BNM: Banks to migrate from SMS OTP to more secure forms of authentication

PETALING JAYA: Bank Negara Malaysia (BNM) has announced additional measures that will be undertaken by the banking industry to combat financial scams, including the migration of SMS One Time Passwords (OTP) to a more secure form of authentication for online activities or transactions relating to account opening, fund transfers and payments, as well as changes to personal information and account settings.

BNM governor Tan Sri Nor Shamsiah Mohd Yunus said the major banks have already started this process of migrating to more secure forms of authentication.

In adddition, there will be further tightening of detection rules and triggers for the blocking of scams-related transactions; as well as subjecting first-time enrolments of online banking services and secure devices to a cooling-off period. Customers will also be restricted to one mobile device or secure device for the authentication of online banking transactions; and banks will be required to set up dedicated scam hotlines.

“Together with the financial industry, BNM will continue to ensure that banking and payment channels remain secure and equipped with the latest security controls. The effort to combat financial crimes also requires the support of all parties. As consumers, each of us are responsible for protecting ourselves from the threat of scams,“ she said in a statement in conjunction with the launch of the Financial Crime Exhibition by BNM Museum and Art Gallery today.

In her speech, Nor Shamsiah said BNM requires banks in Malaysia to adopt high standards of security, especially for Internet and mobile banking services. From time to time, BNM also issues security advisories to the financial industry highlighting the latest modus operandi (tactics) of scammers and additional security measures that banks need to implement to protect their customers’ savings.

“The reality, however, is that methods used by criminals will continue to evolve. BNM therefore continuously intensifies efforts and take steps to combat scams by introducing additional controls and safeguards from time to time.”

In addition, financial institutions are required to provide convenient ways for customers to suspend their bank accounts if they suspect that their accounts have been compromised as a result of a scam. Customers will also be able to subsequently reactivate their accounts after a reasonable period to ensure that their accounts are secure.

She said BNM and the financial industry will continue to ensure that banking and payment channels remain secure and equipped with up-to-date security controls. The tighter security controls are being put in place to deter efforts by criminals to scam consumers. However, these controls may also inevitably lead to some friction or inconvenience in the online banking experience of customers.

“For example, online banking transactions might take a little longer to process. Financial institutions will also conduct more checks when customers request to change or register a new phone number. Make no mistake, while these measures entail some inconvenience, they are important to protect the interests of customers.

“In implementing these measures, BNM and the financial industry will continue to carefully balance between security considerations and customer convenience. BNM will also continue to monitor and take appropriate action on financial institutions to ensure that the highest levels of controls and security standards are observed. We will also continue to take effective preventive measures against ever-evolving financial scams.”

The public is advised to safeguard their personal information and avoid downloading files or applications from unverified sources onto mobile devices. Account holders who encounter suspicious transactions involving their bank accounts should immediately notify their banks; contact the Commercial Crime Investigation Department Scam Response Centre at 03-2610 1559/1599 or BNMTelelink at 1-300-88-5465; and lodge a police report to facilitate the investigation.