Understanding that system security has always been the main concern of customers at large in the use of Internet Banking, the Affin Banking Group is committed to ensuring the security and confidentiality of our customers' information and transactions at all times.
This Security Policy spells out the system security arrangements, policies and technologies adopted by Affin Banking Group in meeting this commitment to protect our customers' information and transactions at all times.
It remains a permanent policy of the Affin Banking Group to protect all information and transactions that are communicated, processed and stored in the course of doing business with customers via the Internet Banking system to the best of endeavors possible.
To enforce the system security commitment, the Affin Banking Group ensures compliance to the guidelines of Bank Negara Malaysia that was drawn up specifically to protect customers in the use of Internet Banking.
Affin Banking Group ensures that Internet Banking application and system security infrastructure that are developed and implemented by Affin Banking Group meets or surpasses the minimum industry standards.
Affin Banking Group ensures that all system security technologies employed are kept updated and abreast with developments in the industry and ensures its capability to address new threats. Our personnel will at all times be trained to be vigilant of any new threats that may emerge.
In the development of the Internet Banking system and user procedures, Affin Banking Group strives to achieve an optimum balance between system security and convenience. In areas where convenience or function may be deemed as high risk, Affin Banking Group will always opt for system security over convenience.
It is Affin Banking Group's strict policy to NEVER request customers to provide or reveal their passwords or any access codes under whatever circumstances, for whatever reasons and through whatever means. Customers are strongly encouraged to report to Affin Banking Group of any persons, staff or persons purporting to be staff of Affin Banking Group who make such requests.
2.1 Our Internet Banking System requires users to select a robust password. The system will verify to ensure that the following rules are observed when selecting usernames and passwords.
2.2 PROVIDED always that users take all necessary steps to safeguard their passwords and access codes, the security system of the Affin Banking Group will ensure to our best capacity that usage of the Internet Banking Services is always secured.
3.1 To protect your privacy, confidentiality and data integrity, all information transmitted via our Internet Banking system is encrypted using 128-bit Secure Sockets Layer (SSL) protocol from VerisignTM Certificate Authority. SSL ensures that all communication between your workstation through the Internet and our Internet Banking system is encrypted and secured. In addition to utilizing this encryption standard, our Internet Banking system infrastructure is multi-layered to further deter any attempts of attack from reaching the database and other vital servers. Stretching security further, we have installed Intrusion Detection Systems that detect any suspicious access. This system is monitored round-the-clock throughout the year and an incident response procedure is in place to respond to any alarm raised.
3.2 We have also established tight security measures and guidelines pertaining to our employees handling of equipments containing customers information. Our security policy also necessitates the engagement of reputable and professional independent security consultants on a regular basis to monitor and test our systems and to ensure industry and regulatory standards are complied at all times.
4.1 Within Affin Banking Groups jurisdiction and control, all necessary and stringent measures have been taken to protect Customers information. However, as with any other Internet enabled technologies, we cannot control the equipments or computers from which you access our Internet Banking services. Accordingly, Customers are always reminded to exercise all safety procedures when using all Internet Banking system or whenever they transact over the Internet.
The Bank shall not be responsible for fraudulent or unauthorized instructions, or any loss (including consequential loss), damage or liability whatsoever suffered and/or incurred by the Customer in the event that he/she fails to:
4.2 To instill safe computing practices by customers, our security policy provides safety awareness, security tips and security alerts on the website. As an added measure, our system also has in-built safety features such as:-
4.3 The Customer hereby consents to the processing of its personal data by the Bank.
5.1 affinOnline.com complies with the latest security standard of 2-Factor Authentication as opposed to the conventional method of sole reliance on Username and Password to authenticate a user.
5.2 Customers are authenticated by the bank through their Username and Password and the bank in turn certifies its authenticity to customers by offering a secured digital certificate namely the VerisignTM SSL Certificate. In this way, customers will have a means of confirming that they are communicating with the bank's genuine website.
5.3 For 2-factor authentication, our system would require customers to further authenticate themselves for all sensitive transactions even after the successful input of the Username and Password. This is achieved by requiring the customer to obtain a dynamic 6-digit Access Code known as the Transaction Authentication Code (TAC) at the Internet Banking system itself. The TAC is then transmitted to a personalized device held physically by the genuine customer, namely the mobile phone via Short Messaging System (SMS), USB (Universal Serial Bus) and Web Token (Personal computer).
5.4 Stretching security further,