While bank customers are fuming over Malayan Banking Berhad (Maybank) and CIMB Bank Berhad’s (CIMB) service outages, businesses are complaining that Bank Negara Malaysia (BNM) has been too slow to react and enforce any remedial action.
Bank Negara Malaysia (BNM) has instructed both Maybank and CIMB to explain the recent outage in banking services by both banks which occurred within the past week for both banks which affected various core services including ATMs and payment via credit and debit cards only days after the outages occurred.
Given that these are the two biggest banks in Malaysia, BNM stated that it took these outages seriously as it caused disruptions and inconvenience to customers. The central bank has instructed both Maybank and CIMB to provide “appropriate communication” to its customers, including attending to complaints and inquiries resulting from the outage as well as providing updates on affected services.
In addition, BNM has also required both banks to provide a full explanation of the root cause leading to the incidents, and provide any corrective and preventive measures undertaken to avoid a recurrence. The central bank’s statement also stated that it expects all banking institutions in Malaysia to maintain high availability of banking services at all times, and will not hesitate to take further supervisory actions on banks that do not meet its regulatory and supervisory expectations.
All this is well and fine, it does not address the sheer inconveniences the customers of the se banks has to face. Is there proper supervision, monitoring and enforcement put in place by these banks, well clearly these must be beefed up to safeguard their customers.
Many business owners and individuals have complained that it was not the first time as it has been a frequent occurrence among other banks, not to let the above two banks of the hook. The Banks seem to have a well-rehearsed answer often telling customers the system is down and that data processing will take time over counters.
Baker Tilly Malaysia’s managing partner in Audit and Assurance, Dato’ Lock Peng Kuan, said that reducing security issues and scams in the digital realm of banks and other financial institutions require a multifaceted approach that includes technological enhancements, regulatory enforcement, corporate responsibility, public awareness, and community involvement.
“In the fight against security issues and scams, the role of key technologies such as robust multi-factor authentication, end-to-end encryption, consistent software updates, and advanced AI-driven fraud detection cannot be overstated. Regulatory bodies must play their part by enforcing strict data protection standards to uphold security integrity,” emphasised Lock.
BNM said on Tuesday night that both banks were also required to provide corrective and preventive measures to avoid a recurrence of similar issues.
BNM said it takes a severe view of the recent banking service outages by two of our largest banking institutions, which have caused disruptions and inconvenience to customers.
“The banks have also been instructed to ensure appropriate communication with affected customers, including promptly attending to any complaints and inquiries resulting from the outage and providing timely updates on affected services,” it said.
“At Baker Tilly, we view combating scams as a collective effort, driven by our employees and supported by our Purpose Hub.
“There is a need for Automation and Innovation teams to take the lead in this, conducting regular simulated phishing tests and interactive training sessions to enhance vigilance. We also believe in the power of public awareness campaigns and educational programs to stress the importance of digital hygiene and information verification.
“We encourage individuals to adopt safe online behaviours like regular software updates and strong passwords. Furthermore, community safety measures like banks’ ‘kill-switch’ functions are instrumental in mitigating risks,” shared Lock.
“By integrating these strategies, banks, businesses, and organisations can bolster their defences against breaches and scams, thereby protecting sensitive data and promoting a security-aware culture at all levels,” he added.
Kandiah Chelliah, a prominent lawyer and social commentator, said, “This type of Banking Services Outage should not be allowed to occur by the country’s two most significant and most popular banks. It’s quite incredible that the two banks failed to implement” Quick Response Systems,” i.e., to kickstart the system for at least a substantial period before the problem was rectified.
“This system failure has a widespread effect on the local consumers of banking services. Banks and financial institutions should implement strict measures to ensure such a breakdown does not recur.”
Kandiah’s comments followed Bank Negara Malaysia (BNM) ‘s directive for the two to fully explain the root cause of the incidents.
S. an IT technology consultant, said, “The banks should conduct thorough audits of customers’ accounts so that they do not lose any money. If some have lost money, these banks must immediately try to recover it through cybersecurity measures. Banks must be open, transparent and keep their customers (whose money it actually is) in the know in a timely manner.
“At the same time, these banks must identify what causes the system collapse and possibly, what modus operandi scammers use to defeat the bank’s protection systems. Another aspect to look at is whether any losses, in terms of customers’ monies, are insured, and will they be reimbursed?
“The Banking system must ensure every online transaction of more than RM3,000 (at most) undergoes manual confirmation by banks before approval. Once an OTP has been compromised, it has to undergo another layer of protection before OTP approves transactions, as a safeguard,” Santhirapalan said.
He added that banks should form external forensic audits to identify system weaknesses and avoid future scammers’ intrusion. He also suspects the recent rapid responses by the said banks suggest a cover-up and BNM must investigate their real weaknesses.
The article was written by journalist, media coach, adjunct professor and author M. Krishnamoorthy.
