2020 Sustainability Report | PT Bank Central Asia Tbk Inspiration for
75
Responsible Banking Inspiration for Sustainability Culture Inspiration for Social Value Creation
Customer Data Privacy and Security Protection
Data, transactions Security, and customer Data confidentiality
[418-1] [FN-CB-230a.2]BCA has ISO 27001 certification covering the information security management system standards for its network and data center systems. In addition, BCA was one of the first private banks to receive the prestigious certification, PCI DSS 3.2.1, for all entities managing cardholder transactions and data, including the data centers.
With the rapid development of information technology, customer interactions with BCA digitally have also increased. However, this can also lead to a risk of technology crime, so BCA continues to improve its IT security system. BCA’s IT security system has been developed to protect data security and ensure the IT system’s availability to serve customer transactions, including preventing and anticipating cyber-crime and potential fraud.
For Data Loss Prevention (DLP), BCA’s ongoing data security strategy is to increase the security of important electronic information, and to prevent information theft and access by unauthorized parties. To ensure security in BCA’s internet-based internal applications, BCA has implemented a Two Factor Authentication security to ensure access to the database is carried out only by authorized personnel.
BCA ensures that all company data is classified according to the level of data confidentiality. BCA uses a Database Activity Monitoring solution to ensure that the database is accessed only by authorized people and applications.
This solution is equipped with machine learning and artificial intelligence features to ensure no anomalies occur. To further protect the security of confidential data in the database, BCA has implemented Database Masking technology to protect confidential data from being exposed to unauthorized parties.
BCA is one of the private banks that the first bank to received certification on Payment Card Industry Data Security Standard (PCI DSS) 3.2.1 that intended for all entities that manage transactions and cardholder data, including Data Centers. In addition, BCA also obtained ISO 20000-1:2018 certification in order to improve the service management system (SMS).
To ensure service security for all customers, the Director of Information Technology also oversees through regular reports submitted by the Strategic IT Group Division. During 2020, BCA held training related to e-learning social engineering awareness for all BCA employees. BCA did not encounter any significant cases related to violations or misuse of customer data and privacy. In 2020, no customer data was lost. Therefore, there were no sanctions/fines imposed on BCA or its employees. [418-1][FN-CB-230a.1]
