tech

Bank Negara Malaysia Instructs Banks To Migrate From OTP's To Safeguard Against Scams

In an attempt to combat financial scams effectively.

Cover image via Malaysia China Insight & Pradamas Giffary / Unsplash

Follow us on Instagram, TikTok, and Telegram for the latest stories and breaking news.

Bank scams are proven to be a big problem for Malaysians everywhere

From elaborate credit card scams to complex bank frauds, we can't afford to be complacent when it comes to something as essential as our finances.

These points were brought up by the Governor of Bank Negara Malaysia (BNM), Tan Sri Nor Shamsiah, during their Financial Crime Exhibit which launched on 26 September

The Financial Crime Exhibit is a virtual exhibition that showcases and educates people regarding the various financial scams that are present in Malaysia, including simulated financial scam-related scenarios. 

During the launch exhibit, the governor noted that they are rolling out more preventive measures, pursuing more effective and coordinated measures, and raising public awareness. 

The first step BNM is taking to strengthen safeguards against financial scams is by instructing financial institutions to change SMS One Time Passwords (OTP) to more secure forms of authentication

This includes online activities and transactions relating to account opening, funds transfer and payments, as well as changes to personal information and account settings.

According to BNM, most major banks have already started on this.

This is an essential step because OTPs are often vulnerable

According to UNIKEN, OTPs are often sent in clear text with no encryption or security, as well as little to no context. This makes it hard for the user to determine what the SMS message is used for. 

As such, scammers can easily access private information by swapping SIM cards and bypassing the 'protection'.

Aside from OTPs, financial institutions can opt for these authentication types:

Password based authentication: So only the user knows the combination of characters for access. 

- Multi-factor authentication: Includes two or more ways to identify a user, which could be a combination of fingerprints or facial recognition, for example.

- Certificate-based authentication: Grant user access through a digital document that only the user has, such as identification cards or driving licenses.

The governor went on to say that aside from BNM and the financial industry, law enforcement agencies, relevant ministries, as well as the public have a role to play as well

Various educational and awareness initiatives should be enforced, and the public must be willing to take time, learn, and implement these measures.

Ultimately, there are three steps to follow that BNM advises to protect ourselves from scams, mainly "3S - Spot, Stop, and Share":

- Spot: Looking out for signs of scams. Question, investigate and enquire to ensure that you are about to engage in a legitimate transaction;

- Stop: If anything looks doubtful or suspicious, it’s probably a scam. In such cases, stop engaging with the suspected scammer. It is important that you do not provide any banking or payment details;

- Share: Sharing your knowledge of scams with friends and family, and help protect others by reporting scams to relevant authorities so that they can take action

If you received a message from MySJ stating that you've received money, you probably shouldn't open it. Here's why:

Read more #scam related stories: