financial service should be at minimum:
  • Protected with anti virus software
  • Virus signature updated on a weekly basis
  • Enabled with screen saver with password to discourage unauthorized access.

Operating System and Browser’s Update

• Always update your operating system and browser when new versions or patches are released, as it is may include new security feature. Security updates patch vulnerabilities that may be exploited, helping to keep users data safer.
• Regular security updates help protect computers from malicious attacks, so upgrading and staying current is important.
• Check your browser for built in safety features that you may or may not use.
• Recommended to use latest Microsoft Internet Explorer version.

Security Audit and Monitoring