This security statement shall, together with the Terms and Conditions of the OPTIM.net Banking (“Online Terms”) and all other documents referred to in the Online Terms, govern the customer’s use of OPTIM.net Banking.

Security, privacy and confidentiality of our customers’ information is of paramount importance to us.

We are committed to protecting the customer against third party fraud by providing a secure online banking environment through the use of proven industrial security standards and practices, such as firewalls, intrusion detection, encryption, have provided for appropriate host and application controls and configurations.

All information transmitted via our website https://www.optimnet.ca-cib.com is fully encrypted from password, User ID to account / transactions details.

Primary security features and procedures that have been adopted are:

• Latest industry approved 128-bit Secure Socket Layer (SSL) encryption
  All information transmitted via OPTIM.net is secured and encrypted through the use of the industry’s most current and secure encryption technology, the 128-bit Secure Socket Layer (SSL) encryption technology.
  
  OPTIM.net is a Verisign Secure Site. Verification of the domain name can be viewed by clicking on the ’lock’ icon (at the bottom right hand corner of your Internet browser) which will display VeriSign’s certification.
  
  
• 2 types of identification process:
  
  
  • Certificates Identification and PKI technology
    Access to OPTIM.net and authorization of transactions is protected by the use of digital certificate based on the X.509 standard, under our own security environment based on a proprietary PKI (Public Key Infrastructure) software foundation to be used in conjunction with a certificate personal identification number (PIN).
    
    By combining digital certificates and PKI technology, CA-CIB ensures authentication, data integrity, confidentiality and non-repudiation
    
    
  • Digipass Identification
    Access to OPTIM.net is protected by a dual login authentication system of user id (Digipass ID) (alphanumeric & case sensitive) and a digipass personal identification number (PIN). Only by providing the system with the correct combination, will the customer be allowed access into OPTIM.net Banking.
    
    
• Automatic time-out/logout
  OPTIM.net will automatically logout a login session should it detect inactivity after a short period of time. This is done to prevent unauthorised usage should the system be left alone or if the customer has forgotten to logout.
  
  
• Firewalls & Intrusion detection applications
  A series of firewalls and intrusion detection applications have been incorporated into the system to constantly monitor and detect unauthorised intrusions and activities.
  
  

The customer plays an important role in protecting against online fraud. The customer is responsible for safeguarding and keeping secret and confidential its account details and/or its User ID and/or Password and/or its Digipass and/or Digipass ID and/or Certificate and/or PIN (as applicable) and for ensuring that none of them are compromised in any way. In particular the customer should:-

• ensure that it does not knowingly or accidentally disclose or allow access to or use of its User ID and/or Digipass, and/or Digipass ID, and/or Certificate, and/or PIN (as applicable) including to any other authorized OPTIM.net Banking users of the customer;


• destroy the original printed copy of its User ID and/or its initial PIN and Digipass ID (as applicable) received from the Bank;


• never write down the User ID and/or Digipass ID, and/or PIN on any device for accessing OPTIM.net Banking or on anything usually kept with or near it;


• never write down or record the User ID and/or Digipass ID, and/or PIN (as applicable) without disguising it; and


• change its PIN (if applicable) on a regular basis - eg every 30 days.

Customers are further reminded that it is definitely NOT our bank's policy to send emails with embedded hyperlinks to transactional websites to our customers.

We will never contact customers to ask them to validate personal information such as any User ID, PIN and/or Digipass ID and customers should never disclose sensitive information, their User ID, PIN nor Digipass ID to anyone including to any of our employees or to the police. If the customer receives such a request, they must immediately notify us by phone or email to the local OPTIM.net support as indicated in the "List of Contact Offices" below.

When choosing a PIN (as applicable), the customer should:-

• not to create it using easily accessible personal information such as telephone numbers or date of birth, ID numbers or a recognisable part of its name;


• avoid using the same PIN (as applicable) for accessing other services (eg, for accessing other web sites or ATMs or phonebanking PINs) or a Password or PIN which has previously been used for OPTIM.net Banking;


• for Digipass users, choose a PIN (as applicable) of length of 5 digits that may be difficult for someone else to guess, and without repeating any digit more than once.

If the computer used by the customer to access OPTIM.net Banking is likely to be shared with others, customers should exercise care in using OPTIM.net Banking. For example, customers are advised to remove the temporary files stored in the memory or in the hard disks of the customers’ personal computers during the usage of the OPTIM.net Banking Services, as the temporary files may contain sensitive information of the customers, i.e. account numbers.

However, sharing of computers to access OPTIM.net Banking is not recommended and customers should NOT use the OPTIM.net Banking Services in public places such as cyber cafes.

Do not use a computer or a device which cannot be trusted.

After customers have accessed OPTIM.net Banking, they should not leave their computer unattended if they are in the middle of an online session.

Once customers have finished using the OPTIM.net Banking Services, they should log-off properly and promptly from OPTIM.net Banking to avoid leaving its computer online whilst they are not using the service.

Physical tokens such as Certificate USB Key, Certificate Smartcard, Flash Memory storing software Certificate, and Digipass should be kept in a safe place, which cannot be accessed by parties other than the authorized holder.

Do not select the browser option for storing or retaining user name and password.

If the computer has internet access via cable modems, broadband connections or similar set-ups, the file and printer sharing should be removed.

Turn off the computer when it is not in use.

Customers are strongly advised:-

• to install suitable firewall and virus protection software on their computers, to provide protection against hackers who may try to gain access to the customer’s files and/or download viruses or keystroke loggers;


• to download new browser security patches whenever they are available;


• not to open e-mail attachments or access suspicious websites unless the customer knows that they are safe and from a reputable source; and


• Delete junk or chain emails


• not to install pirated software or software from unknown providers;


• make regular backup of critical data;


• consider the use of encryption technology to protect highly sensitive data;

All transactions through the Internet will have inherent risks. To minimize and to protect against such online risks, the security and safety of online banking depends on both the bank’s security systems and precautions taken by the customers.

Customers are advised to regularly check their account balances and statements to identify any unusual transactions.

The customer must call/contact the Bank’s appointed local OPTIM Officer for the relevant country immediately if it knows or suspects that:-

• its User ID and/or PIN and/or Digipass ID (as applicable) has been disclosed to a third party or has been lost or stolen or otherwise compromised;
• its physical token such as Certificate USB Key, and/or Certificate Smartcard, and/or Flash Memory storing software Certificate, and/or Digipass (as applicable) has been lost or stolen;
• any unauthorised transactions may have taken place through their accounts;
• there has been some unusual account activity or an unusual last logon time-stamp;
• any irregularity and/or dispute in transactions.

If the customer’s contacts us via phone, followed by written confirmation with relevant details, our customer service and support staff will advise the customer on the immediate course of action to be taken. If necessary, the customer’s OPTIM.net service access may be suspended during the investigation period in order to protect the customer’s interest.

If the customer notifies us via our e-mail channel, “Contact Us”, the Bank will provide the customer with an interim reply within 24 hours on the next working day upon receipt of the e-mail notification. Similarly, the customer’s OPTIM.net service access may be suspended during the investigation period.

To facilitate our investigations (especially if it relates to disputed / irregular transactions), the customer is requested to provide the following information:

• Description of error
• Type of transaction
• Date of transaction
• Our transaction reference number
• Account number
• Amount
• Customer name and contact number

Investigation will commence immediately upon receipt of the customer’s notification, and the Bank will revert to the customer within 7 working days on the status of the investigation. Depending on the complexity of irregularity / dispute, any investigation which requires more than 7 days to resolve will be notified to the customer accordingly.