Because your security is our prime concern, you are assured that at BPI, we are continually implementing measures to ensure the safety of your Internet banking transactions done via BPI Online Banking.
BPI adheres to the best security practices by using different tools, methods, and processes to protect your account information and banking transactions:
- We employ security products, such as intrusion detection system and firewalls, and other internal controls which are meant to safeguard, physically and logically, all our servers and information systems, including the data stored in these systems.
- Access to all of BPI's websites (BPI Online Banking, BPI ExpressLink, and BPI Trade) is secured using Digicert's Security Certificate which enables SSL for end-to-end encryption and you to verify the authenticity of our sites.
- USER ID and PASSWORD - nominated by the client
Password (PW) Protection Features:
- 6-12 alphanumeric characters
- Prohibits reuse of previous 3 passwords
- PW reset subject to strict verification, ATM authentication or OTP verification.
- Pre-enrollment with ATM/signature authentication
- Log-off due to inactivity for 5 minutes
- Pre-enrollment procedures for critical financial transactions - This is a pre-requisite procedure for critical transactions where clients nominate third party accounts thru a signed application form and these are stored in BPI's enrollment database. Thus, during a funds transfer transaction, if the recipient / third party account is not found in BPI's enrollment database, Online Banking will not complete the transaction.
- E-mail Confirmation/Alert - we also send you a confirmation advice in your registered email address for every financial transaction done with BPI Online Banking.
For added protection, we also encourage you to do your part:
1. Securely manage your password
- Use a password that is easy for you to remember but hard for others to guess.
- Avoid using the same password for your online accounts (social media, e-mail, group buying sites, etc.).
- Disable your browser's remember password facility.
- Ensure that you keep your password confidential at all times by not writing it or divulging to anyone.
- Do not use the "save and remember the password" browser feature
- Ensure immediate change of your password if you think it has been compromised.
2. Protect your computer against viruses, malicious programs, and hacking attacks. There are attacks which can capture your keystrokes, including your password and other personal information, and send them to another person without your consent.
- Ensure that you install an anti-virus software and update it regularly. Keep the engine and pattern definitions up-to-date to prevent viruses from going into your PC.
- Do not download any software from a website that is of doubtful origin.
- Install a spyware or malware removal program. Spyware or malware programs can take control of your PC's system with the purpose of stealing valuable information.
- Install the latest patches and service packs on your operating system, browser, and e-mail programs to prevent system vulnerability-related attacks.
3. Do not become a victim of Phishing attacks. Phishing uses e-mails and websites, purporting to be legitimate banks, to request recipients to update their login and account information.
We suggest that you use this short checklist to protect yourself against phishing attacks.
- Begin your session by manually typing the web address of BPI into your browser. The official URL of BPI Online Banking is secure1.bpiexpressonline.com.
- Avoid disclosing personal or account details via email or embedded link. Be skeptical of unsolicited e-mails, especially those that concern personal / account information. Delete suspicious e-mails or e-mail attachments without opening them, even if they seem to have originated from someone you know.
- Notify the sending company if you receive a suspicious e-mail. Contact us directly through Phone Banking 89-100 or e-mail us at firstname.lastname@example.org.
- Check the security certificate of the web page. Before entering personal or account information into a site, make sure it is secure. In Internet Explorer, you can do this by checking the yellow lock on the status bar. A closed lock is an indication of an encrypted site.
If you think you may have responded to a suspicious e-mail, change your password as soon as possible. To change your password, log in and go to Account Maintenance --> Change Password
4. As much as possible, avoid doing Internet banking transactions using public computers such as those in the Internet cafes. Should you, however, need to do so, we suggest that you close the browser after logging off. We also advise you to change your password immediately when a private computer is already available to you.
5. Regularly check your deposit and credit card transactions.
6. Update your registered e-mail address.
Please click here for more information regarding the Guidelines on Information Technology Risk Management for All Banks and Other BSP Supervised Institutions.