Security Policy

Understanding that system security has always been the main concern of customers at large in the use of Internet Banking, the Affin Banking Group is committed to ensuring the security and confidentiality of our customers' information and transactions at all times.

​​​​​​​This Security Policy spells out the system security arrangements, policies and technologies adopted by Affin Banking Group in meeting this commitment to protect our customers' information and transactions at all times.

1. Security Arrangements

It remains a permanent policy of the Affin Banking Group to protect all information and transactions that are communicated, processed and stored in the course of doing business with customers via the Internet Banking system to the best of endeavours possible.

To enforce the system security commitment, the Affin Banking Group ensures compliance to the guidelines of Bank Negara Malaysia that was drawn up specifically to protect customers in the use of Internet Banking.

Affin Banking Group ensures that Internet Banking system security infrastructure that are developed and implemented by Affin Banking Group meets or surpasses the minimum industry standards.

Affin Banking Group engages security consultants to perform independent regular periodic security assessments on our security infrastructure to detect and to immediately address any currently known high risk vulnerabilities. Affin Banking Group also engages security consultants for continuous security surveillance to detect and immediately address any abnormal activities.
Affin Banking Group ensures that all system security technologies employed are kept updated and abreast with developments in the industry and ensures its capability to address new threats. Our personnel will at all times be trained to be vigilant of any new threats that may emerge.

In the development of the Internet Banking system and user procedures, Affin Banking Group strives to achieve an optimum balance between system security and convenience. In areas where convenience or function may be deemed as high risk, Affin Banking Group will always opt for system security over convenience

It is Affin Banking Group's strict policy to NEVER request customers to provide or reveal their passwords or any access codes under whatever circumstances, for whatever reasons and through whatever means. Customers are strongly encouraged to report to Affin Banking Group of any persons, staff or persons purporting to be staff of Affin Banking Group who make such requests.

2. Username and Password Management

Our Internet Banking System requires users to select a robust password. The system will verify to ensure that the following rules are observed when selecting usernames and passwords.

Username Rules:

  • Minimum of 6 characters and maximum 15 characters
  • It must be unique in RIB system. There shall be no two users having the same username. 
  • Special characters (eg. # * & % $) and 'spaces' are not accepted
  • Is case sensitive

Password Rules:

  • Minimum of 8 characters and maximum 15 characters in length
  • Must contain a combination of uppercase and lowercase letter 
  • Must contain at least 1 number and 1 special character (excluding * and ` )
  • Not have 3 consecutive characters e.g. 123, abc 
  • Not equal or contain username and Security Word
  • Must not contain space 
  • Is case sensitive
  • Must not be same as previous 5 password history. 

PROVIDED always that users take all necessary steps to safeguard their passwords and access codes, the security system of the Affin Banking Group will ensure to our best capacity that usage of the Internet Banking Services is always secured.

​​​​​​​Here are some tips to ensure the integrity of your username and password:

  • Do not choose a password that others can easily guess.Minimum of 8 characters and maximum 15 characters in length
  • Do not use simple words, your name, birth date, telephone number or names listed in a standard dictionary.
  • Memorize your password and do not write it down.
  • Always ensure to use passwords or PINs when accessing an online account to protect your personal information.
  • Sharing your password or PIN with another person is the same as giving that individual authority to use your name in a transaction. It should not be disclosed even if requested by an authorised Affin Group Officer.
  • Change your password frequently. 

3. Data Privacy, Confidentiality and Integrity

To protect your privacy, confidentiality and data integrity, all information transmitted via our Internet Banking system is encrypted using SSL protocol authentication by GlobalSign  ensures that all communication between your workstation through the Internet and our Internet Banking system application are encrypted and secured. In addition to utilizing this encryption standard, our Internet Banking system infrastructure are multi-layered to further deter any attempts of attack from reaching the database and other vital servers. Stretching security further, we have installed Intrusion Detection Systems that detect any suspicious access. This system is monitored round-the-clock throughout the year and an incident response procedure is in place to respond to any alarm raised.

