Security Statement in relation to Banking

This security statement shall, together with the Terms and Conditions of the Banking (“Online Terms”) and all other documents referred to in the Online Terms, govern the customer’s use of Banking.

Security Features

Security, privacy and confidentiality of our customers’ information is of paramount importance to us.

We are committed to protecting the customer against third party fraud by providing a secure online banking environment through the use of proven industrial security standards and practices, such as firewalls, intrusion detection, encryption, have provided for appropriate host and application controls and configurations.

All information transmitted via our website is fully encrypted from password, User ID to account / transactions details.

Primary security features and procedures that have been adopted are:

  • Latest industry approved 128-bit Secure Socket Layer (SSL) encryption
    All information transmitted via is secured and encrypted through the use of the industry’s most current and secure encryption technology, the 128-bit Secure Socket Layer (SSL) encryption technology. is a Verisign Secure Site. Verification of the domain name can be viewed by clicking on the ’lock’ icon (at the bottom right hand corner of your Internet browser) which will display VeriSign’s certification.

  • 2 types of identification process:

    • Certificates Identification and PKI technology
      Access to and authorization of transactions is protected by the use of digital certificate based on the X.509 standard, under our own security environment based on a proprietary PKI (Public Key Infrastructure) software foundation to be used in conjunction with a certificate personal identification number (PIN).

      By combining digital certificates and PKI technology, CA-CIB ensures authentication, data integrity, confidentiality and non-repudiation

    • Digipass Identification
      Access to is protected by a dual login authentication system of user id (Digipass ID) (alphanumeric & case sensitive) and a digipass personal identification number (PIN). Only by providing the system with the correct combination, will the customer be allowed access into Banking.

  • Automatic time-out/logout will automatically logout a login session should it detect inactivity after a short period of time. This is done to prevent unauthorised usage should the system be left alone or if the customer has forgotten to logout.

  • Firewalls & Intrusion detection applications
    A series of firewalls and intrusion detection applications have been incorporated into the system to constantly monitor and detect unauthorised intrusions and activities.

Security Precautions

The customer plays an important role in protecting against online fraud. The customer is responsible for safeguarding and keeping secret and confidential its account details and/or its User ID and/or Password and/or its Digipass and/or Digipass ID and/or Certificate and/or PIN (as applicable) and for ensuring that none of them are compromised in any way. In particular the customer should:-

  • ensure that it does not knowingly or accidentally disclose or allow access to or use of its User ID and/or Digipass, and/or Digipass ID, and/or Certificate, and/or PIN (as applicable) including to any other authorized Banking users of the customer;

  • destroy the original printed copy of its User ID and/or its initial PIN and Digipass ID (as applicable) received from the Bank;

  • never write down the User ID and/or Digipass ID, and/or PIN on any device for accessing Banking or on anything usually kept with or near it;

  • never write down or record the User ID and/or Digipass ID, and/or PIN (as applicable) without disguising it; and

  • change its PIN (if applicable) on a regular basis - eg every 30 days.

Customers are further reminded that it is definitely NOT our bank's policy to send emails with embedded hyperlinks to transactional websites to our customers.

We will never contact customers to ask them to validate personal information such as any User ID, PIN and/or Digipass ID and customers should never disclose sensitive information, their User ID, PIN nor Digipass ID to anyone including to any of our employees or to the police. If the customer receives such a request, they must immediately notify us by phone or email to the local support as indicated in the "List of Contact Offices" below.

When choosing a PIN (as applicable), the customer should:-

  • not to create it using easily accessible personal information such as telephone numbers or date of birth, ID numbers or a recognisable part of its name;

  • avoid using the same PIN (as applicable) for accessing other services (eg, for accessing other web sites or ATMs or phonebanking PINs) or a Password or PIN which has previously been used for Banking;

  • for Digipass users, choose a PIN (as applicable) of length of 5 digits that may be difficult for someone else to guess, and without repeating any digit more than once.


