The Association of Banks in Malaysia: Reply to letter from the Consumers Association of Penang titled "Is Our Cyber Security Non-Existent?"

October 16, 2014
16 October 2014

Tuan S.M. Mohamed Idris
Consumers Association of Penang
10 Jalan Masjid Negeri
11600 Pulau Pinang

Dear Sir,

Re: Article titled “Beef-up our cyber security” published in The Star on Thursday, 9 October 2014, articles titled “Malaysia’s cyber security far from being secure”?” and “Consumers Association of Penang discourages electronic banking” published in The Malay Mail and Oriental Daily News on Friday, 10 October 2014 and article titled “Wise to defer mandatory online banking” published in The New Straits Times on Monday, 14 October 2014

Please allow us, The Association of Banks in Malaysia (ABM), to respond for and on behalf of our member banks comprising the 27 commercial banks operating in Malaysia to the remarks made in the above-mentioned articles.

1. Security of ATMs
With regard to the recent hacking of Automated Teller Machine (ATM), ABM together with our member banks with ATM networks are collaborating closely with the relevant authorities. Our member banks will be taking steps to further improve the security of ATM.

2. What else is being done to increase Malaysia’s cyber security and make our online banking safe?
Fundamental to the growth of e-payments is the confidence which the public has in its convenience and security.

According to Bank Negara Malaysia, in 2013, fraud incidents only accounted for 0.0054% of total transaction volume and 0.0011% of the transaction value of electronic payment (e-payment) transactions. The various measures taken by the regulators and continuous investment made by the banking industry have helped keep the incidences of fraud in e-payments at a very low level over the last decade. Unfortunately, fraudsters will forever devise new ways to exploit weaknesses in the system and take advantage of unsuspecting consumers.

As socially-responsible service providers, banks have invested large sums every year to further improve the information technology infrastructure, training and education of the public to ensure the safety of the e-banking services which they offer. Our member banks have also invested substantial amounts of money in ensuring robust security systems which meet the high standards set by the regulators.

Our member banks will continuously upgrade their security systems and invest in the latest technology to protect consumers’ banking information. The banks also seek to regularly improve their internet banking systems and services to ensure its reliability and security so that consumers can conduct online banking transactions with confidence.

Some safety measures taken by banks include:
  • Regular tests of the system to ensure its reliability.
  • Provision of internet security arrangements to ensure a secure infrastructure.
  • Implementation of a number of security methods and technology such as encryption, firewalls, automatic log-off and monitoring tools.
  • Implementation of multi-level security verification, e.g. use of password and Transaction Authorisation Code (TAC), password and security token/device, etc., for online transactions.
  • Undertake periodic reviews to assess potential risks and detect possible weaknesses in the banking institution’s risk management system.
In addition, our member banks have also taken various steps to engage with their customers so that they are fully aware and kept updated on the latest scams.

3. The “basic layer” of protection that banks provide to their online and mobile banking is no longer enough
While banks on their part constantly enhance the security of their online banking services, some unsuspecting consumers may unfortunately still fall victim to fraudsters due to their lack of awareness and knowledge regarding recent scams.

Consumers too must play their part to safeguard their own assets/devices and savings by knowing the types of scams which are out there and being alert to suspicious emails and calls. We would also urge all consumers to take the necessary precautions to ensure that the devices which they use to conduct online banking are installed with anti-virus and anti-malware software which have been updated with the latest virus definitions to protect their devices from potentially being attacked by any malware.

Consumers should also be vigilant by equipping themselves with the relevant knowledge so that they will not fall victim to such scams.

We wish to point out some do’s and don’ts when using online banking (the following tips can be gleaned from our website,
  • Do not share your login/banking credentials with other people.
  • Never login to your internet banking via any hyperlink. Type the complete internet banking URL/address.
  • Ensure that you only access your internet banking account from a secured internet connection. Your device must also be fully protected using the latest anti-virus and anti-malware software or application updated to the latest virus and malware definition.
  • We are living in the digital information age where information is a necessity but a lot of information is unverified. Do verify the information before you put your trust.
  • Check authenticity of a bank site by observing the closed padlock icon located on the browser’s address bar. Please do not proceed if there is no padlock or the padlock is not closed.
  • Always ensure that the security picture or hint displays the image or hint that you have selected and set for your account. If there is no image, or the wrong one is displayed, please do not proceed.
  • Do not access your banking information or conduct banking transactions at cyber cafes or via public Wi-Fi spots.
  • Use the latest version of your internet browser as it will be equipped with the latest security features.
To educate consumers and enhance their confidence in cashless transactions, the National Cards Group participating members, in collaboration with ABM and supported by MasterCard Worldwide and Visa International had on Tuesday, 7 October 2014, launched a national awareness campaign.

The two-month campaign will champion the message of THINK ONLINE SAFETY, THINK C.A.R.D., which outlines four simple steps consumers can use to safeguard their online transactions.

The simple acronym C.A.R.D. prompts consumers to firstly Confirm the confidentiality of the data they are sharing – consumers are reminded not to store login details on public or shared computers, and change passwords regularly. Thereon, consumers are advised to Authenticate the website they are using by looking for secure-signs such as the MasterCard SecureCode and Verified by Visa logos. They should then Re-verify their transaction – all secured sites will prompt users for a One Time Password for all online transactions. Last but not least consumers should Detect potential fraud by contacting their bank(s) if they receive any suspicious SMS messages.

Whilst we do acknowledge that there are risks to using online banking – as there are with all things – we believe that its benefits such as affordability, convenience and speed, far outweigh the risks given the low level of fraud.

Regulators, banks and consumers must work hand-in-hand to combat and fight fraud related to electronic banking.

We will certainly work with our members diligently towards continual improvements in online security towards enhancing public confidence in the usage of e-payments.

Yours faithfully,
Chuah Mei Lin
Executive Director
ABMConnect | Toll-free on 1300-88-9980

ABMConnect provides an avenue for consumers to clarify any doubts and verify information on conventional banking issues.