Security Guide
Your Login ID and password are the key to accessing your Online Account to use BFC
Smart Money. The security of your Login ID and password is therefore very important.
These guidelines are designed to help you keep your Login ID and password secure.
By following these Guidelines, you can assist in preventing misuse of your Login
ID and password. BFC will not be liable for unauthorised transactions.
Protecting your Login ID and Password
To help protect your Login ID and password you must:
- Not disclose your password to anyone including a family member or friend
- Only disclose your Login ID to a member of the BFC Customer Service Centre if you
initiated the call
- Take care to prevent anyone else seeing your Login ID or password being entered
electronically
- Try to commit your Login ID and password to memory and not write or indicate them
anywhere without reasonably disguising them;
- Change your password immediately via the Change Password link on the website if
you become aware that your Login ID or password record has been lost or stolen,
or known or used by someone else;
- Not choose a password which has an easily retrieved combination (for example, repeated
numbers or letters); and
- Not choose a password that is easily identified with you (for example, your birth
date, car registration, telephone number or your name or part of it).
Choosing a Secure Password
To help you ensure your password cannot be guessed by unauthorized users BFC Smart
Money enforces the following rules when choosing a password:
- Must be at least 8 characters
- Must be a combination of numbers and characters
- Must not be similar to any personal details provided during the Registration, e.g
telephone number
Disguising Your Password
If you record your password you must make a reasonable attempt to disguise it. The
following are examples of what is NOT a reasonable attempt to disguise your password:
- Recording the password in reverse order;
- Recording the password as a telephone number where no other numbers are recorded;
- Recording the password as a telephone number with the password in its correct sequence;
- Recording the password among other numbers or letters with any of them marked to
indicate the password
- Recording the password, disguised as a date (including your birth date) or as an
amount; or
- Recording the password in an easily understood code.
You must not use any other form of disguise that may be easily discovered by another
person.
What is phishing?
Internet fraudsters and scam artists are increasingly targeting unsuspecting people by a method
called “phishing.” Phishing is when you receive authentic-looking messages in particular emails
appearing to come from a company, usual a bank or financial institution, but in reality it is sent by
imposters using similar looking email addresses to obtain personal information. These deceptive emails
lead recipients into believing that they are actually dealing with the Company and will lead them to share
confidential and personal information.
How to protect yourself from such scams?
- Please remember that BFC or any legitimate company will never send such e-mails or SMS’s that ask for
unsolicited confidential information. If you receive an e-mail requesting for such details, please do not respond.
- BFC’s official communications are never sent from personal email addresses hosted on domains such as yahoo,
hotmail, gmail etc. Please verify the sender email address carefully.
- The website that the scammer’s email links to will have an address (URL) that is similar to but not the
same as the Company’s. For example, the genuine Smart Money website is ‘www.bfcsmartmoney.my/,
the scammer may use an address like ‘www.bfcsmartmoney.my/log107.biz' or
‘bfcsmartmoney.my//smartmoney.com.bh/login'.
What to do if you suspect a phishing email ?
- Do not reply.
- Do not open any attachments. Attachments may contain malicious code that will infect your computer.
- Do not click on any links included in the email.
If you receive a phishing / scam email, please forward the suspect email to
information.security@bfcgroupholdings.com for us to take necessary action.
Secure URL
A website is only secure if it begins with https, so please ensure that you always check the URL before you
make any transaction online. For example the BFC Smart Money website is https://bfcsmartmoney.my
BFC will never contact a customer by telephone, email or SMS requesting any personal details.
If you receive any suspicious emails, SMS’s or telephone calls please contact information.security@bfcgroupholdings.com