台新金控

Sustainability Governance
Sustainability Governance

Information and Transaction Security

Information Security Management Mechanisms

Taishin FHC has implemented "Information Security Policy" and "Taishin Holdings Internet Security Management Guidelines" to serve as guiding principles for security protection. Meanwhile, an "Information Security Committee" comprising the Group Director expert at information/information security, the Group President, the Group CIO, Taishin Bank President and level-1 managers has been assembled within the organization. The committee holds quarterly meetings to discuss information security issues and improvement measures; in the first half of each year, a report on the overall information security governance situation and an annual security management plan is submitted to the Board of Directors and the implementation results of the annual plan are reported to the Board in the second half of the year. Also, trends in security awareness promotion are reported to the Board and the Board offers guidance for information security governance semi-annually.

 

An Information Security Department comprising employees from various fields of expertise was established to oversee the planning and execution of Taishin Bank's information security policy. Meanwhile, an Information Security Specialist Team comprising employees who are information security contacts of various units has been established to facilitate more efficient management of information security risks from an organizational perspective. The Information Security Department oversees the information security management system and related internal and external issues and responds to stakeholders' requests. It coordinates with relevant departments to assess and manage related issues, and constantly searches for internal and external threats from a risk perspective to create an information security system that supports development of FinTech.

 

Taishin Bank first passed certification for ISO/IEC 27001 ISMS in 2010. Since then, the Bank has been engaging an independent third party to conduct half-yearly reviews and re-certification once every three years to optimize information security management, and thereby ensure effective functioning of the information security management system. In 2015, the company passed the PCI-DSS payment card industry data security certification. To keep the security of card payments at optimum levels, PCI-DSS is evaluated every year by a fair and independent third-party organization to ensure effective and safe card payments.

Upgraded Security Protection

 

Information security risk management is currently executed as part of ISO/IEC 27001. The Bank gathers information security management issues from within and outside the organization, and engages various departments of the IT Division to assess the risks involved and potential impacts.

 

Given the increasing number of information security threats and attacks around the world, Taishin Bank has complied with laws of the home country and foreign countries where overseas branches are domiciled by conducting regular reviews and making regular reports to the local competent authority. In 2021, there had been no occurrence of information securityrelated or extraordinary incident that had to be reported to the local financial competent authority, and neither was there any compliance-related defect. During the past five years, no major security incidents affecting customers occurred, such as operational attacks or business impacts caused by systems being hacked, nor were any customer's personal or sensitive information leaked through phishing. In addition, Taishin's network security management mechanism is running 24/7 year round to prevent hacking attacks.

Enhancement of Transaction Security

The rampant use of Internet fraud and fraud apps by hackers for watering hole attacks, spear phishing attacks, and ransomware attacks in recent years have severely damaged the interests of customers of banks worldwide. Taishin Bank has established multiple information security protection measures for the information system, internal and external network environments, and transaction websites and has established a Security Operation Center (SOC) for the entire Bank in 2020, to monitor the information security systems for abnormalities and analyze intelligence on all types of security threats. The Center will be used to optimize Taishin Bank's information security network and we shall continue to enhance information security and protect customer transaction security.

Transaction security protocols Description
  • Global digital corporate banking network
  • Enhancement of multiple security certification and transmission encryption protocols to ensure data protection.

  • Mobile devices
  • Use biometrics/account and password, and one-time passwords to provide rapid, convenient, and secure NFC sensing applications and remote credit card transactions.

  • Electronic channels
  • Use mobile device binding, real-time payment notification SMS, transaction detection system, and other transaction verification protocols.

  • Transaction website and app
  • Introduce anti-phishing detection services to reduce significant numbers of fraudulent websites and apps to protect consumers' transaction security.

Information Security Awareness and External Party Management

1. Education and Drills

  • General information security training

    • All employees of the Bank receive at least 3 hours of "information security awareness training" courses and evaluations each year. The contents include regulations, social engineering, basic information security awareness, customer personal information protection, and case studies of information security incidents which help enhance information security. The training coverage rate and completion rate in 2022 were both 100%.
    • The Information Security Department issues information security notices to all employees of the Bank based on current events involving information security to continue to enhance their information security awareness.
  • Professional information security training

    • All employees of dedicated information security units have completed at least 15 hours of external training based on the requirements for their operations to enhance their professional information security skills.
    • Information security contacts of all units are invited to attend professional information security training courses provided by external professionals to strengthen the information security capabilities of all units.
  • Social engineering drills

    • 4 social engineering drills such as simulated phishing email tests are implemented for employees of the Bank on an irregular basis each year. The test results are analyzed to identify employees with insufficient information security incidents to enhance training and reduce the risks of potential vulnerabilities.

2. Supplier Management

Taishin Bank has a set of "Information Service Outsourcing Guidelines" in place that outlines the standard operating procedures and rules concerning outsourcing of information service. The guidelines cover several issues including outsourced custody of computer hardware software, and outsourcing of information process and service. To ensure the safety and feasibility of outsourced processes, the project handler collaborates with employees from the IT Division to perform comprehensive and rigorous supplier assessments as well as risk assessments on selected vendors. Credit assessments are performed where appropriate to ensure the quality of internal processes and the vendor's ability to provide services in the best interest of the Bank and customers.

3. No violations of information security regulations at the Bank in the past three years.

Questionaire

Questionaire

You are invited to fill in the questionnaire to assist us realizing the CSR fulfillment.

您正在離開本站!

您現在欲前往的網站並非搜尋結果台新金融控股股份有限公司有限公司(本公司)所有,而是各由其所屬之第三人所有、操縱及控制。 本站對第三人所有之網站亦無任何操縱或控制的權限。 本站上之網路指示連結功能僅為提供您的便利而設。本站及本公司對該第三人所有之網站上的內容品質、效力、正確性、完整性、即時性、適法性,及該網站上之任何言論或聯結不負任何責任。 本站及本公司亦無調查、監視第三人所有的網站上的內容之品質、效力、正確性、完整性、即時性、適法性的義務。本站上之網路指示連結功能無論於任何情形下,不能解釋成為對任何第三人網站的保證、背書、推薦或相類的聲明。 本站及本公司特於此明確宣示對於任何第三人所有網站之內容的品質、效力、正確性、完整性、即時性及適法性不負任何明示或默示的擔保責任。

即將前往的網址 : https://www.taishinholdings.com.tw/news/news_04.jsp?newspage=01&readYear=2020&rowid=24441

很抱歉,您目前使用的瀏覽器無法支援瀏覽。

建議您升級瀏覽器,以利瀏覽此網站的所有內容,謝謝您的配合。

© 台新金融控股股份有限公司版權所有

建議瀏覽器:IE10+, Chrome, Safari, Firefox