KUALA LUMPUR: All Malaysian banks are on track to fully implement the “two-factor authentication,” a form of online identification security, by Dec 1 as mandated by Bank Negara, said Association of Banks in Malaysia (ABM) chairman Datuk Abdul Hamidy Abdul Hafiz.
Several banks have already implemented the system as an additional security measure, Hamidy, who is also Affin Bank Bhd managing director and chief executive officer, told a press conference yesterday.
Datuk Abdul Hamidy Abdul Hafiz In the two-factor authentication, customers must confirm their identities through something they know, like a personal identification number (PIN) or password, but also with something physical, like a hardware token with numeric access codes that change every minute or a biometric device.
On recent cases of online banking fraud through “phishing” or SMS, ABM said these were not the result of any intrusion into the Internet banking systems.
“Rather, they occurred as a result of customers inadvertently revealing their user IDs and passwords to third parties,” it said, adding that it was not the practice of any bank in Malaysia to send e-mail or SMS to Internet banking customers asking them details of user IDs or passwords.
The two most common forms of phishing were social engineering or tricking the customer into revealing his or her password and user ID, and through a phoney website of the bank that the user was sent to when a link on an e-mail was clicked on, said ABM council member Piyush Gupta, who is also Citigroup Country Office and Citibank Bhd chief executive officer.
“We urge all customers to contact their respective banks first should they receive any suspicious e-mail or SMS,” said Hamidy.
At present there are 2.5 million Internet banking customers in Malaysia, conducting some 12 million transactions a month, while the growth rate for Internet banking customers was 20% in 2005.
The security system for Internet banking in the country was not only in line with, but often exceeded, the minimum requirements of Bank Negara and was on par with international standards such as ISO 17799 and accredited independent security consultants, Hamidy said.
“We wish to emphasise and assure the public that Internet banking will continue to be safe, given the technology and security measures that are in place. However, it is a dual responsibility of customers and banks that is critical in addressing this issue of online fraud,” he said.