Regulators of the Bank
The Siam Commercial Bank Public Company Limited (the "Bank") with its headquarter located at 9 Ratchadapisek Road, Jatujak, Bangkok, has obtained a license to engage in commercial banking business under the Commercial Banking Act B.E. 2505. The Bank is a public limited company established under the Public Limited Companies Act B.E. 2535 and subject to the supervision of the Bank of Thailand and Ministry of Finance. Furthermore, the Bank, as a public limited company, is listed on the Stock Exchange of Thailand in accordance with the Securities and Exchange Act B.E. 2535; therefore, the Bank is also subject to the supervision of the Securities and Exchange Commission.
Respectfulness on Your Privacy Right
The Bank respects your privacy right and recognizes that your expectation is to obtain the highest standard of security in entering into any transactions with the Bank via the Bank's Web Site. Therefore, your information received by the Bank will principally be used pursuant to your purpose only and the Bank will proceed with rigorous measures and procedures for security purpose and prevent such information from any unauthorized use without obtaining your prior permission.
Disclosure of Information to Third Party
You have privacy right over your information. The Bank will not disclose your information in respect of your account(s) to any persons other than the Bank's authorized officers and affiliates and any third persons authorized by you to access to such information, and the Bank will also protect your information from being used without obtaining your prior permission, except in the following events:
- the Bank has obtained consent or permission from you to disclose such information;
- the disclosure of such information is for the purpose of executing the transaction required by you;
- the disclosure of such information is made to a credit bureau in where the Bank is a member;
- the Bank is legally compelled or required to disclose such information for any investigation or legal proceeding; or
- the disclosure of such information is made in compliance with any laws, orders or instructions of any governmental authorities.
Information received from you may be used for the Bank's improvement of its designs, marketing promotions, services and products. However, the Bank undertakes that your private information will be kept confidential at a high standard of security. In addition, the Bank reserves the right to use your private information for information analysis at any time. Should there be any amendments or updates as a result of such analysis, such amended information will be posted on the Bank's Web Site.
Information Collected or Retained by the Bank
The Bank will collect your information for certain business purposes only. Information in respect of your transactions entered into with the Bank through the Bank's Web Site may, as the Bank deems necessary, be collected by the Bank, depending upon the type of services used by you. The Bank will collect and retain such information if the Bank considers that such collection will be of benefits to the Bank's business or to you in order for you to obtain good financial services or opportunities from the Bank. Such information is to be used by the Bank for the Bank's administering and maintaining your account records, for the Bank's being in compliance with the relevant laws, rules and regulations, for the Bank's improvement and development of its services, or for the Bank's having more understanding of your needs, so that the Bank may then invent and develop its services at a higher satisfactory level to you.
General Security Measures and Procedures
A) User ID and Password
Rigid security system is applied by the Bank in order to protect your information from being accessed without your permission. Further to normal process required for internet access of the Bank's system, the Bank does not have policy to contact you directly for inquiry of your User ID, Password or account number. Hence, if you detect or spot any of such actions other than normal process needed to be rendered for your access to the Bank's system via Internet, please inform the Bank at the telephone number 662-777-7777 or at the Bank's division in charge of such service provision.
You should keep your User ID and Password at utmost confidential. Please do not write them down or record them in or on any media or disclose them to any person(s). In order to ensure you that you are the only person knowing your User ID and Password, the Bank does not and will not have any policy to query you for them. If you are in doubt that your User ID and/or Password may have been disclosed to any third person or lost or stolen and that there were any transactions executed without your authorization, please inform or notify the Bank's officers promptly.
In regard of individual customers, after you have already applied and registered for the Bank's electronic services, you will be given your personal identification number ("Login Name ") and personal password ("Password"), both of which needed to be used in order to access to such services. We advised you to login as soon as possible after receiving two sealed envelopes. Save your Login Name and Password by changing them to your personal codes and destroy the envelopes immediately.
With respect to corporate customers, after you have already applied and registered for the Bank's electronic services, you will be given your corporate identification number ("Corporate ID"), personal identification number ("User ID") and personal password ("Password"), all of which needed to used in order to access to such services.
Your User ID and Corporate ID are to be known by the Bank, but only you know your Password. Strict security system is focused on by the Bank to ensure that your Password is truly and well protected. You, however, should be aware of the following guidelines and comply with these recommended measures in order to protect and maintain your privacy rights in connection with your using of the Bank's electronic services:
- do not allow any person to see your Password when you are logging in the Bank's Web Site;
- memorize your Password and do not record it on any place;
- change your Password regularly and do not re-use your recent Password;
- do not use any of your personal information as Password which may be guessed easily; such as, family name, telephone number, or date of birth etc;
- at least 6 characters are required to identify your Password, each of which could either be a number or a letter, and any words contained in the dictionaries should not be used as your Password;
- do change your Password immediately upon your uncertainty as to whether your Password is known by any other person(s) or not;
- do not allow or authorize anyone to access the system by using your User ID and Password, including Corporate ID as you will have to be responsible for all actions and transactions executed by using those Corporate ID, User ID and Password;
- use your User ID, Corporate ID and Password with your private computer on which you may rely and be able to ensure that there is no equipment or software installed on it that could retrieve or disclose such User ID, Corporate ID and Password to other person(s); and
- public computers are not recommended for use; such as, computers in any Internet Cafes, since there might be some computer program installed on those computers that could detect and retrieve your material information where other person(s) may use. It is therefore highly recommended that you should avoid any use of the computers in such places.
