TO REASSURE ourselves on the security of online banking, we spoke to a few banks about the securities that they have in place, as well as the procedures they use whenever a customer’s worst nightmare comes true.

All said they spare no effort in investigating every report that they receive and work closely with the authorities — the police and ­national cybersecurity specialist CyberSecurity Malaysia.

Maybank advises its online ­banking customers who suspect they have fallen victim to a scam to immediately report the incident to Maybank Group Customer Care at 1-300-88-6688.

Its senior executive vice-­president and head of consumer banking, Lim Hong Tat, said the victim should also immediately change the ­username and ­password to the account, and report the matter to the police.

“Keep any communication, such as e-mail messages or SMSes, to any third party that may be a suspect and provide this information to the police or the bank to assist in the investigation,” he said.

He said Maybank has a team that continuously monitors all security aspects of its Internet banking ­services. Any unusual transactions that are detected are investigated.

Another local bank, CIMB, said if a customer loses money online due to fraud, it starts its ­investigation as soon as it is alerted because the bank wants to prevent the funds from being transferred, if possible.

If CIMB is able to hold on to the money, the customer is reimbursed as soon as the investigation is completed. This process usually takes several days, according to the bank.

Its head of retail banking, Peter England, said that while there have been cases of customers losing their money online due to fraud, the bank is unable to disclose how many times this has occurred.

“We can, however, state that on every occasion it was the customer who had compromised his or her own User ID and password, and had then ­responded to a fraudulent request to key in a TAC (Transaction Authorisation Code) that they had received on their mobile phone,” he said.

“There is not a single incident of fraud that occurred as a result of any weaknesses in our Internet banking system.”

CIMB is always on the look out for fraud attempts where a customer is duped into revealing Internet ­banking credentials, such as after receiving an SMS that he or she has won a contest.

It also monitors Internet banking transactions that it finds suspicious (even before monetary loss is reported) to proactively help prevent fraud.

And its customers are regularly reminded via messages on the bank’s website and other media, to never to respond to requests for personal information that come through e-mail, phone, or SMS.

The Citi never sleeps

US-based Citibank is ever vigilant against online banking fraud. Roy Heong, consumer e-business head for the bank’s Malaysia branch, said the bank has stringent fraud prevention systems in place.

Citibank Bhd has a system that involves a one-time Online Authorisation Code number and requires that a series of security questions that only the customer involved would know, to be answered correctly before being allowed to log into his or her account.

If there are three incorrect attempts to login, the account will be temporarily disabled for security reasons. The account can be re-enabled when the customer calls in and a full verification is done.

The bank also employs a dynamic keyboard on the login screen to keep keyloggers at bay. Keyloggers use programs that track a computer user’s key presses on the keyboard to deduce user names and ­passwords.

(PC users need to also be wary of a video-logging trojan program that can be used to capture a user’s clicks on a dynamic keyboard.)

Also, each Citibank online session is terminated after six minutes of inactivity.

Related Stories:
Don’t be a victim