This security statement shall, together with the OPTIM Channel Global Terms and Conditions of the OPTIM.net Banking (“Online Terms”), local Country Conditions and all other documents referred to in the Online Terms, govern the customer’s use of OPTIM.net Banking.

Security, privacy and confidentiality of our customers’ information are of paramount importance to us.

We are committed to protecting the customer against third party fraud by providing a secure online banking environment through the use of proven industrial security standards and practices, such as firewalls, intrusion detection and encryption.

All information transmitted via our website https://www.optimnet.ca-cib.com is fully encrypted from password, User ID to account / transactions details.

Main security features and procedures that have been adopted are:

• Industry approved encryption
  All information transmitted via OPTIM.net is secured and encrypted through the use of the industry’s most current and secure encryption technology.
  
  OPTIM.net is a Secure Site. Verification of the domain name can be viewed by clicking on the ’lock’ icon (at the bottom right hand corner of your Internet browser) which will display certification details of the issuing Certificate Authority.
  
  
• Digipass Identification
  Access to OPTIM.net is protected by a dual login authentication system of user id (Digipass ID) (alphanumeric & case sensitive) and a Digipass or Soft Token personal identification number (PIN). Only by providing the system with the correct combination, will the customer be allowed to access to OPTIM.net Web Banking.
  
  
• Automatic time-out/logout
  OPTIM.net will automatically logout a login session should it detect inactivity after a short period of time. This is done to prevent unauthorized usage, should the system be left alone or if the customer has forgotten to logout.
  
  
• Firewalls & Intrusion detection applications
  A series of firewalls and intrusion detection applications have been incorporated into the system to constantly monitor and detect unauthorized intrusions and activities.
  
  

The user plays an important role to fight against online fraud. He is responsible for safeguarding and keeping secret and confidential his account details and/or his User ID and/or his Digipass-Soft Token and/or Digipass-Soft Token ID and/or PIN (as applicable) and for ensuring that none of them are compromised in any way. In particular the user should:-

• ensure that he does not knowingly or accidentally disclose or allow access to his User ID and/or Digipass-Soft Token ID, and/or PIN (as applicable) including any other authorized OPTIM.net Banking users of the customer;


• destroy the original printed copy of his User ID and/or his initial PIN and Digipass-Soft Token ID (as applicable) received from the Bank;


• never write down the User ID and/or Digipass-Soft Token ID, and/or PIN on any device for accessing OPTIM.net Banking or on anything usually kept with or near it;


• never write down or record the User ID and/or Digipass-Soft Token ID, and/or PIN (as applicable) without disguising it; and


• change its PIN (if applicable) on a regular basis - eg every 30 days.

Please note that it is not CACIB policy to send emails with embedded hyperlinks to transactional websites to our customers.

We will never contact customers to ask them to validate personal information such as any User ID, PIN and/or Digipass-Soft Token ID and customers should never disclose sensitive information, their User ID, neither PIN nor Digipass-Soft Token ID to anyone including to any of our employees or to the police. If the customer receives such a request, he must immediately notify by phone or email his local OPTIM.net representative or simply send us an e-mail by clicking on "Contact Us".

When choosing a PIN (as applicable), the customer should:-

• not create it using easily accessible personal information such as telephone numbers or date of birth, ID numbers or a recognizable part of his name;


• avoid using the same PIN (as applicable) for accessing other services (eg, for accessing other web sites or ATMs or phonebanking PINs) or a Password or PIN which has previously been used for OPTIM.net Banking;


• choose a PIN (as applicable) of length of 5 digits that may be difficult for someone else to guess, and without repeating any digit more than once.

If the computer used by the customer to access OPTIM.net Banking is likely to be shared with others, users should exercise care in using OPTIM.net Banking. For example, users are advised to remove the temporary files stored in the memory or in the hard disks of the users’ personal computers during the usage of the OPTIM.net Banking Services, as the temporary files may contain sensitive information of the clients, i.e. account numbers.

However, sharing of computers to access OPTIM.net Banking is not recommended and users should NOT use the OPTIM.net Banking Services in public places such as cyber cafes.

Please do not use a computer or a device which cannot be trusted.

After users have accessed OPTIM.net Banking, they should not leave their computer unattended if they are in the middle of an online session.

Once users have finished using the OPTIM.net Banking Services, they should log-off properly and promptly from OPTIM.net Banking to avoid leaving the computer online whilst they are not using the service.

Physical tokens (Digipass) should be kept in a safe place, which cannot be accessed by parties other than the authorized holder.

Do not select the browser option for storing or retaining user name and password.

If the computer has internet access via cable modems, broadband connections or similar set-ups, the file and printer sharing should be removed.

Please turn off the computer when it is not in use.

Clients are strongly advised:-

• to install suitable firewall and virus protection software on their computers, to provide protection against hackers who may try to gain access to the user’s files and/or download viruses or keystroke loggers;


• to download new browser security patches whenever they are available;


• not to open e-mail attachments or access suspicious websites unless the user knows that they are safe and from a reputable source;


• delete junk or chain emails


• not to install pirated software or software from unknown providers;


• make regular backup of critical data;


• consider the use of encryption technology to protect highly sensitive data.

All transactions through the Internet will have inherent risks. To minimize and to protect against such online risks, the security and safety of online banking depends on both the bank’s security systems and measures taken by the clients.

Clients are advised to regularly check their account balances and statements to identify any unusual transactions.

In case of unusual transaction(s), clients must call/contact the Bank’s appointed local OPTIM.net representative or simply send us an e-mail by clicking on "Contact Us".

A Client should contact CACIB when he suspects that:

• User ID and/or Digipass-Soft Token ID or PIN code of one or several of its users has/have been disclosed to a third party or has/have been lost or stolen or otherwise compromised;
• One or several Digipass has/have been lost or stolen;
• Any unauthorized transactions may have taken place through their accounts;
• There has been some unusual account activity or an unusual last logon time-stamp;
• There are any irregularity and/or dispute in transactions.

If the user contacts us via phone, followed by written confirmation with relevant details, support staff will advise him on the immediate course of action to be taken. If necessary, the access to OPTIM.net may be suspended during the investigation period in order to protect the interest of the client.

If the user notifies us via our e-mail channel, “Contact Us”, the Bank will provide the user with an interim reply within 24 hours on the next working day upon receipt of the e-mail notification. Similarly, the client’s OPTIM.net service access may be suspended during the investigation period.

To facilitate our investigations (especially if it relates to disputed / irregular transactions), the customer is requested to provide the following information:

• Description of error
• Type of transaction
• Date of transaction
• Our transaction reference number
• Account number
• Amount
• Customer name and contact number

Investigation will commence immediately upon receipt of the client’s notification, and the Bank will revert to the client within 7 working days on the status of the investigation. Depending on the complexity of irregularity / dispute, any investigation which requires more than 7 days to resolve will be notified to the client accordingly.