Collection of Personal Information
Security Bank shall only collect personal information which is voluntarily submitted by our website visitors.
If you connect to Security Bank using Facebook, or another social media site, we will receive information that you authorize the Social Media Site to share with us. Any information that we collect from your Social Media Site account may depend on the privacy settings you have set with the Social Media Site.
All explicit information provided is secure. We safeguard information according to established security standards and procedures and will not share your information to third parties without your consent.
Collection of Information by Automated Means
When you use Security Bank’s website, your device and browser automatically provides information to us so that we are able to track and serve relevant content to you.
E-Mail and Inquiry
Inquiries sent through our website pages will be transmitted and stored in a safe environment. Since e-mail is not entirely secure, we will not include confidential account information in the response. If we need confidential information from you, a customer service representative will contact you. You may also contact us by phone, mail or by visiting the branch nearest to you. Check if the domain is from securitybank.com (e.g. firstname.lastname@example.org). Make sure that it is not misspelled as some hackers take advantage of this vulnerability.
We will never ask for passwords, credit card numbers, or other personal information in an e-mail. If you do receive an e-mail requesting for this kind of information, don’t reply. If you think the e-mail is legitimate, contact us by phone, mail or visit our nearest branch to confirm.
Visit www.securitybank.com by typing the URL into your address bar
Don’t use the links in an email if you suspect the message might not be legitimate. Instead, call us on the telephone, or log onto the website directly by typing in the Web address in your browser. Those links may take you to a spoofed site that might send all the information you enter to the scam artist who created the site. Even if the address bar displays the correct address, don’t risk being fooled. There are several ways for hackers to display a fake URL in the address bar on your browser.
Regularly check your bank statements
If you check your bank statement regularly, you may be able to stop a scam artist and thwart them before they can cause major damage.
If you feel you have been a victim of fraud, inform us at email@example.com , or immediately call our Customer Help Desk at telephone number 88-791-88. For phishing concerns, please contact: firstname.lastname@example.org
This notice is being issued to support the intentions of Bangko Sentral ng Pilipinas (BSP) Circular No. 542, which is to provide consumer protection applicable to e-banking products and services of Security Bank.
Although the following are focused on the risks and risk management techniques associated with an electronic delivery channel to protect customers and the general public, it should be understood, however, that not all of the consumer protection issued that have arisen in connection with new technologies has been specifically addressed. Additional policies, guidelines or procedures may be issued in the future to address other aspects of consumer protection as the financial service environment through electronic banking evolves.
1. E-Banking Oversight Function
a.) Security Bank’s Board of Directors and senior management committee are responsible for developing the Bank’s e-banking business strategy and establishing an effective management oversight over e-banking services, encompassing the review and approval of the key aspects of the Bank’s security control program and process, such as the development and maintenance of security control policies and infrastructure that properly safeguard e-banking systems and data from both internal and external threats. It also includes a comprehensive process for managing risks associated with increased complexity of and increasing reliance on outsourcing relationships and third party dependencies to perform critical e-banking functions.
The Bank’s Board of Directors and banks’ senior management shall take necessary steps to ensure that Security Bank has updated and modified where necessary, its existing risk management policies and processes to cover current or planned e-banking services.
b.) Security Bank’s Compliance Officer shall ensure that proper controls are incorporated into the system so that all relevant compliance issues are fully addressed.
Management and system designers are tasked to consult with the Compliance Officer during the development and implementation stages of e-banking products and services. This level of involvement will help decrease the Bank’s compliance risk and may prevent the need to delay deployment or redesign programs that do not meet regulatory requirements.
2. E-Banking Risk Management and Internal Control
a.) Information Security Program
Security Bank, through its Information Technology Group, shall encourage the development of a security culture within the organization. Security Bank shall establish and maintain comprehensive information security program and ensure that this is properly implemented and strictly enforced. The information security program should include, at a minimum, the following:
Security Bank shall perform the appropriate adjustment or update to its information security program in light of any relevant changes in technology, the sensitivity of its customer information and internal or external threats to information.
b.) Information Security Measures
Security Bank shall ensure that information security measures and internal controls related to electronic banking are installed, regularly updated, monitored and are appropriate with the risks associated with its products and services.
