BOJ

How Bank of Jordan

Secure Digital Payment Business Applications & Channels

Bank of Jordan helps to secures your personal and business accounts data from the outset. We offer a complete set of security features and services to guard against fraud and identity theft, with robust state-of-the-art secured infrastructure and payment business systems and channels with the latest zero trust architecture, to secure all critical banking and payments data.

Online Banking, Mobile Banking (Retail & Corporate) Cyber Security Program. Bank of Jordan prioritizes the cyber security of your account information as well as access to your account. We provide 24/7 protection for your account information through advanced security features, on Bank of Jordan Online and the Mobile Digital Channels covering all core system, network and security components.

Data encryption: We use strong encryption algorithms to encrypt all sensitive information, including login credentials and financial transactions, to prevent unauthorized access and ensure data confidentiality.
Biometric sign on: Access the Bank of Jordan Mobile App quickly and conveniently by logging in with your fingerprint. Facial recognition is an option for devices that support it. Both sign-on methods are protected by robust encryption (e.g., AES 128-bit).
Online Banking Secured by SiteLock Trust Seal Testing Certificate: Bank of Jordan online banking passed the following testing modules conducted by SiteLock Sectigo independent cyber security testing team:

Malware Scan: Sectigo's malware scanning service is designed to help website owners keep their sites secure and protect against potential security threats. The service is regularly updated with the latest security intelligence, ensuring that websites are protected against the latest threats.
Spam Scan: Sectigo's spam scanning service is designed to help organizations protect against the security and productivity impacts of spam and malicious emails. The service is regularly updated with the latest security intelligence, ensuring that organizations are protected against the latest threats.
Vulnerability Scan (Including SQL Injection and XSS Scan): Sectigo Vulnerability scanner checks for a variety of security issues, including SQL injection, cross-site scripting, cross-site request forgery, and other types of web application vulnerabilities.

Continuous cyber security monitoring: Our systems are monitored 24/7 for unusual activity and suspicious behavior, allowing us to quickly detect and respond to any security incidents.
Regular cyber security audits: We undergo regular security audits to validate the effectiveness of our security controls and ensure our systems and processes are in compliance with the PCI DSS, ISO 27001 and NIST CSF standards as well as other international standards (Best Practices) and frameworks.

Bank of Jordan International Standard (Best Practices) Accreditation

Bank of Jordan conforms to international security standards, compliance certifications, and frameworks such as PCI DSS, GDPR, COBIT 2019, ISO 27001 , NIST CSF, SWIFT CFCS and others to ensure all business data remains secure and inaccessible to external/internal threats.

1. PCI DSS

Bank of Jordan is certified as a PCI DSS Level 1 Service Provider, the highest level of assessment available. The compliance assessment was conducted by Al Raeda for Information security and Technology Co. LLC (dba Scan Wave) , an independent Qualified Security Assessor (QSA) company by Payment Card Industry Council.

What are the requirements for PCI DSS compliance?

Below is a high-level overview of the PCI DSS requirements.

Goals	Requirements
Build and Maintain a Secure Network and Systems	Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data	Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program	Protect all systems against malware and regularly update anti-virus software or programs Develop and maintain secure systems and applications
Implement Strong Access Control Measures	Restrict access to cardholder data by business need to know Identify and authenticate access to system components Restrict physical access to cardholder data
Regularly Monitor and Test Networks	Track and monitor all access to network resources and cardholder data Regularly test security systems and processes
Maintain an Information Security Policy	Maintain a policy that addresses information security for all personnel

2. ISO 27001

Bank of Jordan has certification for compliance with ISO/IEC 27001. This certificate is performed by independent third-party auditors. Our adherence to these internationally recognized standards and codes of practice demonstrates our commitment to information security at all levels of our business, and that Bank of Jordan security program conforms to industry best practices.

ISO 2700 controls are a set of security management practices and procedures that organizations can implement to protect their sensitive information. The controls are grouped into 14 categories:

Access control
Asset management
Business continuity management
Cryptography
Human resources security
Information security incidents management
Information security management
Information systems audit
Legal, regulations, and contracts
Physical and environmental security
Operations security
Outsourcing
Physical and environmental security
Security management.

Each control is designed to address a specific security risk, and organizations can choose which controls are appropriate for their specific needs.

3. NIST CSF, GDPR, SWIFT CSCF and COBIT 2019

Bank of Jordan infrastructure and services have been validated and assessed by an independent third-party against the following standard and frameworks NIST CSF, GDPR, SWIFT CSCF and COBIT 2019 as well as local laws and regulations.