Security Guide

Your Login ID and password are the key to accessing your Online Account to use BFC Smart Money. The security of your Login ID and password is therefore very important. These guidelines are designed to help you keep your Login ID and password secure. By following these Guidelines, you can assist in preventing misuse of your Login ID and password. BFC will not be liable for unauthorised transactions.

Protecting your Login ID and Password

To help protect your Login ID and password you must:

  • Not disclose your password to anyone including a family member or friend
  • Only disclose your Login ID to a member of the BFC Customer Service Centre if you initiated the call
  • Take care to prevent anyone else seeing your Login ID or password being entered electronically
  • Try to commit your Login ID and password to memory and not write or indicate them anywhere without reasonably disguising them;
  • Change your password immediately via the Change Password link on the website if you become aware that your Login ID or password record has been lost or stolen, or known or used by someone else;
  • Not choose a password which has an easily retrieved combination (for example, repeated numbers or letters); and
  • Not choose a password that is easily identified with you (for example, your birth date, car registration, telephone number or your name or part of it).

Choosing a Secure Password

To help you ensure your password cannot be guessed by unauthorized users BFC Smart Money enforces the following rules when choosing a password:

  • Must be at least 8 characters
  • Must be a combination of numbers and characters
  • Must not be similar to any personal details provided during the Registration, e.g telephone number

Disguising Your Password

If you record your password you must make a reasonable attempt to disguise it. The following are examples of what is NOT a reasonable attempt to disguise your password:

  • Recording the password in reverse order;
  • Recording the password as a telephone number where no other numbers are recorded;
  • Recording the password as a telephone number with the password in its correct sequence;
  • Recording the password among other numbers or letters with any of them marked to indicate the password
  • Recording the password, disguised as a date (including your birth date) or as an amount; or
  • Recording the password in an easily understood code.

You must not use any other form of disguise that may be easily discovered by another person.

What is phishing?

Internet fraudsters and scam artists are increasingly targeting unsuspecting people by a method called “phishing.” Phishing is when you receive authentic-looking messages in particular emails appearing to come from a company, usual a bank or financial institution, but in reality it is sent by imposters using similar looking email addresses to obtain personal information. These deceptive emails lead recipients into believing that they are actually dealing with the Company and will lead them to share confidential and personal information.

How to protect yourself from such scams?

  • Please remember that BFC or any legitimate company will never send such e-mails or SMS’s that ask for unsolicited confidential information. If you receive an e-mail requesting for such details, please do not respond.
  • BFC’s official communications are never sent from personal email addresses hosted on domains such as yahoo, hotmail, gmail etc. Please verify the sender email address carefully.
  • The website that the scammer’s email links to will have an address (URL) that is similar to but not the same as the Company’s. For example, the genuine Smart Money website is ‘www.bfcsmartmoney.my/, the scammer may use an address like ‘www.bfcsmartmoney.my/log107.biz' or ‘bfcsmartmoney.my//smartmoney.com.bh/login'.

What to do if you suspect a phishing email ?

  • Do not reply.
  • Do not open any attachments. Attachments may contain malicious code that will infect your computer.
  • Do not click on any links included in the email.

If you receive a phishing / scam email, please forward the suspect email to information.security@bfcgroupholdings.com for us to take necessary action.

Secure URL

A website is only secure if it begins with https, so please ensure that you always check the URL before you make any transaction online. For example the BFC Smart Money website is https://bfcsmartmoney.my

BFC will never contact a customer by telephone, email or SMS requesting any personal details. If you receive any suspicious emails, SMS’s or telephone calls please contact information.security@bfcgroupholdings.com