[ Main contents start here ]

Recommended Security Practice

BTMU is committed to providing customers with the safest possible services by minimizing the security risks posed by the Internet usage.

■Internet Security Risks

  • Security risks associated with the use of the Internet include forgery, identity theft and fraud, impersonation, illegal access to your computer system and any other malicious outside attacks.
  • Your access to our service may be suspended or interrupted due to hardware or software failure and/or any other communication disruptions.

1 Security Features

BTMU-GCMS provides the following security features to protect your sensitive financial information.

  • (1) 
    Your account information, money transfer instruction data and other communication between your company and BTMU are protected by cryptography. The use of VeriSign(R) Global Server IDs enables highly secure SSL encrypted communication for all BTMU-GCMS users.
  • (2) 
    <Accessing via Internet>
    The SecurID enabled Internet connection ensures highly secure access to the GCMS services. Every user is authenticated by a one-time password consisting of the PIN code (fixed-length 4 numeric characters) and the variable 6-digit code displayed on the SecurID Card of each user.

    We recommend the setting of "Security" of "Internet Options" not to be eased more than the necessity. That is, a set level of the security of "Internet" sets as “Medium” or higher, and when the Internet is used, it is encouraged to confirm by the dialog box without fail about "Automatic prompting for ActiveX controls" and "Initialized and script ActiveX controls not marked as safe for scripting".
  • (3) 
    <Accessing via VAN>
    Account information and money transfer instruction data are fully protected within the private network of the international VAN (value-added communication network), to which only those BTMU-GCMS customers with valid login user name and password are given access.
  • (4) 
    Your user ID will be locked when a predefined number of consecutive login failures occur. If you log in as a ‘User,’ you will be locked out until your BTMU-GCMS ‘Administrator’ completes the unlocking procedure. (Please contact your local BTMU office for assistance in resetting the locked user ID of an Administrator.)
  • (5) 
    Your last login time and date appear in the main window displayed after you log in. Please make sure to check your last login information every time you access BTMU-GCMS. If you notice anything suspicious, please contact your local BTMU office immediately.
    Also, if you notice anything suspicious such as unknown operations or fraudulent use of User ID, One Time Password and PIN, please contact your local BTMU Office.
  • (6) 
    BTMU-GCMS provides every user’s activity list to monitor user activities at a user level.
  • (7) 
    Money transfer instruction data must be created and authorized by different persons. The person who last updated the money transfer instruction data is not allowed to authorize the same instruction.
  • (8) 
    It is necessary to repeat the login procedure when the time-out facility of BTMU-GCMS automatically shuts down the connection after 15 minutes of inactivity.
  • (9) 
    BTMU-GCMS is protected by multiple firewalls to prevent illegal access and outside attacks.
  • (10) 
    Backup organization of BTMU-GCMS is fully ready to provide backup computer and other important facilities in contingency situations.
  • (11) 
    The information security related technologies we adopt are periodically reviewed and updated to ensure maximum protection.
  • (12) 
    24-hour cyber attack surveillance is available to provide immediate assistance in contingency situations.

2 Security Management by BTMU-GCMS Customer

The following outlines the recommended security practice for effective security management. You are advised to adopt the following security practice in order to run the GCMS operations in a fully secure environment.

