This security statement shall, together with the OPTIM Channel Global Terms and Conditions of the OPTIM.net Banking (“Online Terms”), local Country Conditions and all other documents referred to in the Online Terms, govern the customer’s use of OPTIM.net Banking.

Security, privacy and confidentiality of our customers’ information are of paramount importance to us.

We are committed to protecting the customer against third party fraud by providing a secure online banking environment through the use of proven industrial security standards and practices, such as firewalls, intrusion detection mechanisms and encryption.

All information transmitted via our website https://www.optimnet.ca-cib.com is fully encrypted from password, User ID to account / transactions details.

Main security features and procedures that have been adopted are:

• Industry approved encryption
  All information transmitted via OPTIM.net is secured and encrypted through the use of the industry’s most current and secure encryption technology.
  
  OPTIM.net is a Secure Site. Verification of the domain name can be viewed by clicking on the ’lock’ icon which will display certification details of the issuing Certificate Authority.
  
  
• Digipass Identification
  Access to OPTIM.net is protected by a dual login authentication system of user id (Digipass ID) (alphanumeric & case sensitive) and a Digipass or Soft Token personal identification number (PIN). Only by providing the system with the correct combination, will the customer be allowed to access to OPTIM.net Web Banking.
  
  
• Automatic time-out/logout
  OPTIM.net will automatically logout a login session should it detect inactivity after a short period of time. This is done to prevent unauthorized usage, should the system be left alone or if the customer has forgotten to logout.
  
  
• Firewalls & Intrusion detection systems
  Layers of firewalls and intrusion detection devices have been incorporated into the architecture to constantly monitor and detect unauthorized intrusions and activities.
  
  

The user plays an important role to fight against online fraud. He is responsible for safeguarding and keeping secret and confidential his account details and/or his User ID and/or his Digipass-Soft Token and/or Digipass-Soft Token ID and/or PIN (as applicable) and for ensuring that none of them are compromised in any way. In particular the user should:

• ensure that he does not knowingly or accidentally disclose or allow access to his User ID and/or Digipass-Soft Token ID, and/or PIN (as applicable) including any other authorized OPTIM.net Banking users of the customer;


• destroy the original printed copy of his User ID and/or his initial PIN and Digipass-Soft Token ID (as applicable) received from the Bank;


• never write down the User ID and/or Digipass-Soft Token ID, and/or PIN on any device for accessing OPTIM.net Banking or on anything usually kept with or near it;


• never write down or record the User ID and/or Digipass-Soft Token ID, and/or PIN (as applicable) without disguising it; and


• change its PIN (if applicable) on a regular basis - eg every 30 days.

We will never contact customers to ask them to validate personal information such as any User ID, PIN and/or Digipass-Soft Token ID and customers should never disclose sensitive information, their User ID, neither PIN nor Digipass-Soft Token ID to anyone including to any of our employees or to the police. If the customer receives such a request, he must immediately notify by phone or email his local OPTIM.net representative or simply send us an e-mail by clicking on "Contact Us".

When choosing a PIN (as applicable), the customer should:

• not create it using easily accessible personal information such as telephone numbers or date of birth, ID numbers or a recognizable part of his name;


• avoid using the same PIN (as applicable) for accessing other services (eg, for accessing other web sites or ATMs or phone banking PINs) or a Password or PIN which has previously been used for OPTIM.net Banking;


• choose a PIN (as applicable) of length of 5 digits that may be difficult for someone else to guess, and without repeating any digit more than once.

To guarantee the best level of security, user accounts that have not logged in at all on OPTIM.net for a certain period of time may be blocked and/or deleted.

If the computer used by the customer to access OPTIM.net Banking is likely to be shared with others, users should exercise care in using OPTIM.net Banking. For example, users are advised to remove the temporary files stored in the memory or in the hard disks of the users’ personal computers during the usage of the OPTIM.net Banking Services, as the temporary files may contain sensitive information of the clients, i.e. account numbers.

However, sharing of computers to access OPTIM.net Banking is not recommended and users should NOT use the OPTIM.net Banking Services in public places such as cyber cafes.

Please do not use a computer or a device which cannot be trusted.

After users have accessed OPTIM.net Banking, they should not leave their computer unattended if they are in the middle of an online session.

Once users have finished using the OPTIM.net Banking Services, they should log-off properly and promptly from OPTIM.net Banking to avoid leaving the computer online whilst they are not using the service.

Physical tokens (Digipass) should be kept in a safe place, which cannot be accessed by parties other than the authorized holder.

