Malaysia toughens rules to fight online scammers

Malaysia is toughening up the security measures banks must have in place to tackle the rising tide of financial scams, an initiative spearheaded by the Bank Negara Malaysia (BNM).

The bank has unveiled five additional security measures to be taken by financial institutions to better protect their customers from the fraudsters, especially online scammers.

Governor Nor Shamsiah Mohd Yunus said the modus operandi used by criminals will continue to evolve. She said: “BNM is continuously intensifying efforts and taking steps to combat scams by introducing additional controls and safeguards from time to time.”

The latest measures require financial institutions to switch from SMS One Time Passwords (OTP) to more secure forms of authentication for online activity, including transactions relating to account opening, fund transfers and payments, as well as changes to personal information and account settings.

Nor Shamsiah said financial institutions will also strengthen fraud detection rules and triggers for blocking potentially illegal transactions.

“Customers will be immediately alerted when any such activity involving their banking accounts is detected. As an additional measure, financial institutions will block such transactions, and customers will be asked to confirm that such transactions are genuine before they are unblocked,” she said.

Added to that, there will be a cooling-off period after a customer signs up for an online account, during which no online banking activity is allowed to take place.

Customers will be restricted to one mobile or secure device for the authentication of online banking transactions, and financial institutions will be required to set up dedicated hotlines for customers to report financial scam incidents.

The Governor said: “Financial institutions have been directed to be more responsive to scam reports lodged by customers. They have also been directed to facilitate efforts to recover and protect stolen funds, including to work with relevant agencies to prevent further losses.”

She added: “From time to time, the central bank also issues security advisories to the financial industry highlighting the latest modus operandi of scammers and additional security measures that banks need to implement to protect their customers’ savings.”

Nor Shamsiah praised the role of the Royal Malaysia Police (PDRM) in tackling fraudulent behaviour. The PDRM has implemented various initiatives in this area, including establishing the Commercial Crime Investigation Department (CCID) Scam Response Centre, to make it easier for the public to report financial scams.

“BNM will work together with PDRM, the Malaysian Communications and Multimedia Commission (MCMC), and the National Anti-Financial Crime Centre to further elevate the CCID Scam Response Centre as a more systematic information sharing platform that will enable quicker action to prevent further losses,” she said.

 

Raising public awareness

Nor Shamsiah said it is vital that the people know about how the scammers operate, and the latest schemes they are employing, so they can take the necessary steps to avoid becoming victims.

“In this regard, BNM, the financial industry and law enforcement agencies will continue efforts to enhance the effectiveness of awareness programmes and improve on the dissemination of information to the public,” she added.

The BNM Governor was talking at the launch of the virtual Financial Crime Exhibition, organised by the Museum and Art Gallery of BNM, together with PDRM. It is aimed at educating the public on financial fraud and can be accessed at https://museum.bnm.gov.my/fce.

 

Scale of the problem

Research from Malaysia’s Commercial Crime Investigation Department (CCID) found that 62% of Malaysian consumers are using fintech or e-wallet services, a significant jump from just 15% in 2017. It also found the number of consumers having a digital bank account is expected to double by 2026, reaching almost 40% of the country’s population.

The CCID found that fraud cost Malaysians RM1.61 billion ($348 million), with over 51,000 reported online fraud cases during the pandemic.

It said the most frequently reported fraud threats this year include impersonation scams, e-commerce crime, and phishing, which could lead to account takeovers and unauthorised transactions.