- To mandate only SecureTAC authorisation by the first half of 2023
- Implemented SecureTAC approval on its CIMB Clicks App
CIMB Bank Bhd and CIMB Islamic Bank Bhd has said that it is firmly on track to fully implement the enhanced security measures against scam, as recently announced by Bank Negara Malaysia.
Abdul Rahman Ahmad, group chief executive officer of CIMB Group, said security is always CIMB’s highest priority, and the bank already has strong existing controls with multiple layers of security in place.
“At the same time, CIMB is committed to ensuring that the security measures are continually enhanced to protect customers.
“As such, the bank is supportive of the five additional security measures as announced by BNM, and is committed to fully implement them in a timely manner,” said Abdul Rahman.
With regard to migrating from SMS One Time Password (OTP / Transaction Authorisation Code (TAC) to a more secure multi factor authentication method, CIMB said it has already implemented SecureTAC approval via its CIMB Clicks App for online activities, fund transfers and payments, as well as changes to personal information and account settings.
SMS OTP/TAC is currently only available as a fallback option for customers without the Clicks App or for FPX transactions, it added.
The bank said it will fully cease the alternative option of using SMS OTP/TAC and mandate only SecureTAC authorisation by the first half of 2023.
CIMB urged all customers who have yet to do so, to download the CIMB Clicks App and to turn on notifications as this will be required in order for them to be able to continue enjoying digital banking services in a secure manner.
CIMB added that it is also accelerating the implementation of measures to limit customers to one secure mobile device for the authentication of online banking transactions, with a targeted rollout by end-October.
In line with the single secure mobile device restriction, the bank said it will introduce an added control measure in the form of a customer verification callback process for all new online banking registration and new secure device activation to protect customers against financial scams.
Additionally, CIMB will introduce progressively a cooling-off period as an additional safeguard for first- time enrolment of online banking or secure devices.
Once implemented, activation of service will take place during this period only after verification or contact has been made with the customer.
These additional measures will make the registration of online banking and change of device process more secure, the bank said.
The mandate for financial institutions to further tighten fraud detection rules and triggers for blocking suspected scam transactions is also welcomed.
On the requirement for financial institutions to set up dedicated hotlines for customers to report financial scam incidents, CIMB has a 24/7 Consumer Contact Centre at +603-6204 7788, where an option for scams/fraud is prioritised on the pre-recorded interactive voice response tree.
Customers who suspect their banking details have been compromised or that a suspicious transaction has taken place can immediately contact the CIMB contact centre to suspend their account immediately.
The bank said it will provide a self-serve feature on its digital banking platform for customers to temporarily suspend their account on their own.
This service is expected to be made available by the first half of 2023.
“The safety and security of our customers remains a priority in everything that we do, and we remain committed to continuously enhance and tighten all measures in order to ensure our customers’ funds and banking transactions remain secure,” said Abdul Rahman.