Per Channel
Net Banking
Mandiri Syariah Mobile
BSM Card
User ID
PIN Authorization
PIN Mandiri Syariah Mobile
Activation Code

The description of the table above:

  1. MySafety facilities through the BSM E-Banking channel
    1. BSM Card is a card issued by Bank Syariah Mandiri to act mainly as an ATM card, Debit card, and a discount card at merchants appointed by BSM. In addition to being used as a transaction at a BSM ATM, it is also ready for Mandiri ATM, Joint ATM, Prima ATM, MEPS ATM, Mandiri/Prima/BCA EDC.
    2. BSM Card Personal Identification Number or BSM PIN is a secret code provided by BSM to its customers to authorize the customers to make a transaction. A PIN is the main key to safe transactions. The bank will identify its customers by the use of a PIN via a BSM ATM, BSM Mobile Banking and BSM Net Banking.
    3. Customer User ID is an access code used together with the Customer Password to enable the customer to access the BSM Net Banking menus.
    4. Customer Password is a secret code that is owned by someone who is the secret Customer User ID holder, which is used together with the Customer User ID in order to access the BSM Net Banking menus.
    5. PIN Authorization is a secret code provided by a bank to an individual customer or employee (for a company) under the Articles of Association/By-Laws of the company, to authorize any financial transactions.
    6. Transaction Access Number (TAN) is a secret code to make a financial transaction through the BSM Net Banking. TAN includes a 6 (six)-digit numeric combination.
    7. Activation Code is a code that consists of the numeric combination printed on the PIN Mailer after customer's registration. This Activation Code must be entered into the customer's cellphone in order to activate an MBG.
  2. Tips for Safe Transactions
    1. Do not create a PIN/Password/PIN Authorization to repeat the User ID characters. Create/change a PIN/Password/PIN Authorization periodically.
    2. Do not create a PIN/Password/PIN Authorization that is easily guessed by anyone, such as a telephone number, birthdate, license plate, or other personal data. A PIN/Password/PIN Authorization should be created in a unique and meaningless combination of numbers. The more random, the better.
    3. Do not create a PIN/Password/PIN Authorization with a sequence number such as 123456 or a PIN which is repeated characters like: 111111
    4. Do not share your PIN/Password/PIN Authorization (personal identification number) with anyone else, including your significant others, and even the bank.
    5. Do not write down your PIN/Password/PIN Authorization on paper or keep them in writing in an object anyone else can read them, for example: agenda or calendar. Do not, likewise, write down your PIN/Password/PIN Authorization or store them on a computer hard disk, diskette, cellular telephone or other risky objects. It would be advisable for you to remember them without having to write them down.
    6. Do not trust anyone offering to help at an ATM
    7. When entering your PIN into an ATM or EDC, place your opposite hand to shield the Pinpad.
    8. Watch your BSM Card at all times.
    9. Observe the condition of the ATM and its surroundings. If you see anything suspicious, do not use the ATM and report it immediately to the nearest bank, authorities, or bank call center instead
    10. Have your ATM card blocked if you find your transaction weird.
    11. Find an ATM which is relatively safe.
    12. Keep your ATM card and the transaction receipt properly.
    13. Use a notification service from the bank so that all the transactions can be recognizable.
    14. Check the sticker and the bank call center number at ATM where the transaction is made.
    15. Don't be easily enticed into following any directions/instructions on account information as encouraged by an e-mail with a link to a certain bank sites. Please be mindful if a customer receives an e-mail of this type which acts in the name of BSM. BSM has a policy to not ask the account holders/customers to update data via e-mail.
    16. If you use Internet Banking services, prior to entering a User ID & Password, you must always be convinced that the site you are visiting is the correct site. Make sure that the internet banking page you are visiting is owned by Bank Syariah Mandiri, with the text interface: “” in the address field. After you have clicked the login address button, there will be text interface: “"
    17. Be mindful of using your User ID & Password for Internet Banking services and prevent them from being visible or read by anyone else.
    18. Each transaction of the customer who uses a Mobile Banking service will receive a notification message of the transaction via registered Email and/or SMS.
    19. In case of your GSM SIM CARD being lost/stolen/transferred to another party, please notify the nearest bank or contact the bank Call Center immediately.
  3. Examples of Modus Operandi
    1. Transactions using a card at the ATM
      1. Trapping is an attempt to put a device on the ATM card reader in order to hold the card in at the time of transaction.
        Card trapping is committed by a criminal who uses film tape, match heads, hair ribbons, double tape. In Indonesia the majority criminals use match heads due to their cheap price and can be planted quickly. An ATM will show a sign of card trapping when a customer make a transaction the ATM card is held in and cannot be processed for a transaction.

