Security Policy


1. Introduction

We shall at all times and to the best of our ability, endeavour to ensure that all materials, data, communications and/or information ("Information") exchanged, disclosed, shared, stored or otherwise used, or any transactions which are made via our system ("Transactions") are kept private and confidential. Further thereto, we shall comply with and adhere to the requirements of the Bank of Thailand pertaining to the privacy and confidentiality of the Information and Transactions as well as the need to maintain the security and integrity of our system. In pursuance of these objectives, we have set in place adequate security procedures and requirements which are designed to ensure the optimum security of the Information, Transactions and our system at all times, all of which are elaborated below.

2. Data Privacy, Confidentiality and Integrity

In order to ensure the privacy, confidentiality and integrity of the Information which are exchanged, disclosed, shared, stored or otherwise used on our system and the Transactions, whether or not the same belongs or originates from you or otherwise, we have engaged the use of a combination of authentication, encryption and auditing mechanisms which serve as a powerful barrier against all forms of system penetration and abuse.
These mechanisms which are engaged above include but are not limited to the following:-

  1. Secure Sockets Layer (SSL) channel;
  2. 128-bit encryption
  3. Username and password protection and authentication;
  4. Firewalls; and
  5. Account-locking,
  6. OTP (One Time Password)
all of which have been thoroughly tested in a series of independent security audits and have been determined, whether used separately or together, to effectively protect and safeguard against known security issues and prevent any form of tampering or theft of Information or Transactions, where applicable
3. Authentication
For the purpose of verification of the identity of our customers, we employ in our authentication process the use of individual and distinct Usernames, PINs, Passwords and Preferred Security Question & Answer ("Access Codes"). These Access Codes will act as a key to access, inter alia, your relevant account(s), financial information and the banking facilities, products and services offered via our website at

To ensure the integrity of these Access Codes, you are advised to maintain its confidentiality by not sharing it or making it accessible to any other person and to take all reasonable endeavours to maintain its security which may include, memorising the Access Codes, changing your password regularly and signing off before visiting any other Internet sites.

Other than the use of individual and distinct Access Codes, we also employ for our business customers, the use of digital certificates for the purposes of ascertaining and authenticating their identity.
4. Non-Repudiation
Further to the rest of this Security Arrangement and for the purpose of clarification, any and all Transactions which are initiated by or originate from the customer's Access Codes shall be deemed to have been initiated or originated from the said customer and accordingly, we shall be entitled to carry out the said Transactions as if we had been duly instructed to do so by the respective customer.

We also maintain and constantly update the logs of the Transactions which record, among others, the Transactions entered into by our customers (including you) and the nature, time and date of the same, all of which serves to enable us to verify the various Transactions made and act as evidence thereof should there ever arise a dispute as to the same.
5. Access and System Design

Our system is designed and developed with the primary and utmost intention of safeguarding the security and integrity of all Information and Transactions at all times. Pursuant thereto, the system deploys a wide range of security features all of which are constantly reviewed and audited to determine their effectiveness and further updated and maintained to ensure that these security features perform at optimum standards at all times.
We also adopt a variety of monitoring and review measures upon the security and integrity of our system, which include but are not limited to:-

  1. Enhanced data-encryption methods;
  2. Anti-virus detection, prevention and protection procedures;
  3. Firewall / Intrusioin Prevention (IPS) barriers; and
  4. 24/7 surveillance and detection,

all of which are designed and implemented to intercept and prevent any form of attack on, penetration or otherwise unauthorised access into our system and to ensure that the critical sectors of our system including the storage of the Information, the Information itself and the processing and authentication of the Transactions are, at all times, kept free from the such attack, penetration or unauthorised access ("System Security Monitors").

We shall also endeavour to conduct regular and thorough reviews or audits of our System Security Monitors, both by our internal security auditors as well as by external security experts. These reviews and audits may include but are not limited to actual penetration testing and intrusion detection on our said System Security Monitors which will enable us to determine whether there are any defects, faults, malfunctions or shortcomings (the "said defects") in the same. In the event the said defects or otherwise a breach of our system is discovered, we shall in the case of a security breach, promptly report the same to appropriate management and the Bank of Thailand and immediately proceed to rectify or remedy the same. For this purpose, we may be required to temporarily or indefinitely suspend all use of our system until such time when the said defects are rectified or remedied without any notice and without any liability whatsoever to you.

While we have the capabilities to ensure that the privacy, confidentiality and integrity of the Information exchanged, disclosed, shared, stored or otherwise used and the Transactions as well as the security and integrity of our System itself are at all times, safeguarded, maintained and secure, we shall from time to time collaborate efforts with other major hardware, equipment or software vendors and manufacturers in an effort to keep abreast with the developments and improvements made to the same. Accordingly, where we believe that such developments and improvements would serve to provide enhanced security to the Information, Transactions and our System above, we shall not hesitate to implement the same for our joint benefit
6. Verisign Seal

IThe website is Verisign certified. The Verisign Trust Seal of Assurance (“the Verisign Seal”) tells customers that an independent certified public accountant has evaluated CIMB Thai Bank's business practices and controls and determined that they are in conformity with Verisign Trust Principles and Criteria for Security and Privacy.
The Verisign Seal verifies that a report has been issued indicating that such principles are being followed in conformity with the Verisign Trust Criteria. CIMB Thai Bank's management have made representations that:

  • CIMB Thai Bank discloses key security arrangements, complies with such security arrangements and maintains effective controls to provide reasonable assurance that access to its systems for its website for electronic banking, namely, is restricted only to authorised individuals in conformity with this Security Arrangement.
  • CIMB Thai Bank discloses its privacy policy, complies with such privacy policy, and maintains effective controls to provide reasonable assurance that personally identifiable information collected in is protected in conformity with its PRIVACY POLICY.
Please click on the Verisign Seal for further details of the SSL certification.
7. Customer's Choices in Respect of the Provision of the Information

While you are neither bound nor obligated to provide us with any of your Information, your choice not to do so (whether due to your disagreement with the methods employed by us to safeguard the privacy of your Information or otherwise) may result in you being prohibited from accessing or making full use of our products and services, neither of which shall render us responsible or liable for.

Copyright 2011
CIMB Thai Bank PCL
find out more Facebook Twitter Join Us on :fb-twiiter
Client Charter | Security | Privacy | Terms & Conditions | Sitemap | Contact Us All rights reserved. Copyright 2011 CIMB Thai Bank PCL