KUALA LUMPUR – Bank Negara Malaysia (BNM) has instructed financial institutions to migrate from using SMS one-time passwords (OTPs) to more secure forms of authentication for all relevant online activities or transactions.
BNM governor Tan Sri Nor Shamsiah Mohd Yunus said today that the transactions cover those relating to account opening, fund transfers, and payments, as well as changes to personal information and account settings.
“The major banks have already started this process of migrating to more secure forms of authentication,” she said.
The move has been made in view of the rising number of scams and cybercrimes of late, not just in Malaysia but all around the world.
“This is a concerning development which BNM takes seriously,” she said.
She said this at the launch of a virtual Financial Crime Exhibition by the BNM Museum and Art Gallery today. The event was jointly officiated by Nor Shamsiah and Inspector-General of Police Tan Sri Acryl Sani Abdullah Sani.
Nor Shamsiah also announced additional measures that will be undertaken by the banking industry to combat financial scams.
They include further tightening of detection rules and triggers for the blocking of scam-related transactions, and subjecting first-time enrolments of online banking services and secure devices to a cooling-off period.
Customers will also be restricted to one mobile device or secure device for the authentication of online banking transactions, while banks will be required to set up dedicated scam hotlines.
Additionally, banks are required to provide convenient ways for customers to suspend their accounts if they suspect that they have been compromised as a result of a scam. Users can reactivate after a reasonable period once the accounts are secure.
Meanwhile, Acryl Sani cautioned in his speech that the ability of cyber-criminals to exploit technological changes and creatively trap victims with a variety of new modus operandi – paired with the moderate level of public awareness on cybercrime – are among the reasons for increasing cases.
“Therefore, the Royal Malaysia Police sees the need to disseminate as much knowledge as possible to the community so they can avoid becoming victims of such criminal activities,” he said.
The public has been advised to safeguard their personal information and avoid downloading files or applications from unverified sources onto mobile devices.
Account holders who encounter suspicious transactions involving their bank accounts should immediately notify their banks and lodge a police report to facilitate the necessary investigation.
They should also contact the Commercial Crime Investigation Department’s Scam Response Centre at 03-2610-1559/1599 or BNMTELELINK at 1-300-88-5465.
Blocking transactions and alerting customers
Elaborating on the new measures, Nor Shamsiah said that financial institutions will further tighten fraud detection rules and triggers for blocking suspected scam transactions.
“Customers will be immediately alerted when any such activity involving their banking accounts is detected,” she said.
“As an additional measure, financial institutions will block such transactions, and customers will be asked to confirm that such transactions are genuine before they are unblocked.”
A cooling-off period will also be observed for first-time enrolment of online banking services or secure devices. During this time, no online banking activity is allowed to be conducted, she added.
Customers will also be restricted to one mobile or secure device for the authentication of online banking transactions.
On the requirement for scam hotlines, Nor Shamsiah said that financial institutions have been directed to be more responsive to scam reports lodged by customers.
“Financial institutions have also been directed to facilitate efforts to recover and protect stolen funds, including working with relevant agencies to prevent further losses,” she said.
She also warned that methods used by criminals will continue to evolve.
“BNM therefore continuously intensifies efforts and takes steps to combat scams by introducing additional controls and safeguards from time to time,” she said.
Expect some necessary inconvenience
Nor Shamsiah stressed that while the tighter security controls are being put in place to deter efforts by criminals to scam consumers, these controls may also inevitably lead to some friction or inconvenience in the online banking experience of customers.
“For example, online banking transactions might take a little longer to process,” she said. “Financial institutions will also conduct more checks when customers request to change or register a new phone number.
“Make no mistake, while these measures entail some inconvenience, they are important to protect the interests of customers.
“BNM and the financial industry will continue to carefully balance between security considerations and customer convenience. BNM will also continue to monitor and take appropriate action on financial institutions to ensure that the highest levels of controls and security standards are observed.”
She stressed that online banking users must protect their personal and banking information, and never disclose such information to any individual or key it into suspicious websites.
“Users should also be vigilant and ensure that their devices, such as mobile phones, run up-to-date software and operating systems,” she said.
“They should ensure that their devices are secure and free from suspicious apps which might carry malware and spyware. This means being careful with what you install on devices used for online banking transactions.” – The Vibes, September 26, 2022