If the computer used by the customer to access Banking is likely to be shared with others, customers should exercise care in using Banking. For example, customers are advised to remove the temporary files stored in the memory or in the hard disks of the customers’ personal computers during the usage of the Banking Services, as the temporary files may contain sensitive information of the customers, i.e. account numbers.

However, sharing of computers to access Banking is not recommended and customers should NOT use the Banking Services in public places such as cyber cafes.

Do not use a computer or a device which cannot be trusted.

After customers have accessed Banking, they should not leave their computer unattended if they are in the middle of an online session.

Once customers have finished using the Banking Services, they should log-off properly and promptly from Banking to avoid leaving its computer online whilst they are not using the service.

Physical tokens such as Certificate USB Key, Certificate Smartcard, Flash Memory storing software Certificate, and Digipass should be kept in a safe place, which cannot be accessed by parties other than the authorized holder.

Do not select the browser option for storing or retaining user name and password.

If the computer has internet access via cable modems, broadband connections or similar set-ups, the file and printer sharing should be removed.

Turn off the computer when it is not in use.


Customers are strongly advised:-

  • to install suitable firewall and virus protection software on their computers, to provide protection against hackers who may try to gain access to the customer’s files and/or download viruses or keystroke loggers;

  • to download new browser security patches whenever they are available;

  • not to open e-mail attachments or access suspicious websites unless the customer knows that they are safe and from a reputable source; and

  • Delete junk or chain emails

  • not to install pirated software or software from unknown providers;

  • make regular backup of critical data;

  • consider the use of encryption technology to protect highly sensitive data;

Reporting of Actual or Suspected Security Incidents, and Transaction Irregularities / Disputes

All transactions through the Internet will have inherent risks. To minimize and to protect against such online risks, the security and safety of online banking depends on both the bank’s security systems and precautions taken by the customers.

Customers are advised to regularly check their account balances and statements to identify any unusual transactions.

The customer must call/contact the Bank’s appointed local OPTIM Officer for the relevant country immediately if it knows or suspects that:-

  • its User ID and/or PIN and/or Digipass ID (as applicable) has been disclosed to a third party or has been lost or stolen or otherwise compromised;
  • its physical token such as Certificate USB Key, and/or Certificate Smartcard, and/or Flash Memory storing software Certificate, and/or Digipass (as applicable) has been lost or stolen;
  • any unauthorised transactions may have taken place through their accounts;
  • there has been some unusual account activity or an unusual last logon time-stamp;
  • any irregularity and/or dispute in transactions.

If the customer’s contacts us via phone, followed by written confirmation with relevant details, our customer service and support staff will advise the customer on the immediate course of action to be taken. If necessary, the customer’s service access may be suspended during the investigation period in order to protect the customer’s interest.

If the customer notifies us via our e-mail channel, “Contact Us”, the Bank will provide the customer with an interim reply within 24 hours on the next working day upon receipt of the e-mail notification. Similarly, the customer’s service access may be suspended during the investigation period.

To facilitate our investigations (especially if it relates to disputed / irregular transactions), the customer is requested to provide the following information:

  • Description of error
  • Type of transaction
  • Date of transaction
  • Our transaction reference number
  • Account number
  • Amount
  • Customer name and contact number

Investigation will commence immediately upon receipt of the customer’s notification, and the Bank will revert to the customer within 7 working days on the status of the investigation. Depending on the complexity of irregularity / dispute, any investigation which requires more than 7 days to resolve will be notified to the customer accordingly.

List of Contact Offices:
China(8621) 3856 6839
France(331) 4189 0627
Hong Kong(852) 2826 5600
India(9122) 6737 1050
Japan(831) 4580 5645
Singapore(65) 6439 9780
Taiwan(8862) 2715 8581
United Arab Emirates(9714) 4376 1180 or 1181
Product Development, Asia (Hong Kong)(852) 2826 1048
Commercial Banking and Trade/Products &

Disclaimer and Important Notice Security Statement
Copyright © 2013 Crédit Agricole CIB ®. All rights reserved. Subject to Terms and Conditions.