Do not select the browser option for storing or retaining user name and password.

If the computer has internet access via cable modems, broadband connections or similar set-ups, the file and printer sharing should be removed.

Please turn off the computer when it is not in use.

Clients are strongly advised:

• to install suitable firewall and virus protection software on their computers, to provide protection against hackers who may try to gain access to the user’s files and/or download viruses or keystroke loggers;


• to keep their Operating System up to date with the latest version or security patches


• to download new browser security patches whenever they are available, and to update to the latest version whenever possible;


• not to open e-mail attachments or access suspicious websites unless the user knows that they are safe and from a reputable source;


• delete junk or chain emails


• not to install pirated software or software from unknown providers;


• make regular backup of critical data;


• consider the use of encryption technology to protect highly sensitive data.

All transactions through the Internet will have inherent risks. To minimize and to protect against such online risks, the security and safety of online banking depends on both the bank’s security systems and measures taken by the clients.

Clients are advised to regularly check their account balances and statements to identify any unusual transactions.

In case of unusual transaction(s), clients must call/contact the Bank’s appointed local OPTIM.net representative or simply send us an e-mail by clicking on "Contact Us".

A Client should contact CACIB when he suspects that:

• User ID and/or Digipass-Soft Token ID or PIN code of one or several of its users has/have been disclosed to a third party or has/have been lost or stolen or otherwise compromised;
• One or several Digipass has/have been lost or stolen;
• Any unauthorized transactions may have taken place through their accounts;
• There has been some unusual account activity or an unusual last logon time-stamp;
• There are any irregularity and/or dispute in transactions.

If the user contacts us via phone, followed by written confirmation with relevant details, support staff will advise him on the immediate course of action to be taken. If necessary, the access to OPTIM.net may be suspended during the investigation period in order to protect the interest of the client.

If the user notifies us via our e-mail channel, “Contact Us”, the Bank will provide the user with an interim reply within 24 hours on the next working day upon receipt of the e-mail notification. Similarly, the client’s OPTIM.net service access may be suspended during the investigation period.

To facilitate our investigations (especially if it relates to disputed / irregular transactions), the customer is requested to provide the following information:

• Description of error
• Type of transaction
• Date of transaction
• Our transaction reference number
• Account number
• Amount
• Customer name and contact number

Investigation will begin immediately upon receipt of the client’s notification, and the Bank will revert to the client within 7 working days on the status of the investigation. Depending on the complexity of irregularity / dispute, any investigation which requires more than 7 days to resolve will be notified to the client accordingly.

Numerous suspected Trojan Horse attack cases related to business/corporate Internet banking offered by banks have been detected in the recent years, as well as countless phishing attempts of different kind targeting users or corporates. In order to help customers to detect and prevent such attacks, please see the below security tips for your reference:

• During the Internet banking logon process, the bank will not ask customers to enter any numbers displayed on the web into the security code.
• Customers should continue to take precautionary measures to keep their computers safe to guard against Trojan Horse attacks, including:
• Install personal firewall and anti-virus software in their personal computers and keep them up-to-date.
• Be very cautious about opening attachments in e-mails from unfamiliar sources, and avoid visiting or downloading software from suspicious websites.
• Never access the Internet banking accounts through hyperlinks embedded in emails, Internet search engines, suspicious pop-up windows or any other doubtful channels.
• Customers should connect to a bank website through typing the authentic website address in the address bar of the browser or by bookmarking the genuine website and using that for subsequent access.
• If customers find the website of the bank suspicious, they should not enter any information (including user ID, password and OTP) to the website and should report to the bank immediately.
• If any unusual screens pop up and/or the computer responds unusually slowly, customers are advised to log out from Internet banking and scan the computer with the most updated version of virus protection software.
• Don’t disclose any personal information to any person through any means.
• Review the transaction records regularly and report to the bank immediately if any suspicious transactions in the bank accounts are identified.
• Follow the Internet banking logon instructions and security tips published by the Bank when conducting Internet banking transactions.
• Be vigilant against phishing attempts. Always carefully check if the sender of an email is legitimate, and be aware that a real address may also be spoofed in some cases (ex: when the attacker does not expect a reply to the email but simply wants the target to open a trapped attachment, or have the target follow a hyperlink to a fake site)
• Do not open dubious messages from unknown senders,
• Do not open attachments they may contain,
• Do not activate macro-commands contained in external email attachments by default,
• Do not follow dubious links contained in such emails.