OCBC Malaysia has successfully migrated all its customers to the safer and more secure OCBC OneToken as an additional measure to guard them against falling prey to online scams. With this, one-time passwords (OTP) by SMS are no longer an option for authorising online banking transactions.
The Bank has also removed all hyperlinks and phone numbers in other SMS communications in order to prevent customers from falling prey to phishing attempts by scammers.
According to OCBC Bank CEO Tan Chor Sen, the move to remove the OTP-by-SMS option is significant and will help to protect customers’ interests given the rise in banking-related scam attempts through SMSes purporting to be from banks.
OCBC Bank was among the early adopters of digital tokens when it introduced OCBC OneToken in early 2019. OCBC OneToken, a digital token available on the OCBC Malaysia Mobile Banking app, allows customers to securely generate an OTP to authorise their online banking transactions.
For added security, OCBC OneToken can only be activated on a single mobile phone at any given time. In addition to providing two factor authentication (2FA) security, OCBC OneToken has built-in defence capabilities to detect threats on customers’ mobile phones.
Early this year, to accelerate the transition from SMS to OCBC OneToken, OCBC Bank rolled out a communications plan that included electronic direct mailers, social media and the Bank’s website alongside guiding their customers on how to make the switch seamlessly. The bulk of the Bank’s customers responded positively to the call.
Upon successful OCBC OneToken activation, customers receive SMS and email alert notifications. As an additional safeguard, OCBC Bank customers are able to access online banking only after a 12-hour cooling-off period.
In December last year, OCBC Bank became the first in the country to provide customers with the convenient Kill Switch service for customers to suspend banking accounts and cards via self-service interactive voice response (IVR). This was part of the strategic effort to safeguard customers and strengthen measures against financial scams.
The 24/7 service allows customers to immediately freeze their banking accounts and cards via self-service IVR if they think they have been scammed. The service can be accessed by calling 03-8317 5000 and pressing ‘8’.
