Logo BeU
Logo BeU

Privacy Policy

Commitment to Your Privacy

  • This Privacy Policy Statement is designed to reinforce Bank Islam Malaysia Berhad's (“Bank”) commitment to the policy of protecting, at all times, the confidentiality, integrity and security of the information provided by customer (“Customer”) to the Bank.

Security of Information

Security Procedures

  • The Bank is committed to ensure that all transaction performed by Customers through our Be U by Bank Islam digital banking application (“Be U”) are always secure, safe and confidential. The Bank however does not have the control over electronic device, software, systems and other incidentals used by Customer to access Be U. As such, please observe and ensure that you do not provide your electronic device to anyone to gain access to your information. For added security, the Bank has incorporated a function to automatically log out when no activity is detected for a pre-set duration.

Data Integrity

  • All Customer's information transmitted over Be U are stored using the SSL (secured socket layer) and they are assured to enjoy the high standard of confidentiality, integrity and security.

Employees Access to the Information

  • The Bank authorizes only such employees as are strictly relevant or required to access the Customer's information. Our authorised employees, who are fully trained and well equipped, are required to adhere to safeguarding the privacy of the Customer's information.

Use and Disclosure of information

  • Customer's information is required to enable the Bank to process the Customer's applications, to provide instructions and conduct transactions through Be U. Generally, the nature of information that are required includes, but not limited to, address, telephone number, age, gender, identity card and where applicable, financial information such as information on income, liabilities, account information, account balance and payments records.

  • With strict compliance to Islamic Financial Services Act 2013, the Bank will not disclose the Customer's information to any third party or external organizations without prior written consent from Customer.

  • Nevertheless, the Bank may disclose the Customer information as required in the Bank's Privacy Notice (“Privacy Notice”). The Customer is advised to read and understand the Privacy Notice which is available in Be U. Customer's continuance access to Be U shall be regarded as that Customer agree to be bound to the said Privacy Notice.

Accuracy of Information

  • The Bank understands that keeping your information and data accurate, complete and updated are important. However, to ensure these, the Customer is advised to help the Bank maintain accurate and complete and most updated information by furnishing this information in a timely manner.

Customers Queries, Concerns & Complaints

  • Customer may address any queries, concerns or complaints relating to the Bank's handling of their data and information via telephone or e-mail to our Be U Community Support at:

    Be U Community Support
    Level 17, Menara Bank Islam
    22, Jalan Perak
    50450 Kuala Lumpur
    Telephone: 03-2779 0088
    Email: beu.communitysupport@bankislam.com.my

Security Statement

  • The Bank is dedicated in ensuring all Be U digital banking services are not only geared for the ease and speed of performing banking transactions but also to maintain a secured site to commensurate with the basic security principles to protect your transactions which are Confidentiality, Integrity and Availability.

Authentication

  • All users' access to Be U is registered via specific user unique identifiers i.e. phone number and identification number (NRIC) through binding mechanism. Standard authentication methods including Multi-Factor Authentication (MFA) via SMS and email one-time-password (OTP) are available to maintain individual integrity and providing additional layer of security.

  • While Be U is essentially an additional banking channel that the Bank is offering to the Customer for convenience, the Bank has assessed the risk from operational as well as from technology and security perspective. However, the Bank cannot be held responsible for any breach of security, access compromise and the control on the usage of the electronic device which the Customers are using to access Be U, therefore, Customers are advised to observe the following when performing transactions via Be U:

    • Please ensure that your electronic device does not provide anyone the opportunity to gain access to your information. As an added security feature, Be U have incorporated configurable inactive session when no activity is detected for a pre-set duration and automated logout when the user exits Be U.

    • Please ensure that the electronic device you are using does not allow eavesdropping or recording of activities.

    • Customers are advised to log out from Be U before using any other applications on your electronic device or immediately upon completion of transactions.

    • Do not send any information pertaining to your account via internet.

Data Privacy, Confidentiality and Integrity

  • From the technology perspective, the Bank will ensure and use the best available technology for security and protection where all information transmitted over the Internet is encrypted using the 256-bit Secure Sockets Layer (SSL) protocol.

  • All information portrayed on Be U is classified in accordance with our data classification policy. All transactional related information on Be U is classified as highly confidential and kept encrypted.

  • Be U is designed to allow complete session termination and does not allow caching of information.

Security Control

  • The Bank has established a secured direct connection using secure sockets layer virtual private network (SSLVPN) to the Bank's network.

  • The Bank has implemented 3 tiers network segmentation and has subscribed to various cloud security services such as web application firewall, shield standard, security hub and other cloud security services to assure the safety and security of the Bank's networks.

  • Files containing sensitive company data as defined by existing corporate data security policy that are transferred in any way across the Internet are encrypted using transport layer security 1.2 (TLS) with industry standard AES-256 cipher.

  • Only those Internet services and functions with documented business purposes for the Bank will be enabled at the Internet firewall using secured protocol HTTPS (port 443) and SFTP (port 22).

  • The Bank has applied stringent user access control policy with the least privilege principle to prevent unauthorised access.

Mobile Device Software Protection

  • The Bank's cloud service provider has implemented stringent security controls with appropriate software protection and not susceptible to any malicious code attack.

  • The Bank has also subscribed to cloud security services i.e. GuardDuty, as threat detection service for malicious and unauthorized behaviour activity.

  • Software protection of electronic device used to access Be U are not under Bank's purview as it's a personal belonging. However, Bank would strictly emphasize that electronic devices used to access Be U should be at minimum:

    • Protected with a software protection.

    • Virus signature updated on a weekly basis.

    • Enabled with screen saver with password or screen lock to discourage unauthorised access.

Mobile Device Operating System

  • Always keep your electronic device's operating system updated with the new versions or patches released, as it is may include new security feature. Security updates patch vulnerabilities that may be exploited, helping to keep user's data safer.

  • Regular security updates help protect electronic devices from malicious attacks, so upgrading and staying current is important.

  • Recommended to use electronic devices with latest iOS or Android operating system.

Security Audit and Monitoring

  • As an effort to maintain a strong security posture, the Bank's cloud service provider has engaged with various certification organizations in obtaining the certifications i.e. Payment Card Industry Data Security Standard (PCIDSS) and Security Operation Center (SOC) under its assurance program.

  • Its solutions will assist the Bank to identify, correct and continuously manage risks to critical systems and information.

  • In addition to the certifications obtained, regular security reviews and assessments are also conducted by Bank's Internal Audit Department.

  • The Bank also strives to broaden our cloud security knowledge and passion by keeping abreast with most up to date digital technology to continuously enhance and monitor our digital banking systems.

  • Our promise to our Customer is to maintain a secure, resilience and efficient digital banking system.

Logo Bank IslamLogo Perbankan IslamLogo PIDM