(Please refer to Appendix A and Appendix B for the minimum security measures that Security Bank shall employ in its ATM facilities and internet/mobile banking activities, respectively, to protect depositors and consumers from fraud, robbery and other e-banking crimes)
Security Bank shall also take into account other relevant industry security standards and sound practices as appropriate, and keep up with the most current information security issues (e.g., security weaknesses of the wireless environment), by sourcing information from well-known security resources and organizations.
To authenticate the identity of e-banking customers, Security Bank shall employ techniques appropriate to the risks associated with its products and services. The implementation of appropriate authentication methodologies should start with a risk assessment process. The risk should be evaluated based on the type of customer; the customer transactional capabilities (e.g., bill payment, fund transfer, inquiry); the sensitivity of customer information and transaction being communicated to both the Bank and the customer; the ease of using the communication method; and the volume of transactions.
Because the standards for implementing a commercially reasonable system may change over time as technology and other procedures develop, Security Bank and its technology service providers shall continuously review, evaluate and identify authentication technology and ensure appropriate changes are implemented for each transaction type and level of access based on the current and changing risk factors.
Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation. Where risk assessments indicate that the use of single-factor authentication is inadequate, Security Bank shall implement multifactor authentication (e.g., ATM card and PIN), layered security, or other controls reasonably calculated to mitigate those risks.
Security Bank’s authentication process shall be consistent with and support overall security and risk management programs. An effective authentication process shall have customer acceptance, reliable performance, scalability to accommodate growth, and interoperability with existing systems and future plans as well as appropriate policies, procedures, and controls.
d.) Account Origination and Customer Verification
With the growth in e-banking and e-commerce, Security Bank shall use reliable methods of originating new customer accounts. Potentially significant risks may arise when a Bank accepts new customers through the internet or other electronic channels. Thus, in an electronic banking environment, Security Bank shall ensure that in originating new accounts, the Know-Your-Clients (KYC) requirement which involves “face-to-face” process is strictly adhered to.
e.) Monitoring and Reporting of E-banking Transactions
Monitoring systems can determine if unauthorized access to computer systems and customer accounts has occurred. Security Bank shall ensure that a sound monitoring system is in-place and that such system includes audit features that can assist in the detection of fraud, money laundering, compromised passwords, or other unauthorized activities.
Security Bank shall be responsible for activation and maintenance of audit logs that can help the Bank identify unauthorized activities, detect intrusions, reconstruct events, and promote employee and user accountability. This control process can also facilitate Security Bank in the submission of suspicious activities reports as required by the Anti-Money Laundering Council (AMLC) and other regulatory bodies.
Security Bank shall see to it that adequate reporting mechanisms are in place to promptly inform security administrators when users are no longer authorized to access a particular system and to permit the timely removal or suspension of user account access.
Whenever critical systems or processes are outsourced to third parties, Security Bank shall ensure that the appropriate logging and monitoring procedures are in place and that suspected unauthorized activities are communicated to the Bank in a timely manner.
An independent party (e.g., internal or external auditor) shall also review activity reports documenting the security administrators’ actions to provide the necessary checks and balances for managing system security.
3. Consumer Awareness Program
Consumer awareness is a key defense against fraud, identity theft and security breach. (Please refer to Appendix C for the minimum Consumer Awareness Program of Security Bank)
Security Bank shall implement and continuously evaluate the effectiveness of its consumer awareness program. Evaluation may include tracking the number of customers who report fraudulent attempts to obtain their authentication credentials (e.g., ID/password), the number of clicks on information security links on websites, the number of inquiries, etc.
4. Disclosure and Business Availability
Security Bank shall provide its customers with a level of comfort regarding information disclosures or transparencies, protection of customer data and business availability that they can expect when using traditional banking services.
To minimize operational, legal and reputational risks associated with e-banking activities, Security Bank shall make adequate disclosure of information and take appropriate measures to ensure adherence to customer privacy and protection requirements (Please refer to Appendix D for the minimum disclosure requirement). Similar to the record keeping requirements on paper-based transactions, Security Bank shall ensure proper safekeeping and monitoring of records or information regarding e-banking financial transactions and disclosures.
5. Complaint Resolution
Security Bank may receive customer complaints either through an electronic medium or otherwise, concerning an unauthorized transaction, loss, or theft in its electronic banking account. Therefore, the Bank shall ensure that controls are in place to review these notifications and that an investigation is initiated as required. Security Bank shall establish procedures to resolve disputes arising from the use of the electronic banking products and services.