Kuala Lumpur, Tuesday, 27 September 2022 – On behalf of the member banks of The Association of Banks in Malaysia (ABM), Association of Islamic Banking and Financial Institutions Malaysia (AIBIM) and The Association of Development Finance Institutions Malaysia (ADFIM), we would like to state our concurrence and full support for the five key measures to combat financial scams as announced by the Governor of Bank Negara Malaysia, Tan Sri Nor Shamsiah binti Mohd Yunos at the launch of the Financial Crime Exhibition.
We would like to provide some details in relation to the 5 key measures that were announced:
- Migrating from SMS One Time Password (OTP) to a more secure authentication method, e.g. via secure multi-factor authentication software or hardware tokens for certain transactions. These transactions include fund transfers and payments, change of personal information (e.g. mobile numbers, postal and email addresses) and account settings (e.g. limits for withdrawals or transfers). Some banks have already largely migrated away from SMS OTP or offer secure alternative authentication methods as recommended by Bank Negara Malaysia since 2019, while other banks are expediting efforts to comply with the latest requirement;
- Tightening the banks’ fraud detection rules and triggers for the blocking of suspicious transactions. This may result in the banks sending prompts/notifications to customers on unusual activities. The banks may also contact their customers to confirm/ authenticate certain transactions that are flagged as unusual activities;
- Verification and cooling-off period for first time enrolment of e-banking services or secure device. During this cooling-off period, customers will not be able to perform any online banking transactions;
- Restrict authentication of electronic banking transactions to one mobile device or secure device per account holder. This means that the banks will allow each account holder to register only one mobile device or secure device for the purpose of authentication of online banking transactions. Alongside this, the banks will strengthen processes to enhance changes to the single device process, such as additional verifications, to ensure that such requests have genuinely been made by the account holder; and
- Banks will also have 24/7 dedicated complaint channel/hotline for customers to report incidents or suspicions of scam/fraud. A list of ABM member banks’ contact numbers for reporting scam/fraud can be obtained from ABM’s website, https://www.abm.org.my/directory. In addition, the banks will make available a convenient way for customers to temporarily suspend banking activities for their own bank accounts swiftly if they suspect that their accounts have been compromised, i.e. in the event of a suspected fraud. Customers will also be able to resume service of their accounts after a reasonable timeframe upon validation. This will enable customers to take immediate action to safeguard their own bank accounts should the need arise.
The banking industry acknowledges that the implementation of these measures may lead to changes in customers’ online banking experiences and expectations, whereby online banking transactions could potentially take a slightly longer duration due to added security measures and checks.
In view of this, we humbly seek customers’ patience and understanding on the expected delays and inconvenience that they may face once these measures are implemented. These measures however, are crucial for the added safety and security of the banks’ customers.
The member banks of ABM, AIBIM and ADFIM are committed to ensure proper communication with customers in relation to the above measures, including the implementation dates for the various measures, any changes to processes and action required on the part of the customers, contact details to seek assistance, etc.
Customers are reminded to remain vigilant at all times when transacting online, including following online banking safety tips such as:
- Do not download any installation files (APK files) on their devices, and only download applications (apps) from genuine app stores;
- Ensure that their online banking security image and/or phrase are correctly displayed on screen before logging in; and
- Avoid clicking on links sent via chat messages such as SMS, WhatsApp, Messenger or other similar services.
The banks and industry associations have actively been promoting scam awareness and online banking safety tutorials through various channels. This will be amplified via a public awareness campaign to enhance the messaging in order to equip and educate customers on online safety. The public may also refer to the individual banks’ websites, social media pages, ABM’s website (https://www.abm.org.my/consumer-information/safe-online-banking) and Instagram page (@abm.org.my), AIBIM’s website (www.aibim.com) and social media (@_aibim), as well as Bank Negara Malaysia’s Amaran Scam Facebook page (https://www.facebook.com/amaranpenipuan) for updates on the latest scam tactics and important cyber hygiene practices to protect themselves against scams.
Account holders who encounter suspicious transactions involving their bank accounts should immediately:
- Notify their banks;
- Contact the Commercial Crime Investigation Department (CCID) Scam Response Centre at 03-2610 1559/1599; and
- Lodge a police report to facilitate the investigation.
ABM, AIBIM and ADFIM also welcome the measures to further elevate Polis Diraja Malaysia (PDRM)’s CCID Scam Response Centre as a more systematic information sharing platform that will enable quicker action to prevent further losses.