Bank Negara Malaysia (BNM) revealed that it has instructed bank institutions to adopt five additional security measures in a bid to further strengthen safeguards against financial scams – one of which is to migrate from SMS one-time passwords (SMS OTP). Other steps include tightening fraud detection rules and triggers for blocking suspected scam transactions, as well as observing a cooling-off period for first-time enrolment of online banking services.

According to the governor of the central bank, Tan Sri Nor Shamsiah Mohd Yunus, financial institutions will be required to phase out SMS OTPs and move on to more secure forms of authentication for various online activities and transactions. These include account opening, fund transfers and payments, as well as making changes to personal information and account settings.

To note, several major banks in Malaysia have already begun this process of migration, with some notable examples being Maybank, HSBC, CIMB, and UOB. With this, scammers will no longer have the opportunity to hijack transaction authorisation codes (TACs) that are usually sent to customers via SMSes.

Aside from that, Tan Sri Nor Shamsiah also said that banks will be required to further tighten detection rules and triggers for blocking suspected scam transactions. “Customers will be immediately alerted when any such activity involving their banking accounts is detected,” said Tan Sri Nor Shamsiah, adding that these transactions will be blocked. Following that, customers will need to confirm the authenticity of these transactions to unblock them.

Customers who are enrolling for online bank services or secure devices for the first time will soon also need to abide by a cooling-off period – as another banking security measure. During this period, they will not be able to conduct any online banking activity. Maybank, for instance, has already notified its customers that it will be implementing a 12-hour activation period starting from 8 October 2022 when customers enable its Secure2u feature on a new device.

Another new measure that will also be implemented is the restriction of customers to only one mobile or secure device for the authentication of online banking transactions.

As for the fifth and final measure, banks must also set up dedicated hotlines for customers to report financial scam incidents, and be more responsive to scam reports lodged by customers – including working with relevant agencies to recover and protect stolen funds. Along with this, financial institutions must also provide convenient ways for customers to suspend their bank accounts if they suspect that their accounts have been compromised, and to subsequently reactivate the accounts if they are sure that the accounts are secure.

“BNM requires banks in Malaysia to adopt high standards of security, especially for internet and mobile banking services,” Tan Sri Nor Shamsiah remarked when announcing these measures. She also admitted that the implementation of these controls may inevitably lead to some inconvenience for customers, but stressed that the methods used by criminals are always evolving. As such, it is important for BNM and the financial industry to continuously update their security controls and safeguards.

The governor assured, however, that BNM and the financial industry will strive to maintain a careful balance between security considerations and customer convenience.

Furthermore, Tan Sri Nor Shamsiah emphasised that the fight against scams is reliant on the cooperation of various parties, and not just BNM and the banks. The Royal Malaysian Police (PDRM), for instance, has established the Commercial Crime Investigation Department (CCID) Scam Response Centre. The Malaysian Communications and Multimedia Commission (MCMC) , too, is crucial in preventing tech platforms and third-party tele-communication service providers from being abused for scams.

Finally, the governor stated that the public, too, must build their awareness of scam tactics used by criminals, as well as the steps that they can take to avoid becoming victims. These include the “3S: Spot, Stop, and Share” method, which involves getting Malaysians to recognise signs of scams, stop engaging with the scammer, and share this knowledge with family and friends.

(Sources: Bank Negara Malaysia [1, 2])

• TAGS:
• Bank Negara Malaysia
• BNM
• BNM Governor
• Financial Scams
• One-Time Passwords (OTP)
• Online Scams
• Scammers
• Scams
• SMS TAC
• SMS Verification
• Tan Sri Nor Shamsiah Mohd Yunus