Understanding that system security has always been the main concern of customers at large in the use of Internet Banking, the Affin Banking Group is committed to ensuring the security and confidentiality of our customers' information and transactions at all times.
This Security Policy spells out the system security arrangements, policies and technologies adopted by Affin Banking Group in meeting this commitment to protect our customers' information and transactions at all times.
1. Security Arrangements
It remains a permanent policy of the Affin Banking Group to protect all information and transactions that are communicated, processed and stored in the course of doing business with customers via the Internet Banking system to the best of endeavours possible.
To enforce the system security commitment, the Affin Banking Group ensures compliance to the guidelines of Bank Negara Malaysia that was drawn up specifically to protect customers in the use of Internet Banking.
Affin Banking Group ensures that Internet Banking system security infrastructure that are developed and implemented by Affin Banking Group meets or surpasses the minimum industry standards.
Affin Banking Group engages security consultants to perform independent regular periodic security assessments on our security infrastructure to detect and to immediately address any currently known high risk vulnerabilities. Affin Banking Group also engages security consultants for continuous security surveillance to detect and immediately address any abnormal activities.
Affin Banking Group ensures that all system security technologies employed are kept updated and abreast with developments in the industry and ensures its capability to address new threats. Our personnel will at all times be trained to be vigilant of any new threats that may emerge.
In the development of the Internet Banking system and user procedures, Affin Banking Group strives to achieve an optimum balance between system security and convenience. In areas where convenience or function may be deemed as high risk, Affin Banking Group will always opt for system security over convenience
It is Affin Banking Group's strict policy to NEVER request customers to provide or reveal their passwords or any access codes under whatever circumstances, for whatever reasons and through whatever means. Customers are strongly encouraged to report to Affin Banking Group of any persons, staff or persons purporting to be staff of Affin Banking Group who make such requests.
2. Username and Password Management
Our Internet Banking System requires users to select a robust password. The system will verify to ensure that the following rules are observed when selecting usernames and passwords.
PROVIDED always that users take all necessary steps to safeguard their passwords and access codes, the security system of the Affin Banking Group will ensure to our best capacity that usage of the Internet Banking Services is always secured.
Here are some tips to ensure the integrity of your username and password:
3. Data Privacy, Confidentiality and Integrity
To protect your privacy, confidentiality and data integrity, all information transmitted via our Internet Banking system is encrypted using SSL protocol authentication by GlobalSign ensures that all communication between your workstation through the Internet and our Internet Banking system application are encrypted and secured. In addition to utilizing this encryption standard, our Internet Banking system infrastructure are multi-layered to further deter any attempts of attack from reaching the database and other vital servers. Stretching security further, we have installed Intrusion Detection Systems that detect any suspicious access. This system is monitored round-the-clock throughout the year and an incident response procedure is in place to respond to any alarm raised.
We have also established tight security measures and guidelines pertaining to our employees handling of equipments containing customers information. Our security policy also necessitates the engagement of reputable and professional independent security consultants on a regular basis to monitor and test our systems and to ensure industry and regulatory standards are complied at all times.
4. Customers Responsibilities in Protection of Information
Within Affin Banking Groups jurisdiction and control, all necessary and stringent measures have been taken to protect Customer’s information. However, as with any other Internet enabled technologies, we cannot control the equipments or computers from which you access our Internet Banking services. Accordingly, Customers are always reminded to exercise all safety procedures when using all Internet Banking system or whenever they transact over the Internet.
The Bank shall not be responsible for fraudulent or unauthorized instructions, or any loss (including consequential loss), damage or liability whatsoever suffered and/or incurred by the Customer in the event that he/she fails to:
To instill safe computing practices by customers, our security policy provides safety awareness, security tips and security alerts on the website and application. As an added measure, our system also has in-built safety features such as:-
5. Stronger Secure Authentication
AffinAlways website complies with the latest security standard of 2-Factor Authentication as opposed to the conventional method of sole reliance on Username and Password to authenticate a user.
Customers are authenticated by the bank through their Username and Password and the bank in turn certifies its authenticity to customers by offering a secured digital certificate namely the VerisignTM SSL Certificate. In this way, customers will have a means of confirming that they are communicating with the bank's genuine website.
For 2nd factor authentication, our system would require customers to further authenticate themselves for all sensitive transactions even after the successful input of the Username and Password. This is achieved by requiring the customer to obtain a dynamic 6-digit Access Code known as the Transaction Authentication Code (TAC) at the Internet Banking system itself. The TAC is then transmitted to a personalized device held physically by the genuine customer, namely the mobile phone via Short Messaging System (SMS).
An addition to TAC, AffinSecure was designed as a digital security application designed to authenticate AffinAlways transactions. AffinSecure pairs your device with your AffinAlways account, offering an extra level of security by reducing your exposure to SMS TAC fraud. Effective 1 July 2023, SMS TAC authorisation for transactions of RM1,500 and above will be replaced by AffinSecure.
The Bank will keep abreast of security technology development, for possible and future development to ensure that we are providing stronger and secure authentication methods for customer
6. Updating your browser
An Internet browser allows access and the ability to navigate a myriad of information and service resources on the Internet. Most computers come with a browser already installed.
If you have queries about any e-mail from Affin Bank or are suspicious that someone may be trying to get your PIN or account information under false pretences, contact our Contact Centre hotline at 603-8230 2222 immediately.
Should you have any query, concerns or complaints in relation to this Security Policy, please reach us at:
Affin Bank Berhad,
Level 19, Menara AFFIN,
Lingkaran TRX, Tun Razak Exchange
55188 Kuala Lumpur.
There are more ways to reach us