We have also established tight security measures and guidelines pertaining to our employees handling of equipments containing customers information. Our security policy also necessitates the engagement of reputable and professional independent security consultants on a regular basis to monitor and test our systems and to ensure industry and regulatory standards are complied at all times.

      4. Customers Responsibilities in Protection of Information

      Within Affin Banking Groups jurisdiction and control, all necessary and stringent measures have been taken to protect Customer’s information. However, as with any other Internet enabled technologies, we cannot control the equipments or computers from which you access our Internet Banking services. Accordingly, Customers are always reminded to exercise all safety procedures when using all Internet Banking system or whenever they transact over the Internet.

      The Bank shall not be responsible for fraudulent or unauthorized instructions, or any loss (including consequential loss), damage or liability whatsoever suffered and/or incurred by the Customer in the event that he/she fails to:

      • safeguard their personal banking information such as their ID, password and TAC by disclosing it verbally or in writing to a third party,
      • take preventive steps to update, protect and secure their PCs or smart devices to ensure malware and virus free.
      • Ensure his/her password to not equal or contain username 
      • take responsible steps to change his/her passwords, check his/ her banking information and balances periodically and to keep his/ her sensitive banking information and security devices secure at all times;

      To instill safe computing practices by customers, our security policy provides safety awareness, security tips and security alerts on the website and application. As an added measure, our system also has in-built safety features such as:-

      • Cooling Off Period upon successfully performed First Time Login
      • Automatic log-off after 4 minutes of inactivity 
      • Password lockout after 3 unsuccessful attempts 
      • Prevention of multiple simultaneous logons
      • Expiry of SMS TAC after 2 minutes
      • Disable of TAC/AffinSecure after 3 unsuccessful TAC attempts.
      • Requirement of 2nd  Authentication (TAC, AffinSecure and/or Card Number and PIN) for all sensitive and/or monetary transactions if reach a pre-set amount limit. 

      5. Stronger Secure Authentication

      AffinAlways website complies with the latest security standard of 2-Factor Authentication as opposed to the conventional method of sole reliance on Username and Password to authenticate a user.

      Customers are authenticated by the bank through their Username and Password and the bank in turn certifies its authenticity to customers by offering a secured digital certificate namely the VerisignTM SSL Certificate. In this way, customers will have a means of confirming that they are communicating with the bank's genuine website.

      For 2nd factor authentication, our system would require customers to further authenticate themselves for all sensitive transactions even after the successful input of the Username and Password. This is achieved by requiring the customer to obtain a dynamic 6-digit Access Code known as the Transaction Authentication Code (TAC) at the Internet Banking system itself. The TAC is then transmitted to a personalized device held physically by the genuine customer, namely the mobile phone via Short Messaging System (SMS).
      An addition to TAC, AffinSecure was designed as a digital security application designed to authenticate AffinAlways transactions. AffinSecure pairs your device with your AffinAlways account, offering an extra level of security by reducing your exposure to SMS TAC fraud. Effective 1 July 2023, SMS TAC authorisation for transactions of RM1,500 and above will be replaced by AffinSecure.
      ​​​​​​​The Bank will keep abreast of security technology development, for possible and future development to ensure that we are providing stronger and secure authentication methods for customer

        6. Updating your browser

        An Internet browser allows access and the ability to navigate a myriad of information and service resources on the Internet. Most computers come with a browser already installed.

        • Always update your browser when new versions are released because they often include new security features.
        • Check your browser and device built-in safety features that you may or may not elect to use.
        • Do not install unnecessary extensions or plugins to the web browser. 
        • Regularly clear all the cache, cookies and temporary files from the browser history in website.
        • It is a good practice to always check the site certificate before login.

        If you have queries about any e-mail from Affin Bank or are suspicious that someone may be trying to get your PIN or account information under false pretences, contact our Contact Centre hotline at 603-8230 2222 immediately.

        ​​​​​​​Should you have any query, concerns or complaints in relation to this Security Policy, please reach us at: 

        Affin Bank Berhad,
        Level 19, Menara AFFIN,
        Lingkaran TRX, Tun Razak Exchange
        55188 Kuala Lumpur.

        How to reach us?

        There are more ways to reach us