THIS SECURITY ARRANGEMENT DETAILS THE PROCEDURES EMPLOYED BY CIMB BANK BERHAD (13491-P) IN SAFEGUARDING THE SECURITY AND INTEGRITY OF THE INFORMATION AND ANY TRANSACTIONS MADE VIA OUR SYSTEM AND OUR SYSTEM ITSELF.
1. Introduction
We shall at all times and to the best of our ability, endeavour to ensure that all materials, data, communications and/or information ("Information") exchanged, disclosed, shared, stored or otherwise used, or any transactions which are made via our system ("Transactions") are kept private and confidential. Further thereto, we shall comply with and adhere to the requirements of Bank Negara Malaysia pertaining to the privacy and confidentiality of the Information and Transactions as well as the need to maintain the security and integrity of our system. In pursuance of these objectives, we have set in place adequate security procedures and requirements which are designed to ensure the optimum security of the Information, Transactions and our system at all times, all of which are elaborated below.
2. Data Privacy, Confidentiality and Integrity
In order to ensure the privacy, confidentiality and integrity of the information which are exchanged, disclosed, shared, stored or otherwise used on our system and the Transactions, whether or not the same belongs or originates from you or otherwise, we have engaged the use of a combination of authentication, encryption and auditing mechanisms which serve as a powerful barrier against all forms of system penetration and abuse.
These mechanisms which are engaged above include but are not limited to the following:-
- Secure Sockets Layer (SSL) channel;
- 128-bit encryption;
- Username and password protection and authentication;
- Firewalls; and
- Account-locking,
All of which have been thoroughly tested in a series of independent security audits and have been determined, whether used separately or together, to effectively protect and safeguard against known security issues and prevent any form of tampering or theft of Information or Transactions, where applicable.
3. Authentication
For the purpose of verification of the identity of our customers, we employ in our authentication process the use of individual and distinct Usernames, PINs, Passwords and Preferred Security Question & Answer ("Access Codes"). These Access Codes will act as a key to access, inter alia, your relevant account(s), financial information and the banking facilities, products and services offered via our website at www.cimbclicks.com.my
To ensure the integrity of these Access Codes, you are advised to maintain its confidentiality by not sharing it or making it accessible to any other person and to take all reasonable endeavours to maintain its security which may include, memorising the Access Codes, changing your password regularly and signing off before visiting any other Internet sites.
Other than the use of individual and distinct Access Codes, we also employ for our business customers, the use of digital certificates for the purposes of ascertaining and authenticating their identity.
4. Non-Repudiation
Further to the rest of this Security Arrangement and for the purpose of clarification, any and all Transactions which are initiated by or originate from the customer's Access Codes shall be deemed to have been initiated or originated from the said customer and accordingly, we shall be entitled to carry out the said Transactions as if we had been duly instructed to do so by the respective customer.
We also maintain and constantly update the logs of the Transactions which record, among others, the Transactions entered into by our customers (including you) and the nature, time and date of the same, all of which serves to enable us to verify the various Transactions made and act as evidence thereof should there ever arise a dispute as to the same.
5. Access and System Design
Our system is designed and developed with the primary and utmost intention of safeguarding the security and integrity of all Information and Transactions at all times. Pursuant thereto, the system deploys a wide range of security features all of which are constantly reviewed and audited to determine their effectiveness and further updated and maintained to ensure that these security features perform at optimum standards at all times.
We also adopt a variety of monitoring and review measures upon the security and integrity of our system, which include but are not limited to:-
- Enhanced data-encryption methods;
- Anti-virus detection, prevention, and protection procedures;
- Firewall barriers; and
- 24/7 surveillance and detection,
All of which are designed and implemented to intercept and prevent any form of attack on, penetration or otherwise unauthorised access into our system and to ensure that the critical sectors of our system including the storage of the Information, the Information itself and the processing and authentication of the Transactions are, at all times, kept free from the such attack, penetration or unauthorised access ("System Security Monitors").
We shall also endeavour to conduct regular and thorough reviews or audits of our System Security Monitors, both by our internal security auditors as well as by external security experts. These reviews and audits may include but are not limited to actual penetration testing and intrusion detection on our said System Security Monitors which will enable us to determine whether there are any defects, faults, malfunctions or shortcomings (the "said defects") in the same. In the event the said defects or otherwise a breach of our system is discovered, we shall in the case of a security breach, promptly report the same to appropriate management and Bank Negara Malaysia and immediately proceed to rectify or remedy the same. For this purpose, we may be required to temporarily or indefinitely suspend all use of our system until such time when the said defects are rectified or remedied without any notice and without any liability whatsoever to you.
While we have the capabilities to ensure that the privacy, confidentiality, and integrity of the Information exchanged, disclosed, shared, stored or otherwise used and the Transactions as well as the security and integrity of our System itself are at all times, safeguarded, maintained and secure, we shall from time to time collaborate efforts with other major hardware, equipment or software vendors and manufacturers in an effort to keep abreast with the developments and improvements made to the same. Accordingly, where we believe that such developments and improvements would serve to provide enhanced security to the Information, Transactions and our System above, we shall not hesitate to implement the same for our joint benefit.