PETALING JAYA: Financial institutions have been told to migrate from the one-time password (OTP) system to more secure forms of authentication for online transactions, as part of efforts to curb online scams.
This was among a slew of announcements made by Bank Negara Malaysia (BNM) to strengthen safeguards against financial scams, with cybercrime on the rise in Malaysia and globally.
“This is a concerning development which BNM takes seriously, especially where these cases concern financial scams,” said BNM governor Nor Shamsiah Yunus at the launch of the central bank’s financial crime exhibition.
Nor Shamsiah pointed out that major banks have started the transition away from the SMS OTP system for online activities and transactions involving the opening of accounts, fund transfers, payments, and changes to personal information and account settings.
“Secondly, financial institutions will further tighten fraud detection rules and triggers for blocking suspected scam transactions. Customers will be immediately alerted when any such activity involving their banking account is detected.
“As an additional measure, financial institutions will block such transactions, and customers will be asked to confirm that such transactions are genuine before they are unblocked,” she said.
Other measures include a cooling-off period for first-time enrolment of online banking services or secure devices, where no online banking activity is allowed to be conducted.
Customers will also be restricted to one mobile or secure device for the authentication of online banking transactions, while financial institutions will be required to set up dedicated hotlines for customers to report financial scams.
“Financial institutions have been directed to be more responsive to scam reports lodged by customers. Financial institutions have also been directed to facilitate efforts to recover and protect stolen funds, including to work with relevant agencies to prevent further losses,” she said.
Banks are also required to provide customers with convenient ways to suspend their accounts if they suspect that they have been compromised because of a scam.
Customers will be able to reactivate them after a reasonable period to ensure that their accounts are secure.
“BNM will also continue to monitor and take appropriate action on financial institutions to ensure that the highest levels of controls and security standards are observed,” Nor Shamsiah said.
She said these additional measures may cause “some friction or inconvenience” in customers’ online banking experience, such as a longer time for online transactions.
“Make no mistake, while these measures entail some inconvenience, they are important to protect the interests of customers,” she said.
Nor Shamsiah also said BNM will work with the police, the Malaysian Communications and Multimedia Commission (MCMC) and the National Anti-Financial Crime Centre (NFCC) to strengthen the CCID Scam Response Centre’s role as a systematic information sharing platform to enable quicker action.
Further details on this initiative will be announced in due course, she said.
She said users should ensure that their devices were secure and free from suspicious apps that might carry malware and spyware.
“In implementing these measures, BNM and the financial industry will continue to carefully balance between security considerations and customer convenience,” she said.
Source: Free Malaysia Today