2020 Sustainability Report | PT Bank Central Asia Tbk Inspiration for
75
Responsible Banking Inspiration for Sustainability Culture Inspiration for Social Value Creation
Customer Data Privacy and Security Protection
Data, transactions Security, and customer Data confidentiality
[418-1] [FN-CB-230a.2]BCA has ISO 27001 certification covering the information security management system standards for its network and data center systems. In addition, BCA was one of the first private banks to receive the prestigious certification, PCI DSS 3.2.1, for all entities managing cardholder transactions and data, including the data centers.
With the rapid development of information technology, customer interactions with BCA digitally have also increased. However, this can also lead to a risk of technology crime, so BCA continues to improve its IT security system. BCA’s IT security system has been developed to protect data security and ensure the IT system’s availability to serve customer transactions, including preventing and anticipating cyber-crime and potential fraud.
For Data Loss Prevention (DLP), BCA’s ongoing data security strategy is to increase the security of important electronic information, and to prevent information theft and access by unauthorized parties. To ensure security in BCA’s internet-based internal applications, BCA has implemented a Two Factor Authentication security to ensure access to the database is carried out only by authorized personnel.
BCA ensures that all company data is classified according to the level of data confidentiality. BCA uses a Database Activity Monitoring solution to ensure that the database is accessed only by authorized people and applications.
This solution is equipped with machine learning and artificial intelligence features to ensure no anomalies occur. To further protect the security of confidential data in the database, BCA has implemented Database Masking technology to protect confidential data from being exposed to unauthorized parties.
BCA is one of the private banks that the first bank to received certification on Payment Card Industry Data Security Standard (PCI DSS) 3.2.1 that intended for all entities that manage transactions and cardholder data, including Data Centers. In addition, BCA also obtained ISO 20000-1:2018 certification in order to improve the service management system (SMS).
To ensure service security for all customers, the Director of Information Technology also oversees through regular reports submitted by the Strategic IT Group Division. During 2020, BCA held training related to e-learning social engineering awareness for all BCA employees. BCA did not encounter any significant cases related to violations or misuse of customer data and privacy. In 2020, no customer data was lost. Therefore, there were no sanctions/fines imposed on BCA or its employees. [418-1][FN-CB-230a.1]
BCA provides banking solutions supported by a
reliable data security system.
2020 Sustainability Report | PT Bank Central Asia Tbk
76
Sustainability Governance Together throughPandemic Challenges Sustainability Aspects Highlight
Fraud and Financial Crime Prevention
We have implemented an anti-corruption management system based on ISO 37001: 2016 that applies to all BCA employees and management, as well as our partners and vendors.
Our commitment to enforcing anti fraud refers to the four Anti Fraud Strategy Pillars. Fraud prevention efforts are carried out on an ongoing basis through an effective control system, and include prevention, detection, investigation and monitoring.
Pillars of anti Fraud Strategy
4 Pillars of anti Fraud Strategy
Guidance of Anti Fraud Implementation Published April 7,2015 No.064/SE/POL/2015 Prevention
reduce the potential for fraud Anti Fraud Awareness Identification of Vulnerability
Know Your Employee
Detection
identify and uncover fraud incidents Whistleblowing System
Surprise Audit Surveillance System
investigation, reporting, and Sanctions
extracting information, reporting system and imposing
sanctions on fraud Investigation
Reporting Sanctions
Monitoring evaluation &
Follow-up
Monitoring and evaluate fraud incidents ad well as their
necessary follow-up Monitoring
Evaluation Follow-Up
anti Fraud and anti corruption
[205-1, 205-2, 205-3]BCA has an Anti Fraud Bureau that oversees the anti fraud strategies and evaluates their implementation. The Anti Fraud Bureau is also tasked with increasing the effectiveness of the anti fraud strategies, in accordance with OJK regulation No. 39/POJK.03/2019.
Anti Fraud enforcement efforts include optimizing the application of anti-gratification, disseminating anti fraud information, conducting internal audits, improving data security systems, and raising awareness of the whistleblowing system. BCA audits all branch offices, on a three-year basis with a priority scheme based on the audit results. If there is an indication of fraud, the BCA Internal Audit can immediately conduct an investigation at the Branch Office or related work unit. All regional offices, branch offices, and head office operational units have an internal control unit.