You are in :
AccountServices@CIMB |  Payments@CIMB |  Collections@CIMB |  LiquidityManagement@CIMB |  Delivery Channels

Security Arrangement
We shall, at all times and to the best of our ability, endeavour to ensure that all materials, data, communications and/or information ("Information") exchanged, disclosed, shared, stored or otherwise used, or any transactions which are made via our system ("Transactions") are kept private and confidential. Further thereto, we shall comply with and adhere to the requirements of Bank Negara Malaysia pertaining to the privacy and confidentiality of the Information and Transactions as well as the need to maintain the security and integrity of our system. In pursuance of these objectives, we have set in place adequate security procedures and requirements which are designed to ensure the optimum security of the Information, Transactions and our system at all times, all of which are elaborated below.
2.Data Privacy, Confidentiality and Integrity
In order to ensure the privacy, confidentiality and integrity of the Information which are exchanged, disclosed, shared, stored or otherwise used on our system and the Transactions, whether or not the same belongs to or originates from you or otherwise, we have engaged the use of a combination of authentication, encryption and auditing mechanisms which serve as a powerful barrier against all forms of system penetration and abuse.
These mechanisms which are engaged above include but are not limited to the following:-
1. Secure Socket Layer (SSL) channel;
2. 128-bit encryption;
3. Username and password protection and authentication;
4. Firewalls; and
5. Account-locking,

all of which have been thoroughly tested in a series of independent security audits and have been determined, whether used separately or together, to effectively protect and safeguard against known security issues and prevent any form of tampering or theft of Information or Transactions, where applicable.

For the purpose of verification of the identity of our customers, we employ in our authentication process, the use of a digital certificate from a licensed certification authority (licensed under the Digital Signature Act 1997) and passwords, amongst others. This digital certificate in the form of a USB security device will enable access, inter alia, to your relevant account(s), financial information and the banking facilities, products and services offered via our website at

To ensure the integrity of the authentication of the digital certificate, you are advised to maintain its confidentiality by not sharing it or making it accessible to any other person and to take all reasonable endeavours to maintain its security which may include, memorising the password, changing your password regularly and signing off before visiting any other Internet sites.

Further to the rest of this Security Arrangement and for the purpose of clarification, any and/or all Transactions which are initiated by or originated from the customer's digital certificate shall be deemed to have been initiated or originated from the said customer and accordingly, we shall be entitled to carry out the said Transactions as if we had been duly instructed to do so by the respective customer.
We also maintain and constantly update the logs of the Transactions which record, among others, the Transactions entered into by our customers (including you) and the nature, time and date of the same, all of which serves to enable us to verify the various Transactions made and act as evidence thereof should there ever arise a dispute as to the same.

5.Access and System Design
Our system is designed and developed with the primary and utmost intention of safeguarding the security and integrity of all Information and Transactions at all times. Pursuant thereto, the system deploys a wide range of security features, all of which are constantly reviewed and audited to determine their effectiveness and further updated and maintained to ensure that these security features perform at optimum standards at all times.
We also adopt a variety of monitoring and review measures upon the security and integrity of our system, which include but are not limited to:-
1. Enhanced data-encryption methods;
2. Anti-virus detection, prevention and protection procedures;
3. Firewall barriers; and
4. 24/7 surveillance and detection,
all of which are designed and implemented to intercept and prevent any form of attack on, penetration or otherwise unauthorised access into our system and to ensure that the critical sectors of our system including the storage of the Information, the Information itself and the processing and authentication of the Transactions are, at all times, kept free from such attacks, penetration or unauthorised access ("System Security Monitors").
We shall also endeavour to conduct regular and thorough reviews or audits of our System Security Monitors, both by our internal security auditors as well as by external security experts. These reviews and audits may include but are not limited to actual penetration testing and intrusion detection on our said System Security Monitors which will enable us to determine whether there are any defects, faults, malfunctions or shortcomings (the "said defects") in the same. In the event the said defects or otherwise a breach of our system is discovered, we shall in the case of a security breach, promptly report the same to appropriate management and Bank Negara Malaysia and immediately proceed to rectify or remedy the same. For this purpose, we may be required to temporarily or indefinitely suspend all use of our system until such time when the said defects are rectified or remedied without any notice and without any liability whatsoever to you.
While we have the capabilities to ensure that the privacy, confidentiality and integrity of the Information exchanged, disclosed, shared, stored or otherwise used and the Transactions as well as the security and integrity of our system itself are at all times, safeguarded, maintained and secure, we shall, from time to time, collaborate efforts with other major hardware, equipment or software vendors and manufacturers in an effort to keep abreast with the developments and improvements made to the same. Accordingly, where we believe that such developments and improvements would serve to provide enhanced security to the Information, Transactions and our system above, we shall not hesitate to implement the same for our joint benefit.
Web Trust

The website is WebTrust certified. The WebTrust Seal of Assurance (“the Web Trust Seal”) tells customers that an independent certified public accountant has evaluated CIMB Bank's business practices and controls and determined that they are in conformity with WebTrust Principles and Criteria for Security and Privacy.

The Seal verifies that a report has been issued indicating that such principles are being followed in conformity with the WebTrust Criteria. CIMB Bank's management have made representations that
CIMB Bank discloses key security arrangements, complies with such security arrangements and maintains effective controls to provide reasonable assurance that access to its systems for its website for electronic banking, namely, is restricted only to authorised individuals in conformity with this Security Arrangement.
CIMB Bank discloses its privacy policy, complies with such privacy policy, and maintains effective controls to provide reasonable assurance that personally identifiable information collected in is protected in conformity with its PRIVACY POLICY.

Please click on the WebTrust Seal for further details of the WebTrust certification and CIMB Bank's management’s assertions.

Join Us On