B) Token Device and Token Code
A Token Device is a device for generating a Password in order for you to access the system for one time only (One Time Password). Prior to your use of the Token Device, a Token Code is to be known in order to generate your Password via Token Device.
Certain corporate customers may obtain Token Devices and Token Codes for system accessing and engaging in financial transactions whereby such Token Devices and Token Codes are needed to be used together with their Corporate IDs, User IDs and Passwords. However, it is at the Bank's discretion as to whether a company or entity will obtain such a Token Device or not.
Any person obtaining the Token Device and Token Code for accessing or logging in the Bank's system should be aware of the following guidelines and comply with these recommended measures in order to protect and maintain your privacy rights:
- do not allow anyone to see your Token Code while you are using the Token Device for system accessing;
- memorize your Token Code and do not record it on anyplace;
- change your Token Code regularly and do not re-use your recent Token Code;
- do not use your personal telephone number, date of birth or any other personal information as your Token Code;
- do change your Token Code immediately upon your uncertainty as to whether your Token Code is known by any other person(s) or not;
- do not allow or authorize anyone to use your Token Device and Token Code as you will have to be responsible for all actions and transactions executed by using your Token Device and Token Code; and
- keep your Token Device in a safe place from where any other persons may not steal or know.
Additional Technology Used for Security
In addition to general security measures and procedures stated above, the Bank also employ the following leading edge technologies to protect your private information:
- Intrusion Detection: Intrusion Detection is a system software used for checking up and detecting any intrusion into the system without authorization. Of course, the most efficient intrusion detection system is employed by the Bank and such system is regularly updated.
- Firewall: A fire wall software is a system that will allow only the person authorized by the Bank to access the information. In this regard, Double Firewall Protection is employed by the Bank.
- Scan Virus: In addition to high efficient scan virus software installed onto all computers of the Bank (regularly updated), scan virus software for the server is also specifically installed.
- Secured Socket Layer ("SSL"): SSL is an encryption technology for information access. This encryption technology is applied in order to prevent any information from being detected while transmitted via Internet. By using this technology, any person wishing to detect or grasp information will not be able to understand the information detected or grasped. Moreover, this technology is used for confirmation as to the existing of the Bank's Web Site. The Bank uses 128 Bits Secured Socket Layer for transferring data.
- Data Encryption: Data Encryption is employed in respect of vital information; such as, Password which is the information on where stringent security is concentrated by the Bank. Complex algorithm is always used prior to transferring those data into the Bank's computers. In this way, there will be no person knowing such vital information, including the Bank's officers.
- Cookies: Cookies are small computer files that temporarily collect necessary information in your personal computer in order to facilitate and expedite your communication. The Bank recognizes your privacy right; therefore, the Bank tries to avoid using Cookies. If the Bank deems that using Cookies is necessary in some certain aspects, due care in using Cookies will be rendered, and your security and privacy right are first priority of the Bank.
- Auto Log Off: You should log off every time when you have completed your transactions via the Bank's Internet Banking Services. Should you forget to log off, the system will, for your security, be automatically logged off within an appropriate period of time for each use of the services.
Although high security standards, technologies and procedures are employed by the Bank to help unauthorized access to your private or confidential information as discussed above, it is envisaged by everyone that there is currently no security measure that could absolutely prevent your information from being attacked by computer virus or worm or being accessed by unauthorized persons. Therefore, the Bank recommends that the following procedures should also be observed and followed:
- Be careful when download freeware via the Internet. Always check the address of the website that you enter before login.
- anti-virus software should always be installed on your personal computer and be updated regularly;
- personal firewall software should be installed for protection against any crackers or hackers; and
- keep yourselves updated in respect of computer news.
- Check your financial status regularly for security purpose. For instance, account balance, transaction date, account number.
- Always sign off the system after completing your transaction. Do not leave your computer unattended during the transaction.
- Keep your personal information, financial status or credit card number confidential. Personal information should not be disclosed on websites that are not certified by a trusted Internet security solution provider.
- Avoid opening Junk mail
Communication with the Bank
If you want any assistance from the Bank regardless of whether such assistance is required in respect of any additional information, any errors, any doubts of your account movement, or any transactions previously executed without your permission, you yourselves shall have to inform the Bank by contacting the Bank's Customer Service at telephone number 0-2777-7777 or by writing a letter to the Bank's department by which the relevant service is being or was previously provided without any delay. In connection with this, you shall have to provide the Bank with the following details:
- your name and account number;
- estimated amount of errors;
- type of transaction or activity, including the date and time of occurrence thereof;
- details of errors and reference code (if any); and
- your reachable contact name and address, including your e-mail address (if any).
After the Bank receives information of any errors or irregular activity made through the Bank's Web Site as stated above, the Bank shall investigate such error or irregularity promptly and inform you the result of such investigation as soon as possible.