CIMB Bank Bhd and CIMB Islamic Bank Bhd said that they are firmly on track to fully implement the enhanced security measures against scams as announced by Bank Negara Malaysia (BNM) and supported by the Association of Banks in Malaysia (ABM) and Association of Islamic Banking and Financial Institutions in Malaysia (AIBIM).
Dato’ Abdul Rahman Ahmad, group CEO of CIMB Group said, “Security is always CIMB’s highest priority, and the Bank already has strong existing controls with multiple layers of security in place.
“At the same time, CIMB is committed to ensuring that the security measures are continually enhanced to protect customers. As such, the bank is supportive of the five additional security measures as announced by BNM and is committed to fully implementing them in a timely manner”.
With regard to migrating from SMS One Time Password (OTP) / Transaction Authorisation Code (TAC) to a more secure multi factor authentication method, CIMB has already implemented SecureTAC approval via its CIMB Clicks App for online activities, fund transfers and payments, as well as changes to personal information and account settings.
SMS OTP/TAC is currently only available as a fallback option for customers without the Clicks App or for FPX transactions. The bank will fully cease the alternative option of using SMS OTP/TAC and mandate only SecureTAC authorisation by the first half of 2023.
“CIMB urges all customers who have yet to do so, to download the CIMB Clicks App and to turn on notifications as this will be required in order for them to be able to continue enjoying digital banking services in a secure manne,” the statement said.
CIMB is also accelerating the implementation of measures to limit customers to one secure mobile device for the authentication of online banking transactions, with a targeted rollout by end-October 2022.
In line with the single secure mobile device restriction, the bank will introduce an added control measure in the form of a customer verification callback process for all new online banking registration and new secure device activation to protect customers against financial scams.
CIMB will also introduce progressively a cooling-off period as an additional safeguard for first- time enrolment of online banking or secure devices. Once implemented, activation of service will take place during this period only after verification or contact has been made with the customer. These additional measures will make the registration of online banking and change of device process more secure.
The mandate for financial institutions to further tighten fraud detection rules and triggers for blocking suspected scam transactions is also welcomed.
CIMB already has a sophisticated real- time fraud monitoring system in place to detect high risk transactions and out-of-norm usage or behaviour. The bank will continue to ensure fraud detection rules are enhanced on an on-going basis to reflect evolving scam methods and fraudulent behaviour, with customers to be alerted and contacted when unusual or suspicious transactions are flagged.
In addressing the growing prevalence of scams, CIMB is ramping up its education and awareness efforts to ensure customers remain vigilant at all times when transacting or banking digitally. The Bank would also like to take this opportunity to remind customers of the following online banking safety tips:
- Avoid downloading any installation files (APK files) on devices, and only download apps from genuine app
- Only download apps from genuine app stores such as the Apple App Store, Google Play Store or Huawei AppGallery, and never from a link.
- Never share SMS TAC/OTP and SecureTAC with The Bank will not contact a customer to request for this information or any personal information.
On the requirement for financial institutions to set up dedicated hotlines for customers to report financial scam incidents, CIMB has a 24/7 Consumer Contact Centre at +603-6204 7788, where an option for scams/fraud is prioritised on the pre-recorded interactive voice response (“IVR”) tree. The Bank will monitor and ensure high compliance in further prioritising scam response and ensure customers are able to contact the bank for assistance or to report scams in an expeditious manner.