Security Policy

Understanding that system security has always been the main concern of customers at large in the use of Internet Banking, the Affin Banking Group is committed to ensuring the security and confidentiality of our customers' information and transactions at all times.

This Security Policy spells out the system security arrangements, policies and technologies adopted by Affin Banking Group in meeting this commitment to protect our customers' information and transactions at all times.

Security Arrangements

It remains a permanent policy of the Affin Banking Group to protect all information and transactions that are communicated, processed and stored in the course of doing business with customers via the Internet Banking system to the best of endeavors possible.

To enforce the system security commitment, the Affin Banking Group ensures compliance to the guidelines of Bank Negara Malaysia that was drawn up specifically to protect customers in the use of Internet Banking.

Affin Banking Group ensures that Internet Banking application and system security infrastructure that are developed and implemented by Affin Banking Group meets or surpasses the minimum industry standards.

Affin Banking Group ensures that all system security technologies employed are kept updated and abreast with developments in the industry and ensures its capability to address new threats. Our personnel will at all times be trained to be vigilant of any new threats that may emerge.

In the development of the Internet Banking system and user procedures, Affin Banking Group strives to achieve an optimum balance between system security and convenience. In areas where convenience or function may be deemed as high risk, Affin Banking Group will always opt for system security over convenience.

It is Affin Banking Group's strict policy to NEVER request customers to provide or reveal their passwords or any access codes under whatever circumstances, for whatever reasons and through whatever means. Customers are strongly encouraged to report to Affin Banking Group of any persons, staff or persons purporting to be staff of Affin Banking Group who make such requests.

Username and Password Management

2.1 Our Internet Banking System requires users to select a robust password. The system will verify to ensure that the following rules are observed when selecting usernames and passwords.

Username Rules:-
  1. Minimum of 6 characters in length.
  2. It must be unique in RIB system. There shall be no two users having the same username.
  3. Special characters (eg. # * & % $) and 'spaces' are not accepted
  4. Is case sensitive
Password Rules:-
  1. Minimum of 8 characters in length
  2. Minimum of 8 characters in length
  3. Password should not equal or contain username
  4. Is case sensitive

2.2 PROVIDED always that users take all necessary steps to safeguard their passwords and access codes, the security system of the Affin Banking Group will ensure to our best capacity that usage of the Internet Banking Services is always secured.

Data Privacy, Confidentiality and Integrity

3.1 To protect your privacy, confidentiality and data integrity, all information transmitted via our Internet Banking system is encrypted using 128-bit Secure Sockets Layer (SSL) protocol from VerisignTM Certificate Authority. SSL ensures that all communication between your workstation through the Internet and our Internet Banking system is encrypted and secured. In addition to utilizing this encryption standard, our Internet Banking system infrastructure is multi-layered to further deter any attempts of attack from reaching the database and other vital servers. Stretching security further, we have installed Intrusion Detection Systems that detect any suspicious access. This system is monitored round-the-clock throughout the year and an incident response procedure is in place to respond to any alarm raised.

3.2 We have also established tight security measures and guidelines pertaining to our employees handling of equipments containing customers information. Our security policy also necessitates the engagement of reputable and professional independent security consultants on a regular basis to monitor and test our systems and to ensure industry and regulatory standards are complied at all times.

Customers Responsibilities in Protection of Information

4.1 Within Affin Banking Groups jurisdiction and control, all necessary and stringent measures have been taken to protect Customers information. However, as with any other Internet enabled technologies, we cannot control the equipments or computers from which you access our Internet Banking services. Accordingly, Customers are always reminded to exercise all safety procedures when using all Internet Banking system or whenever they transact over the Internet.

The Bank shall not be responsible for fraudulent or unauthorized instructions, or any loss (including consequential loss), damage or liability whatsoever suffered and/or incurred by the Customer in the event that he/she fails to:

  1. safeguard their personal banking information such as their ID, password and TAC by disclosing it verbally or in writing to a third party or
  2. take preventive steps to update and protect their PCs and smart devices to ensure that they are malware/virus free or
  3. Password should not equal or contain username
  4. take responsible steps to change his/her passwords, check his/ her banking information and balances periodically and to keep to keep his/ her sensitive banking information and security devices secure at all times;

4.2 To instill safe computing practices by customers, our security policy provides safety awareness, security tips and security alerts on the website. As an added measure, our system also has in-built safety features such as:-

  • Automatic log-off after 3 minutes of inactivity
  • Password lockout after 3 unsuccessful attempts
  • Prevention of multiple simultaneous logons
  • Expiry of SMS TAC after 3 minutes
  • Disable SMS, USB and Web token after 3 unsuccessful TAC attempts.
  • Requirement of 2nd Authentication (TAC) for all sensitive and/or monetary transactions.

4.3 The Customer hereby consents to the processing of its personal data by the Bank.

5. Stronger Secure Authentication.

5.1 affinOnline.com complies with the latest security standard of 2-Factor Authentication as opposed to the conventional method of sole reliance on Username and Password to authenticate a user.

5.2 Customers are authenticated by the bank through their Username and Password and the bank in turn certifies its authenticity to customers by offering a secured digital certificate namely the VerisignTM SSL Certificate. In this way, customers will have a means of confirming that they are communicating with the bank's genuine website.

5.3 For 2-factor authentication, our system would require customers to further authenticate themselves for all sensitive transactions even after the successful input of the Username and Password. This is achieved by requiring the customer to obtain a dynamic 6-digit Access Code known as the Transaction Authentication Code (TAC) at the Internet Banking system itself. The TAC is then transmitted to a personalized device held physically by the genuine customer, namely the mobile phone via Short Messaging System (SMS), USB (Universal Serial Bus) and Web Token (Personal computer).

5.4 Stretching security further,

USB Token
  • Password time out is 5 minutes
  • TAC generated is only for one time usage
  • Wrong password tried is 3 attempts only
  • TAC number is displayed for 60 seconds on the screen
  • Inactivity timeout is 5 minutes, the screen will be closed
  • USB registration must be performed at Affin Bank Branches
Web Token
  • Password time out is 5 minutes
  • TAC generated is only for one time usage
  • Wrong password tried is 3 attempts only
  • TAC number is displayed for 60 seconds on the screen
  • Web Token registration is via Internet Banking
  • Primary token (USB or SMS) is required to register for a Web Token
  • Maximum of 3 Web Tokens registered for each customer.
5.5 The Bank will keep abreast of security technology development, for possible and future development to ensure that we are providing stronger and secure authentication methods for customer.
Tariff Charges insert_drive_file
Rates & Charges attach_money
Calculator phonelink_ring