Malaysian banks respond to alleged data leaks, call for calm

By Xavier Kong

LOCAL banks have called for calm among credit card users, standing by the statement that “there is no credible evidence that any actionable customer data has been compromised.”

This follows the news over the weekend that a data breach has occured, involving “hundreds of thousands” of credit card details from at least six Southeast Asian countries including Malaysia and Singapore, according to India-based cybersecurity start-up Technisanct.

The company revealed that its research turned up “a series of data breaches involving credit card details issued by top banks in Singapore, Malaysia, the Philippines, Vietnam, Indonesia and Thailand,” according to the South China Morning Post.

An initial response from CIMB Group Holdings Bhd stated that there was “no credible evidence that any actionable customer data has been compromised from us,” after having been pointed out in the press release by Technisanct as one of the banks compromised.

“CIMB takes data privacy and protection seriously and has taken the necessary security measures to ensure all customers’ personal information remain secured. We continuously monitor all avenues to ensure that our customer data remains protected where possible,” a spokesperson had responded to the South China Morning Post.

This was further supported by an article in The Sun, where LGMS / LE Global Services Sdn Bhd CEO and security consultant Fong Choong Fook stated that it is unknown where the data breach was found as there was no evidence presented. It was also not established whether the purported leak involved old or new data.

When contacted, a Hong Leong Bank Bhd spokesperson stated that the bank “takes the security of their cardholders very seriously.”

“The bank has put in place a robust multi-layered security and protection, along with real-time fraud monitoring to detect fraudulent and out-of-norm card usage behaviour, as well as to block and suspend any affected cards proactively,” said the spokesperson.

Hong Leong also urged cardholders to be cautious about giving their card information to third parties, where breaches are more likely to occur, noting that the information of any cardholder from any bank can be stolen when it is given by cardholders to third parties, when the cards are used, and when that information is stored on various third-party platforms, such as when a cardholder keys in personal information on external websites or stores card details on a browser.

“We would like to remind cardholders to keep their card information safe, including using strong passwords, be cautious of where they use their cards, to only perform transactions on secure/trusted websites and not to store credit card details in their web browsers,” shared Hong Leong.

The banking industry is also constantly taking additional measures to protect cardholders, such as increased security measures applied on merchants, where the cards are being used.

Hong Leong has also implemented chip-and-pin security for amounts above nominal values where cardholders have to key in a PIN password known only to the cardholder before the transaction can be processed.

Dual factor authentication methods, such as 3D-Secure where cardholders are given a one-time password on their personal mobile device to authenticate their online transactions, are also in use by the banking industry. 

Text messaging notifications to cardholders to alert them of their transactions are another means of communication to cardholders, and any suspicious transactions are promptly blocked.

These measures serve to mitigate the transaction risks of cardholders in the unfortunate event their card information might have been stolen.

Of the other banks FocusM has attempted to contact, Maybank declined to comment on the basis of the data leak being unfounded, while RHB could not be reached. CIMB has also been contacted, but has yet to respond at the time of writing. – March 11, 2020

Subscribe and get top news delivered to your Inbox everyday for FREE