KUALA LUMPUR - Banks in Malaysia continue to adapt and improve banking security features, in line with Bank Negara Malaysia’s (BNM) five key measures to combat financial fraud.
The five keys measures, announced in December 2022, are a transaction cooling-off period, migrating from short messaging service (SMS) to one-time passwords (OTP) to a more secure authentication method, a single designated device for authorisation, removal of hyperlinks from SMS and email communications, and a 24-hour cyber fraud security hotline.
In a statement today, RHB Banking Group said it had taken a holistic approach by continuously enhancing security features within its internet banking and mobile banking platforms to assist the group in identifying and eliminating threats of fraudulent activities.
"One of RHB’s security measures is the complete migration of SMS OTP to the Secure Plus transaction authorisation feature for mobile banking and internet banking platforms by this month.
"In addition to the existing measures, we also introduced a ‘Lock Account’ or ‘Kill Switch’ feature where customers can block access to their banking account when fraudulent activity is detected,” RHB said.
The bank is also proactively running a fraud awareness education campaign through various communication channels, such as its corporate website, social media platforms, internet and mobile banking platforms, and across 200 RHB branches nationwide.
Meanwhile, OCBC Malaysia, comprising OCBC Bank (Malaysia) Bhd (OCBC Bank) and its Islamic banking subsidiary OCBC Al-Amin Bank Bhd, said it had migrated all customers to the safer and more secure OCBC OneToken as an additional measure to guard them against falling prey to online scams.
The banking group said that with the OCBC OneToken feature, the SMS OTP authentication is no longer an option for authorising online banking transactions and removed all hyperlinks, as well as phone numbers in other SMS communications to prevent customers from falling prey to phishing attempts by scammers.
"The OCBC OneToken was introduced in early 2019. It is a digital token available on the OCBC Malaysia Mobile Banking app.
"It allows customers to securely generate an OTP to authorise their online banking transactions, and it could only be activated on a single mobile phone at any given time,” it said.
In addition to providing two-factor authentication (2FA) security, the bank said OCBC OneToken has built-in defence capabilities to detect threats on customers’ mobile phones.
Public Bank Bhd also recently introduced the transaction cooling-off period feature via the PBe internet banking and the PB engage MY mobile application, which is designed to minimise the risk of unauthorised transactions and potentially fraudulent activities, ensuring the safety of customers’ funds.
"All users of PBe and PB engage MY are now required to activate a more robust 2-factor authentication method called PB Secure Sign. The activation can only be performed via the automated teller machine or ATM, Public Bank Branch and PBe customer support help desk at 03-2170 8000.
"Once activated, the PB SecureSign will undergo a 12-hour cooling-off period. Customers can only start approving online transactions after the cooling off period,” it said.
To further safeguard customers’ online banking platform security, the bank said the PB SecureSign could only be activated on a single device which will be used as the primary device responsible for approving transactions.
Public Bank also removed hyperlinks from SMS and email communications and provided a 24-hour cyber fraud security hotline to enable customers to report scams or suspicious activities related to their accounts - BERNAMA
The five keys measures, announced in December 2022, are a transaction cooling-off period, migrating from short messaging service (SMS) to one-time passwords (OTP) to a more secure authentication method, a single designated device for authorisation, removal of hyperlinks from SMS and email communications, and a 24-hour cyber fraud security hotline.
In a statement today, RHB Banking Group said it had taken a holistic approach by continuously enhancing security features within its internet banking and mobile banking platforms to assist the group in identifying and eliminating threats of fraudulent activities.
"One of RHB’s security measures is the complete migration of SMS OTP to the Secure Plus transaction authorisation feature for mobile banking and internet banking platforms by this month.
"In addition to the existing measures, we also introduced a ‘Lock Account’ or ‘Kill Switch’ feature where customers can block access to their banking account when fraudulent activity is detected,” RHB said.
The bank is also proactively running a fraud awareness education campaign through various communication channels, such as its corporate website, social media platforms, internet and mobile banking platforms, and across 200 RHB branches nationwide.
Meanwhile, OCBC Malaysia, comprising OCBC Bank (Malaysia) Bhd (OCBC Bank) and its Islamic banking subsidiary OCBC Al-Amin Bank Bhd, said it had migrated all customers to the safer and more secure OCBC OneToken as an additional measure to guard them against falling prey to online scams.
The banking group said that with the OCBC OneToken feature, the SMS OTP authentication is no longer an option for authorising online banking transactions and removed all hyperlinks, as well as phone numbers in other SMS communications to prevent customers from falling prey to phishing attempts by scammers.
"The OCBC OneToken was introduced in early 2019. It is a digital token available on the OCBC Malaysia Mobile Banking app.
"It allows customers to securely generate an OTP to authorise their online banking transactions, and it could only be activated on a single mobile phone at any given time,” it said.
In addition to providing two-factor authentication (2FA) security, the bank said OCBC OneToken has built-in defence capabilities to detect threats on customers’ mobile phones.
Public Bank Bhd also recently introduced the transaction cooling-off period feature via the PBe internet banking and the PB engage MY mobile application, which is designed to minimise the risk of unauthorised transactions and potentially fraudulent activities, ensuring the safety of customers’ funds.
"All users of PBe and PB engage MY are now required to activate a more robust 2-factor authentication method called PB Secure Sign. The activation can only be performed via the automated teller machine or ATM, Public Bank Branch and PBe customer support help desk at 03-2170 8000.
"Once activated, the PB SecureSign will undergo a 12-hour cooling-off period. Customers can only start approving online transactions after the cooling off period,” it said.
To further safeguard customers’ online banking platform security, the bank said the PB SecureSign could only be activated on a single device which will be used as the primary device responsible for approving transactions.
Public Bank also removed hyperlinks from SMS and email communications and provided a 24-hour cyber fraud security hotline to enable customers to report scams or suspicious activities related to their accounts - BERNAMA