Terms and Conditions

Internet Banking Security

What security measures has CIMB put in place?
Security for communications and transactions over the internet is important for both CIMB and our customers, and we'd like to let you know that the Internet Banking security system has been selected by us following extensive research. 
We see the Internet as a strategic channel that is both economically viable and secure.  It allows us to reduce costs and circumvent technological constraints that may prevent traditional channels from being available in so many locations.

While the Internet is generally an unsecure network, it may be made secure through the implementation of process controls and infrastructure components.  CIMB takes the threat of unauthorized penetration of our internal systems very seriously, and we dedicate a large amount of risk analysis effort and security resources to counter such threats.
In addition to our sophisticated cryptographic implementation, robust firewall technology is employed to help to protect CIMB 's internal systems and customer's information against intrusion from the internet.

While we endeavor to provide a secure Internet Banking system, you will need to take responsibility for your own computer anti-virus measures and security procedures to prevent unauthorized use of and access to our Internet Banking service and to protect your personal information and bank accounts.
From the customer's perspective, however, you are responsible for protecting your login information, and to take all necessary precautions to prevent unauthorized use of your Grid card / Token.  This involves ensuring that your login information is not stored on the hard disk of your computer, a diskette, or any other insecure device and that the Grid card is not left lying around your workstation.
We would also recommend that you ensure that you have adequate protection in terms of firewalls, etc. installed at your office to protect against any unauthorized access to your network.

How can I make sure that only I can access my accounts?
You must enter your own User name, master and confidential Internet Banking Password every time you access the system. You must ensure that your password/Grid is known ONLY to you.  You should change your password regularly and ensure that it is a combination of letters, Special character and numbers, and difficult for people to guess.
Be aware of hoax and scam emails. It is recommended that you do not open or action these. Never disclose your personal financial information or Internet Banking password to anyone.

What is 128bit SSL encryption and how does it protect our clients' information?
The 128bit SSL (Secure Socket Layer) encryption is a secure communication protocol that encrypts client information during transmission over the Internet.  It is one of the strongest encryption technologies available today, providing server authentication, and ensuring that all data transferred over the Internet is encrypted to protect against it being disclosed to eavesdroppers.  It also ensures that any attempt by hackers to tamper with the information will be detected.

Do you have second factor authentication [2FA] for Internet Banking?
Our Grid Card / Token is unique card / calculating device that provides an extra layer of security for Internet Banking. It is a device that works in conjunction with your existing Internet Banking user name and Password to ensure that you, and only you, can access your account details online.

What about email scams and viruses?
There have been numerous email scams and viruses reported in the media.  Some examples include:

  • Virus attachments with file extensions such as .pif or .hta eg: yourinfo.pif

  • Emails purporting to be from financial institutions or well-known companies asking people to go to a website using a link within the email and enter personal information

  • Too good to be true offers such as business opportunities or free holidays in, or from obscure countries or companies

The perpetrators of these scams and fraudulent emails use viruses to capture any of your of keystrokes including personal log on ids and passwords used on any type of secure website, not just internet banking sites.
We strongly recommend that you do not respond to, or follow any of the instructions within these types of emails.  Do not open any attachments or follow any links.

To ensure you are visiting the CIMB ’s website:

  • always visit CIMB ’s website and Internet Banking by typing the correct site address into the address bar, or by using your bookmarks or favorites

  • make sure the padlock symbol, indicating a secure environment, appears at the bottom of the browser, or look for an ‘s’ after the http in the web address

To help prevent email scams and viruses:

  • Install anti-virus software  on your computer, and update the software’s virus definitions frequently

  • Install a personal firewall on your computer

  • Be cautious when using a computer in public places such as Cyber/ Internet cafes. Do not leave the screen idle for long periods or leave the computer unattended at any time, particularly when using internet banking services

What should I do if I receive a suspicious email?
If you have received a suspicious email, or an email from an unknown source, we recommend that you do not follow any instructions within the email, and that you delete it.
If you have responded to a suspicious email including following any of the instructions such as opening an attachment or following a link within the website, it is recommended that you use anti-virus software to scan the hard drive of your computer for any viruses, and then following the instructions, remove the virus. If you do not have anti-virus software, it is recommended that you purchase and install anti-virus software on your computer. Additionally, you should carefully check your transaction history or statements to ensure that there are no transactions that you have not initiated.
If you have any concerns about your Oceanin Bank accounts or you suspect you have responded to a fraudulent email, please call our Contact Centre or your Account / Relationship manager

What can I do to maximize security?

  • Read our Security document and Terms and Conditions and adhere to recommendations set out in Technical Requirements

  • Always visit Oceanic bank’s website and Internet Banking by typing the correct site address into the address bar

  • Keep your Grid Card / Token; a unique card that provides additional security safe

  • Never leave your computer unattended while logged on to Internet Banking

  • Always log out of Internet Banking when you have finished your banking session, and ensure you click OK to confirm you wish to exit Internet Banking

  • Never disclose your password

  • Don't use your date of birth, telephone number, address, your name or the name of a friend, relative or pet in your password

  • Use a combination of letters, special character and numbers in your password, and ensure that it is difficult for people to guess

  • Change your password regularly, at least once every two months is recommended 

  • Don't use a password you use for anything else (e.g. your email account)

  • Ensure that you use Virus Detection Software to protect your computer from Trojan viruses

  • Install anti-virus software on your computer, and update the software’s virus definitions frequently

  • Install a personal firewall on your computer

  • If using a family computer at home, ensure that members of your family who use the computer regularly keep the anti-virus software definitions up to date, and do not act on any suspicious looking emails

  • Be cautious when using a computer in public places such as Internet cafes. Check that their anti-virus software and firewalls are up to date. Do not leave the screen idle for long periods or leave the computer unattended at any time, particularly when using internet banking services