Online Privacy and Security

The following are the policies and practices conducted by PT Bank Central Asia, Tbk ("BCA") in order to portray BCA’s commitment in protecting and maintaining your privacy and security when you visit the site and internet banking BCA

  1. Privacy Policy

    BCA does not sell, trade or reveal any type of information in relation to the customer or site visitor of internet banking BCA.

    BCA does not track those who visit the BCA site.

    This site will use a cookie.

    All your banking transactions and other account information is kept confidential according to Indonesian law and BCA’s internal policy.

  2. Security
    1. Security System

      BCA uses a 3 (three) layered security system to protect your access and transactions on internet banking BCA, which include :

      • Secure Socket Layer ("SSL") SSL is a secure technology that ‘scrambles’ the communication path among computers so it cannot be read by another person.
      • User ID and Personal Identification Number ("PIN")
      • One Time Password that is generated by KeyBCA One-time Password is a secure technology that always generates a different password each time the device/ token is being used.

      Because of the various types of internet browsers, it is difficult to provide internet banking that follows the security policy of each browser. Currently, BCA only provides internet banking that is more suited to be accessed using Microsoft Internet Explorer version 6 or the most recent one. BCA apologizes for this inconvenience.

    2. Internet Banking BCA Communication Protection

      BCA uses the 2048 bit Secure Socket Layer (SSL) encrypted technology to protect communication between your computer and the BCA server during the time you are accessing internet BCA.

      In order to ensure communication protections while you access internet banking BCA, you can do the following:

      • Check the SSL certificate regularly to ensure that you receive the valid SSL certificate that is registered to IBANK.KLIKBCA.COM.
      • If you obtain a message that explains that the certificate is not valid, please do not continue to access internet banking BCA.
      • Make sure you typed the right web address which is
      • Make sure that there is a picture of a lock/ key on your browser that indicates that the page you are currently accessing is encrypted using SSL. If you do not see the picture of the lock/ key, please logout and then login again.
      • Make sure that you logout when you leave your computer, even though it is only for a moment.
      • You should not access internet banking BCA from a public computer or through a network that does not have guaranteed security.
    3. Internet Banking BCA Access Protection

      BCA insists that you must enter your User ID and PIN before you can access internet banking BCA.

      To ensure protection for your when accessing internet banking BCA, please do the following:

      • Maintain the confidentially of your User ID and PIN, do not tell it to anyone, except for doing certain transactions where you must inform someone of your User ID, such as purchasing goods or services online, and never keep it on your Internet Explorer.
      • Do not tell your full or partial PIN to anyone, even though that person claims to be an employee of BCA. BCA never asks for your PIN.
      • Periodically change your PIN for internet banking BCA on the Administration Menu-Change PIN or if you are unsure of your PIN’s confidentiality. Do not use a PIN that is easy to guess such: 111111, 222222, 123456, 654321, date of birth, license plate, address and others. Do not write your PIN in places where others can read it.
      • Use an internet banking BCA PIN that is different from other PINs used to access other sites.
      • Contact Halo BCA if you forget your PIN or your PIN is blocked. Follow their instructions on how to reactivate internet banking facility.
    4. KeyBCA and KeyBCA Protection

      BCA insists you use a security token named KeyBCA that generates a One Time Password that is used to authenticate each financial transaction and as a sign of confirmation towards the transaction that was done.

      You must enter the One Time Password generated by KeyBCA if you do financial transactions such : fund transfers, purchases and payments and non financial transactions such as : KeyBCA activation, increasing connectivity, deleting connectivity and BCA Credit Card billing inquiry.

      Transactions that can be done without using KeyBCA : account information, transaction status, transaction history, administration and email.

      To ensure protection of your KeyBCA, please do the following :

      • Your KeyBCA is secured with its own PIN. Change your KeyBCA PIN immediately after you receive the KeyBCA, and change your KeyBCA PIN periodically or if you are unsure of your PIN’s confidentiality. Do not use a PIN that is easy to guess such: 111111, 222222, 123456, 654321, date of birth, license plate, address and others. Do not write your PIN in places where others can read it.
      • Do not lend your KeyBCA to another person.
      • Maintain the confidentiality of your KeyBCA PIN, do not inform others of it.
      • Do not tell your full or partial PIN to anyone, even though that person claims to be an employee of BCA. BCA never asks for your PIN.
      • Contact Halo BCA if you forget your PIN or your PIN is blocked. Follow their instructions on how to reactivate internet banking facility.

      How to use KeyBCA can be seen in the manual that is included with the KeyBCA you received.

    5. E-mail Address and Transaction Information Protection

      BCA insists you provide an e-mail address to BCA. BCA will use your e-mail address to send information regarding the financial transactions you conducted through internet banking BCA and most non financial transactions which are during first login, e-mail address alterations, additional connectivity, and others. Aside from that, BCA also uses your e-mail address for promotional use, sending gathering invitations and other information.

      To ensure protection when sending information to your e-mail address, please do the following:

      • Give BCA your personal e-mail address. Do not use a fake e-mail.
      • Immediately change your e-mail address at internet banking BCA if you change your e-mail address.
      • If you contact BCA through e-mail, do not send account information that is confidential or sensitive, including your PIN.
    6. BCA Site

      In the BCA site, BCA provides a URL link to other sites that are not controlled by BCA. BCA is not responsible for the content and security of the site. If you access the site, please check the privacy policy and security.

      If you access the site or internet banking BCA through a URL link from another site, make sure the address you are accessing is correct which or

      BCA can change its privacy policy and security information at any time to keep adjusting to the newest situatations and technology. You can always obtain information and BCA’s most up to date privacy policy at or you can request it by sending an email to

      Tips on Using Internet Banking BCA In a More Secure Way

      Basically, the internet banking BCA system or network is using the most optimal security system. The internet banking BCA security condition is always being monitored and improved according to advances in technology and existing threats.

      Existing threats are also experienced by all internet users, internet banking BCA. Therefore, we from BCA, request your attention as internet banking BCA users regarding some types of threats you may encounter when accessing the internet. Tips that can be done when using internet banking BCA, are as follows :

      1. Phising

        Phising is a type of fraud conducted by certain people in order to obtain confidential information from a customer such as the User ID and PIN. There are a number of ways to do this which include :

        • Creating a false site that has an address and appearance that is similar to the official bank site
        • Sending a URL link to sites that are created as similar as possible to the bank’s official site but is not valid
        • Sending an email or BBM that contains a URL link or login screen and requests the customer to login by entering the User ID and PIN
        • Pretending to be someone from the bank requesting the customer’s data for certain reasons

        Security Tips:

        • BCA never sends emails as explained above to the customer. If you receive an email that seems to originate from BCA, you should immediately delete the email.
        • If you have already entered the requested information or feel that your User ID and PIN is no longer secure, immediately contact Halo BCA. Make sure the site you visit is and and also make sure that the picture of the lock/ key on your browser is whole when you access
      2. Virus / Worm

        A computer virus is a computer program created for certain objectives. In general, a virus damages the operational system, application and data in an infected computer. A virus can spread through several media, : e-mail, disc, CD, USB drive, Flash memory, program from the internet, even a network, and also from ‘evil’ websites.

        Some examples of virus effects:

        • Computer is not stable and often ‘hangs’..
        • The computer becomes slow.
        • Data in the hard disc is deleted.
        • Application programs cannot be used.

        Worms are similar to viruses and are created so viruses can spread quickly to several computers. Although in general, worms do not cause damages like a virus does, a worm can be used to deliver various attachments, including dangerous ones.

        Security Tips:

        • Use the most updated anti-virus on your computer, make sure your computer is being scanned real-time.
        • Several viruses enter through emails received, so you should be more careful when opening your email. Delete suspicious emails or those that come from unknown senders, and scan your email attachments before you open them.
        • Use a firewall in your computer’s operational system or install a personal firewall and make sure that the firewall management installed can secure your computer.
        • You should not access or even download files/ programs on the internet from unknown sites/ sites where its validity is questionable.
        • Scan files obtained from discs, CDs or UBS drives.
        • Make sure that your operational system or the applications on your computer are protected by a state of the art protection system.