Etiqa is highly committed to ensuring that all transactions performed through our online financial service are secure, safe and confidential. For this purpose, we have put in place protection systems to ensure the highest security standards and confidentiality. The following general information is provided to address security risks online, and good practices to protect yourself.

• Protect Username and Password
• Beware of Phishing Attacks
• Protect against Malware
• Protect Your Computer and Mobile Device
• Online Systems Security

To prevent unauthorised access to our online financial services, every customer is required to select a username and an alphanumeric password, which are the access key to your financial information. The username must be between 6 to 16 characters and the alphanumeric password must be between 8 to 12 characters. Your password must include both alphabets and numbers but you may also use special characters (e.g. & * $) except spaces.
The username and alphanumeric password are case sensitive. For example, if your password is “fuNNySAD2B” and you key in “fuNNySAD2b”, you will not be able to login (the “b” must be uppercase).
To ensure the integrity of your username and password, you are advised to do the following:

• Do not choose a password that others can easily guess.
• Do not use simple words, your name, birth date, telephone number or names listed in standard dictionary.
• Memorize your password and do not write it down.
• Passwords or PINs should be used when accessing an online account to protect your personal information.
• Sharing your password or PIN with another person is the same as giving that individual authority to use your name in a transaction. It should not be disclosed even if requested by an authorized Etiqa Officer. Do not reveal the OTP from your security token or the SMS to anyone.
• Change your password frequently.

To create a strong password, you can use the following options:

• Use a combination of unrelated words and numbers E.g. tiger63rain
• Use grossly misspelled or mistyped words E.g. sinaran_07 —› slnalam_07
• Use both upper and lower case characters E.g. funnysad2b —› fuNNySAD2B
• Use a line of lyrics or poem E.g. “A thousand sad reasons for a broken heart” —› 1Ksrfabh
• Don’t copy any of these examples!

A phishing attack is fake links / attachments sent via email / text / social media or other platforms which appear to come from legitimate banks, insurance companies, retailers, credit card companies, etc. Such messages typically contain a hyperlink to a spoof website and mislead account holders to enter sensitive personal information such as user name, password, NRIC, bank account etc. Once you provide your information, it can be used on legitimate sites for unauthorized transactions.
Tips on how to protect yourself against Phishing:

• Treat all unsolicited emails, SMS / requests online with caution.
• Verify if the sender is legitimate.
• Check the hyperlinks and make sure that you are using the official Etiqa website before performing online transactions. Click the “padlock” icon at the URL to check the security certificate of Etiqa.
• Do not give in to any requests for personal information.

Do note: Etiqa will never ask you for customer confidential information (for example, passwords or transaction details) via email. Treat all requests with extreme caution and check with customer care

Malware is malicious software to compromise information or damage computer system. Examples include viruses, worms, Trojan horse, ransomware or spyware. They can delete files on a computer, or steal data from your system without you knowing it.
Tips on how to protect yourself against malware

• Install anti-virus / anti-malware software on your PCs and mobile devices, and perform scanning on your computer regularly.
• Update you anti-virus / anti-malware software frequently and enable auot-update feature.
• Do not download files (including email attachments) from unknown source.
• Delete junk and chain emails; do not open them.
• Only install software from verified sources / providers on your devices.
• Install security updates to your computer operating system and software regularly, or enable auto-update feature.

We take considerable effort to ensure a safe and secure online experience, but we do not have control over the computer you use to access Etiqa. As an added security feature, we have incorporated an automatic log out function if no activity is detected after a preset time limit.
However, you must ensure that your computer does not provide anyone opportunity to gain access to your account information:

• Ensure no one has access to your computer or records your online activities. Set a strong password to login to the devices and turn on screensaver with password.
• Always log out immediately after completing transactions and before visiting other websites.
• Do not send any information about your account via e-mail.
• Do not use a computer or a device which cannot be trusted.
• Do not use public or internet café computers to access online services or perform financial transactions.
• Download security updates regularly.
• Remove file and printer sharing in computers, especially when they are connected to the internet.
• Make regular backup of critical data.
• Consider the use of encryption technology to protect highly sensitive or confidential information
• Don’t use the “remember password” function because this information can be easily accessed by hackers
• Clear browser cache after the online session.
• Disable the AutoComplete function on your browser to avoid automatic completion of your ID when you type in User ID.
• To turn AutoComplete “On” or “Off” in MS Internet Explorer browser:
  • Click the “Tools” menu to get the “Internet Options” function.
  • Click “Internet Options” to get the “Content” tab.
  • From this tab, click the “AutoComplete” button.
  • Uncheck “User names and passwords on forms”.

To ensure data confidentiality and integrity, all information transmitted over the Internet is encrypted using the Secure Sockets Layer (SSL) protocol from Verisign Certificate Authority. SSL is a secure way of transferring information between two computers on the Internet using encryption. Strong end to end encryption is also adopted within Etiqa’s computer networks and resources.
If you encounter any certificate warning or any warning messages, do not proceed and contact Etiqa immediately. Always check the authenticity of EIPL’s website by comparing the URL and Etiqa’s name in its digital certificate, or by observing the indicators provided by an extended validation certificate. Always ensure that Etiqa’s website address changes from ‘http://’ to ‘https://’ and a security icon that looks like a lock or key appears when authentication and encryption is expected.
Etiqa is WebTrust certified. This certifies our compliance with leading international security standards and Best Practices, as well as our commitment to maintaining a secure environment. WebTrust is an independent corporation that monitors and tests our facilities to assure that we maintain the highest and most current standards in Internet information security and exchange.
Etiqa has adopted a combination of the following systems security and monitoring measures for online transactions:

• Firewall systems, strong data encryption, anti-virus protection and round-the-clock security surveillance systems to detect and prevent any form of illegitimate activities on our network systems.
• Regular security reviews of our systems by our internal System Auditor as well as external security experts.
• When you have a broadband connected to the Internet (always-on connection), consider installing a personal firewall. At a minimum, power-off your PC when not in use.
• We also take every effort in ensuring collaboration with major vendors/manufacturers to keep abreast of information security technology developments, for possible and future implementation.

Ensuring the security of your online transactions is our top priority. If you have any claim or dispute in respect of or arising from the use of Etiqa’s online services, you can be assured that we will acknowledge your claim or dispute as soon as possible, within 3 business days from the date of receipt of the feedback. A thorough investigation will be immediately conducted based on information provided by you and other reliable sources, which include information gathered internally and externally from relevant parties, if any. We will work with you for an amicable resolution of your feedback, as soon as possible. If the matter is complex and requires more time for investigation, please be assured that we will keep you updated on the progress of our investigations.
If you are still dissatisfied with our response, we will refer you to a dispute resolution organisation, Financial Industry Disputes Resolution Centre Ltd (FIDReC), which is an independent organisation.