  • (1) 
    Do not leave your computer unattended once you log in and make sure you log out after ending every GCMS operation.
  • (2) 
    Consecutive login failures allowed on the BTMU-GCMS login screen (Authentication 2): The maximum number of consecutive login failures allowed is initially set to three times. However, the default setting can be changed by the Administrator of your company.
  • (3) 
    When you click on the calendar button for the first time, the Security Warning (“Calendar control for BTMU- GCMS”) dialogue box appears. Please confirm the signer of the displayed dialog is The Bank of Tokyo-Mitsubishi UFJ, Ltd. The certificate of the signer can be also confirmed on the Security Warning. We recommend you do not check the box of "Always trust content from The Bank of Tokyo-Mitsubishi UFJ, Ltd." on the displayed dialog box.
  • (4) 
    Registration of Access Level:
    BTMU-GCMS enables you to control and monitor user activities by assigning a different access level for each inquiry/settlement account and company name. Once a predetermined access right/level is registered for each user, any user activities beyond the assigned access right/level may not be allowed.
  • (5) 
    Registration of Inquiry/Settlement Account(s):
    You can predetermine and register the account(s) to which each user is given access or from which money transfer amount can be debited.
    1-2-5 Defining User Authority
  • (6) 
    Registration of Money Transfer Limit for Authorization:
    To prevent user activities beyond authorized access right/level, you can pre-register the following information to the money transfer template that you create before creating any money transfer instructions: Number of Authorization Required, Limit Amount per Instruction. It is also recommended that you define Limit Amount per Day, Limit Amount per Transaction, and Limit Authorized Amount per Transaction for each user.
    1-2-5 Defining User Authority
    3-1 Creation/Authorization of Money Transfer Instruction Templates
  • (7) 
    If you share the same PC used for the GCMS application with any non BTMU-GCMS user, please handle the downloaded data with extra caution.
    5 Data Download
  • (8) 
    Activity Inquiry
    It is recommended that you regularly check the activity list and monitor illegal access/operation.
    6 Activity Inquiry

3 Safekeeping Your ID, Password and SecurID Card

  • (1) 
    The initial password notified by BTMU or your Administrator is intended for temporary use only. Please make sure to change your initial password when you login for the first time from the BTMU-GCMS login screen (Authentication 2).
  • (2) 

    Customer ID, User ID, password, as well as Access ID, PIN Number and SecurID Card for the Internet users must be registered/handled/stored with extra caution as they are important authentication items.

    • ● 

      Keep passwords confidential;

    • ● 
      Avoid keeping a paper record of passwords, unless it can be stored securely;
    • ● 
      Change passwords at regular intervals and avoid reusing or recycling passwords;
    • ● 
      Select quality passwords with a minimum length of 8 characters which are:
      1) 
      Easy to remember;

      2) 
      Not used at any other Web site;

      3) 
      Not based on anything somebody else could easily guess or obtain based on names,
      telephone numbers, date of birth or any other personal information;

      4) 
      Avoid consecutive identical characters and/or all-numeric or all-alphabetical groups.
  • (3) 
    Avoid sharing any individual User ID and/or Access ID with another user to ensure that each user’s responsibility is clearly defined.
  • (4) 
    Make sure to keep Customer ID, User ID, and/or Access ID unknown to any other person.
  • (5) 
    The Administrator of your company is requested to keep the access level of each user up-to-date by regularly reviewing the assigned access level. (Modification/deletion due to personnel transfer, retirement, etc.)
  • (6) 
    Under no circumstances, shall a BTMU representative ask your customer password and/or user password.
  • (7) 
    Please immediately report any loss of your SecurID Card to our Internet Access Helpdesk (see 'Helpdesk and User Support' for contact details).

4 Protecting Your PC and Information

  • (1) 
    It is recommended that you install virus-scanning software to protect your PC from virus infection. Please make sure that the scanning software is updated regularly with the latest virus pattern files available to detect new viruses.
  • (2) 
    Any incoming Internet e-mail from unknown sender and/or with a suspicious attachment file must be handled with caution.
  • (3) 
    If your PC is connected to the Internet, please protect your PC from hacker programs by refraining from downloading any software, data or program unless otherwise obtained from reliable sources.
  • (4) 
    Please make sure to run the password protected screen saver, if available.
    (It is recommended that you set the screen saver to run within 15 minutes of inactivity.)
  • (5) 
    Any printed GCMS reports must be cleared from printers immediately.

    indicates "the related part of GCMS Operation Manual" for your further detailed reference.

Bank of Tokyo-Mitsubishi UFJ

PAGETOP