CIMB is looking to strengthen security measures for both of its CIMB Clicks and CIMB OCTO mobile applications by introducing two mandatory enhancements this month. These include SecureTAC authorisation for transactions of RM 100 and above, as well as a call verification process for first-time app logins.
According to the bank, the former will be made effective starting 5 December 2022 onwards, and applicable to non-favourite fund transfers, bill payments, and prepaid top-ups. With SecureTAC authorisation being made mandatory for transactions of RM 100 and above, customers will be required to approve the process via the CIMB Clicks app. In other words, those who have yet to install the bank’s official app will have to install it on their mobile devices moving forward.
Currently, these transactions rely on SMS TAC / OTP SMS authentication for approvals. However, Bank Negara Malaysia has instructed all banks back in September this year to move away from using this approach in the interest of protecting users from financial scams. Not long after the mandate was made, CIMB itself announced that it will be migrating away from OTP SMS by the first half of next year, though it now appears that the process will be starting earlier than scheduled.
As mentioned earlier, the shift to mandatory SecureTAC verification isn’t the only security measure to be implemented by the bank within this month. Effective 26 December 2022, CIMB revealed that it will also require customers to undergo a compulsory call verification process for any first-time CIMB Clicks and CIMB OCTO logins on new devices. This is to ensure that any first attempt or device change is initiated by the account holder themselves.
The bank says once a first-time login is performed, customers are required to call CIMB’s 24/7 Consumer Contact Centre (+603-6204 7788) to authenticate their registration on the new device and to maintain access. Alternatively, it will also attempt to contact the account holder for verification within 24 hours since the first access from a new device. Keep in mind that the bank will deactivate the customer’s CIMB Clicks ID as a safety precaution if they are unreachable within that time frame, or in the event that the authentication process could not be completed.
CIMB also notes that efforts to enhance its security measures will continue into the new year. More specifically, it intends to extend SecureTAC to include any transactions valued RM 100 and below as well as non-monetary transactions, while call-based authentication will be made compulsory for all first-time bank account activation. Both of which are planned to be implemented by the first half of 2023.
(Source: CIMB press release / official website)
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.