Cybersecurity Center
Whether you bank with us on an individual or a corporate level, your personal and financial information security is on our top priorities.
At INVESTBANK we care about your accounts’ security and implement the tightest security standards and most developed measures for you to enjoy a secure in branch and online journey. Find out more about:
How to protect yourself
How we protect you
Your information and date security is our top priority. We strive to keep your data and accounts secure through the following security safeguards:
Multi-Factor Authentication
Multi-Factor Authentication protects your accounts by using a second source of validation before executing sensitive transactions. This method is also used to verify ownership when logging in from different devices by sending a one-time password to your registered phone number to authenticate the new device. Once you authenticate successfully, we’ll sign you securely into your account and register that new device upon your confirmation. This will prevent attackers from accessing your online accounts even if they know your password.
This advanced authentication mechanism is also activated to authenticate your identity before doing sensitive activities on your account, such as adding a new beneficiary, changing your registered mobile number, or paying a bill.
For our corporate online banking users, a soft token is used to authenticate their access to corporate iBank accounts.
Suspicious Activities
At INVESTBANK, we keep a sharp eye to detect illegal transactions or any malicious activities that may occur on your cards or accounts online. Example: when credit cardholder enters the card information on a non secure online platform, or accidentally downloads a malicious software on digital devices that allow hackers to access and steal the cards and accounts information stored on your device, INVESTBANK’s security team monitors the internet to detect such instances and prevent fraudulent activities on your accounts and cards.
Secure Messaging
Our online banking service, iBank, allows you to message and interact with us securely through our Secure Messaging service.
Encryption Techniques
We deploy advanced encryption technologies to protect your sensitive information. When visiting our online services, you will notice that we use ‘https’ protocol to encrypt your financial information and personal data while being transmitted. We also encrypt your financial and personal data on all our systems to maintain continuous protection of your sensitive data.
Because we care about your security, we are deploying. Advanced cybersecurity controls and protection systems to secure your digital journey. We continuously develop our security safeguards to protect you from the evolving cyber threats.
Our employees
Our staff is following standard security practices to keep your data secure and protected. Our employees undergo regular security awareness and educational programs on cybersecurity and on how to contribute in protecting clients information. Our business processes follow a set of established policies and procedures to limit employees’ access to your sensitive records.
Compliance with Security Standards
We are committed to maintaining compliance with relevant international security standards to ensure that our security practices follow internationally recognized security practices in the banking sector.
Biometric Sign On
iBank mobile application allows you to sign in to your accounts using your biometrics, such as fingerprint or facial recognition, in a very secure, fast and convenient way.
We listen to you!
We’re here to answer your questions. If you want to know more about our security measures or want to report a suspicious activity on your accounts, please reach out to our Contact Center at 06 500 1515.
Announcements
INVESTBANK announced its acquiring of the ISO 27001:2022 certificate for its information security management system. This certification follows a comprehensive evaluation of all security controls implemented throughout the bank.
Muntaser Dawwas, the CEO of INVESTBANK, stated that the implementation of the widely-recognized and globally respected ISO 27001 security standard was aimed to provide the highest levels of protection for customer data and proactively addressing the growing cyber risks, so that clients can enjoy innovative and secure digital services.
He added: “Implementing the ISO 27001 Information Security Management System standard aligns with our cybersecurity strategy and demonstrates our commitment to follow the best international security practices.”
ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system. Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard.
INVESTBANK has recently obtained the Payment Card Industry Data Security Standard (PCI DSS) Certificate of Compliance, issued by the CI Security Standards Council. This is the ninth consecutive year that INVESTBANK has received this certification.
This certification was granted to INVESTBANK after successfully fulfilling the rigorous security requirements outlined in the latest version of the PCI DSS.
Muntaser Dawwas, CEO of INVESTBANK, said, “Maintaining compliance with the PCI Data Security standard, particularly in its latest version 3.2.1, demonstrates our commitment to applying the latest and highest security standards for our clients’ financial data.”
He added: “Cybersecurity is amongst INVESTBANK's top priorities as stated in our latest cybersecurity Strategy, we work diligently to innovate and secure our systems consistently.”
The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations designed to safeguard cardholder data. It applies to all entities that store, process, and transmit cardholder data. By complying with the PCI DSS, INVESTBANK has implemented the necessary controls and strict security measures to ensure the security of our cardholder environment, systems, and data.
More resources
Learn more about security.
Download INVESTBANK’s Information Security Booklet
Download Central Bank of Jordan’s awareness guide on methods of financial fraud
Download Information Security Policy
FAQs
Hackers and fraudsters make a lot of money from online frauds; they steal card information and account credentials to sell them on what is known as the dark web.
The internet consists of many layers. Part of the internet is the surface web that encompasses everyday internet browsing and is available to the generic public, such as search engines, email services, public websites and more. There is also the deep web that protects private accounts and information not meant for public viewing, such as, medical records, legal documents, and private databases. The third type is the dark web, the hidden collective of internet sites not indexed by search engines and not visible to the public. Access to the dark web requires special software and relies on cryptography. Criminals and fraudsters use the dark web to conduct their illegal activities, such as drug trafficking, selling stolen credit card details, and more.
First, keep an eye on the URL and make sure that you are visiting the correct website. Second, you may check the validity of the website certificate in your browser and that the certificate is valid and issued to INVESTBANK.
Reliance on passwords only to access your accounts is insufficient; hackers have many techniques to steal or guess passwords. By using MFA, you can protect your accounts even if your password is stolen or guessed. MFA allows you to use another factor of authentication that is difficult for hackers to get, such as an OTP sent to your phone number. This way, you can block any unauthorized access to your accounts.
Hackers use a variety of methods to steal passwords. One widely used technique is social engineering, where hackers convince victims to visit a fake website to log into their accounts or update their passwords, for example. Once the victim enters their password, the hacker captures it. There are different types of social engineering techniques; the one described above is just one.
Another method that is also used widely is installing a virus on a victim’s computer or mobile device; whenever the victim visits an online service that requires login, the virus captures the password and sends it to the attacker; this is why it is recommended to install trusted software on your devices.
Your sensitive information should be solely known by you, and you should not share your sensitive information with anybody else, including family members, friends or even INVESTBANk staff. If somebody knows your sensitive information, they can access your accounts, conduct fraudulent transactions on your behalf, reset your passwords, claim your digital identity and more. Sensitive information includes your passwords, OTP, credit and debit card details, and personal information that uniquely identifies you.
