THREE associations representing the local banking industry have given their full support for the five new key measures by Bank Negara Malaysia (BNM) to combat financial scams.
The measures were announced by BNM governor Tan Sri Nor Shamsiah Mohd Yunos at the launch of a financial crime exhibition yesterday (Sept 27).
In a statement today, the Association of Banks in Malaysia (ABM), Association of Islamic Banking and Financial Institutions Malaysia (AIBIM) and Association of Development Finance Institutions Malaysia (ADFIM) provided some details on the five measures.
As requested by the three associations, their press statement is published in full (with minimal edits for language and clarity):
Doing away with SMS OTPs
The first key measure announced has to do with the migration of SMS one-time passwords (OTP) to a more secure authentication method (e.g. via secure multi-factor authentication software or hardware tokens for certain transactions.)
These transactions include fund transfers and payments, changes of personal information (e.g. mobile numbers, postal and email addresses) and account settings (e.g. limits for withdrawals or transfers).
Some banks have already largely migrated away from SMS OTP or offer secure alternative authentication methods, as recommended by BNM since 2019, while other banks are expediting efforts to comply with the latest requirement.
Tightening of fraud detection rules
The second measure has to do with the tightening of banks’ fraud detection rules and triggers for the blocking of suspicious transactions, which may result in the banks sending prompts or notifications to customers on unusual activities.
Banks may also contact their customers to confirm or authenticate certain transactions that are flagged as unusual activities.
Verification and cooling-off period for 1st-time users
The third measure has to do with the verification and cooling-off period for first-time enrolment of e-banking services or secured devices.
During this cooling-off period, customers will not be able to perform any online banking transactions.
Restricted authentication to only 1 device
The fourth measure deals with restricted authentication of electronic banking transactions to one mobile device or secure device per account holder.
This means that the banks will allow each account holder to register only one mobile device or secure device for the purpose of authentication of online banking transactions.
Alongside this, banks will strengthen processes to enhance changes to the single device process, such as additional verifications, to ensure that such requests have genuinely been made by the account holder.
Dedicated complaint hotline
Banks will also have 24/7 dedicated complaint channels or hotlines for customers to report incidents or suspicions of scams or frauds.
A list of ABM member banks’ contact numbers for reporting scams or frauds can be obtained from ABM’s website.
Other commitments
In addition, the banks will make available a convenient way for customers to swiftly and temporarily suspend banking activities for their own bank accounts if they suspect that their accounts have been compromised (i.e. in the event of suspected fraud).
Customers will also be able to resume service of their accounts after a reasonable timeframe upon validation. This will enable customers to take immediate action to safeguard their own bank accounts should the need arise.
The banking industry also acknowledges that the implementation of these measures may lead to changes in customers’ online banking experiences and expectations, whereby online banking transactions could potentially take a slightly longer duration due to added security measures and checks.
In view of this, we humbly seek customers’ patience and understanding of the expected delays and inconvenience that they may face once these measures are implemented as they are crucial for the added safety and security of the banks’ customers.
The member banks of ABM, AIBIM and ADFIM are also committed to ensuring proper communication with customers in relation to the above measures, including the implementation dates for the various measures, any changes to processes and action required on the part of the customers, contact details to seek assistance and so on.
Customers are reminded to remain vigilant at all times when transacting online, including following online banking safety tips such as:
- Do not download any installation files (APK files) on their devices, and only download apps from genuine app stores;
- Ensure that their online banking security image and/or phrase are correctly displayed on the screen before logging in; and
- Avoid clicking on links sent via chat messages such as SMS, WhatsApp, Messenger or other similar services.
The banks and industry associations have actively been promoting scam awareness and online banking safety tutorials through various channels. This will be amplified via a public awareness campaign to enhance the messaging in order to equip and educate customers on online safety.
The public may also refer to the individual banks’ websites, social media pages, ABM’s website and Instagram page, AIBIM’s website and social media (@_aibim) as well as BNM’s Amaran Scam Facebook page for updates on the latest scam tactics and important cyber hygiene practices to protect oneself against scams.
Account holders who encounter suspicious transactions involving their bank accounts should immediately:
- Notify their banks;
- Contact the Commercial Crime Investigation Department (CCID) Scam Response Centre at 03-2610 1559/1599; and
- Lodge a police report to facilitate an investigation.
ABM, AIBIM and ADFIM also welcome the measures to further elevate the Royal Malaysian Police Force’s CCID Scam Response Centre as a more systematic information-sharing platform that will enable quicker action to prevent further losses. – Sept 27, 2022
Main photo credit: East Asia Forum
