Report a vulnerability or security issues

    OCBC Vulnerability Disclosure Policy

    OCBC Bank (Malaysia) Berhad and OCBC Al-Amin Bank Berhad (collectively referred to as “OCBC”) is committed to ensuring the security of our customers’ data and the reliability of our products and services. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and its reporting.

    Restricted Actions
    This section lists actions that are not authorized. Performing any of them will constitute a violation of this policy:


    • Breach of any applicable laws in connection to, and leading up to your report.
    • Denial of Service (DoS) or other actions that degrade, damage, or interrupt OCBC services.
    • Exploitation of any vulnerabilities found.
    • Social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks.
    • Testing physical security of any property, building, plant or factory of OCBC.
    • Leak/modify/destroy/misuse/abuse any user data or system files.

    OCBC highly appreciates the efforts made by the reporting party in identifying the vulnerability or error. Reporting of such vulnerabilities and errors will contribute to improving the security and reliability of our product and services.

    The preferred method for contacting OCBC regarding security vulnerabilities is by using the form present on this page.

    By submitting a report, you expressly agree to the following terms and undertake that:


    • You assign all use and ownership rights of the report to OCBC.
    • Your actions and interactions with OCBC leading up to the report is not in violation of any applicable laws.
    • You have no intention of harming OCBC, its customers, employees, partners, vendors or suppliers.
    • You agree to not disclose any information about the report and vulnerability described within, and the fact that you submitted a report to OCBC.
    • You agree that the report is made out of goodwill, and is done without any expectations of rewards, monetary or otherwise, from OCBC.

    Contact Information
    Supplying your contact information with your report is entirely voluntary and at your discretion. This does not guarantee that you will receive any responses from OCBC regarding your report. OCBC may contact you regarding the contents of the report at its own discretion.

    Otherwise, OCBC will process your contact information in accordance with OCBC’s Privacy Policy. By filling in and sending your contact information to OCBC, you agree for your contact information to be processed in accordance with OCBC’s Privacy Policy.