      2. Skimming is an attempt to copy the customer’s ATM card data during a transaction at an ATM in which a skimmer is planted in front of the card reader mouth.
        Card skimming is committed by a criminal who uses skimmer (ATM card data copier) designed to resemble the form of the real card reader of the ATM. Skimmer is easily detectable, as follows:

        - There is a mismatch between the shape and color of the skimmer and those of the card reader mouth of the ATM.


        The skimmer gets double-taped and the criminal will have it back in seconds because data that has been captured will be picked up from the device.
        The ATM card data that has been copied will not work without a PIN (Personal Identification Number), so the criminal will put a small-sized camera to view the PIN the customer enters.

      3. Phishing is data theft through a fake website or an attempt to obtain personal information such as User ID & Password, PIN, or bank account number illegally. This information will be used by the phisher to access an account, commit a fraud or direct a customer to transfer to a certain account by enticing the victims with prizes.
    2. Transactions using Internet Banking 

      The following are the typical techniques often adopted by the fraudster:

      1. This Typo Site modus operandi is quite unique and often takes the victims unawares. What are some ways to do that? A criminal builds a site whose name is almost much like the official site. For example, an official site with an address at is disguised with Almost indistinguishable. The point is to capture User ID, Password, or other personal data. The data is used to make illegal transactions.
        • Using fake e-mail addresses and graphics in order to mislead and entice the Customer to accept that those e-mail or the web site is valid. To be convincing, the criminal also often uses a logo or trademark belonging to an official institution, such as a bank or credit card issuer. This fake aims to entice a victim in order to share personal data, such as a Password, PIN and credit card number.
        • Creating a fake site which is the exact copy of the official site, or the phisher sends an e-mail containing a link to the fake site.
        • Creating a hyperlink on a fake website or attaching a form to the e-mail sent
      2. Keylogger is an application or software that can lock a keyboard keys with the benefits of a specific program logger. Consequently, anything a user types on the monitor screen is recordable. That is to say, even though it is displayed as '*****' when typing a Password in the Password field, the Password characters are recordable and automatically readable. These records will be immediately stored on the computer and sent via the internet to the phisher via an e-mail, IRC (Internet Relay Chat) or even observed you directly on the web in real time.

        How Does a Keylogger work?
        Keylogger only logs all keystrokes on the keyboard and saves it somewhere for retrieval. Technically, the keylogger will "capture" all the characters inserted into the computer, except for [Ctrl] + [Alt] + [Del].

    3. Transactions acting in the name of the Call Center
      1. Scams via telephone

        Committed by a criminal by calling and telling a customer he/she wins a prize, or a member of his/her family is involved in an accident or feels interested in goods the customer has advertised. The caller will guide the customer to head for an ATM, and direct the customer to follow the caller's instructions.
        How to avoid it:

        1. First check the caller's identity. Hang up immediately and check the information received. Normally, a lottery company will not direct a winner to transfer funds to the company.
        2. Another example of modus operandi could be someone calls and tells you that a member of your family is involved in an accident, do not go into panic mode and follow the caller's instructions. Ask the caller's identity and verify the story.
    4. Fake call center number

      In this modus operandi, a criminal seems to suggest as if the bank's ATM is damaged and has swallowed the card. In a panic, the customer will unwittingly contact the "fake" call center number posted around the ATM. The customer will be prompted by the call receiver to mention the PIN number and promised that a replacement ATM card will be sent immediately. The criminal will, with these customer's PIN and card, withdraw the customer's money
      How to avoid it:

      1. Note down the bank’s 24-hour telephone number. If the customer calls that number, he/she will generally receive an answer from an automatic answering machine and is directed to enter a certain service option.
      2. A Customer can choose a menu directly connected to the customer service section. Never share a PIN number as the bank will never ask for the customer's PIN number.
  4. Reporting on modus operandi used in transactions
    Where to report if a customer finds problems/modus operandi in transactions like:
    1. If misentering the PIN 3 (three) consecutive times, the system will automatically block the access of the customer.
    2. If finding something weird, cancel the transaction activity and cease to enter your PIN/Password or personal information
    3. If directed to follow advice to transfer to a certain account to win a prize draw
    4. Other suspicious transactions
    5. Please immediately contact BSM Call 14040 or 021-29534040 or the nearest BSM branch.