Secure Socket Layer (SSL) certificate
All information you send to BBK Internet Banking such as your Customer ID and ePIN and other transaction details are encrypted using the Secure Socket Layer (SSL) Certificate.
ePIN (login password)
Access to the secure e-Channels (Internet Banking, BBK Mobile App, Mobile Web, Telebanking and SMS Banking) and eStatement service, is limited only to registered clients with a Customer ID and ePIN.
An Authorization Password, a second security number, serves as an extra security measure when setting up beneficiaries and/or requesting cheque books through BBK’s Internet Retail Banking. Authorization Password requests are submitted online and delivered to your registered mailing address.
Dual Factor Authentication
As an additional security precaution during Internet Banking and BBK Mobile App login, Dual Factor Authentication adds an extra layer of security to your basic login process (Login OTP) and when authorizing requests (Transaction OTP). The One Time Password (OTP) will be valid for only one login session and for a short time period, which can be generated by or sent to your registered mobile phone.
Access control and intrusion prevention
Security systems such as firewalls, Intrusion Prevention Systems and Web Application Firewalls are deployed to protect the e-Channels from unauthorized access and are monitored round the clock for unauthorized intrusion attempts
BBK is fully compliant with the Payment Card Industry’s Data Security Standards (PCI DSS 3.2) and can therefore accept or process debit/credit card information securely in accordance with these standards. BBK re-certifies this compliance annually. BBK is also fully compliant with ISO 27001 certification.
BBK maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies on an annual basis and undergo additional training such as Secure Coding, PCI, and job specific security and skills development and/or privacy law training for key job functions. The training schedule is designed to adhere to all specifications and regulations applicable to BBK.
Dedicated Security Personnel
BBK also has a dedicated Trust & Security organization, which focuses on application, network, and system security. This team is also responsible for security compliance, education, and incident response.
Vulnerability Management and Penetration Tests
BBK maintains a documented vulnerability management program, which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.
We also conduct regular internal and external penetration tests and remediate according to severity for any results found.
Logging and Monitoring
Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized BBK personnel. Logs are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.