Social media abuzz despite CIMB’s assurance on secured transactions


Cimb Bank Bhd’s online banking portal alleged security breaches continued to gain attention on social media despite the bank’s repeated reassurances that its CIMB Clicks website remains secured and customers’ transactions are protected.

“The bank would like to inform that it had, over the weekend, introduced a few additional measures to enhance the security of its CIMB Clicks transactions,” the bank  said yesterday after news of the purported security breach had spread on social media news.

“Apart from ensuring that the system is now able to accommodate passwords longer than eight characters and up to 20 characters, we have also added the reCaptcha security measure on CIMB Clicks to ensure the user is not a bot,” it said in a statement yesterday.

The country’s second-largest banking group based on assets was addressing the alleged security flaws of CIMB Clicks after reports of a possible security breach of the banking website had emerged early morning on Sunday.

Social media platforms had been abuzz with news of the alleged security flaws including allegations of stolen passwords. Talks aboutCIMB continued to trend on Twitter and other platforms like WhatsApp.

The anxiety over the news heightened when some users claimed that the funds had been transferred to online payment site PayPal.

But a cyber security consultant said the claims of hacking and attacks to the site were unfounded.

LE Global Services Sdn Bhd CEO and cyber security veteran Fong Choong-Fook said there were speculations about debit cards that had been charged without the approval of their owners.

“The cases seem to be isolated. There is no need to spread fear before knowing the whole story,” he told The Malaysian Reserve (TMR).

He said unauthorised transfers occurred if the phone used to access the mobile application was hacked by a malware or if a user’s card had been stolen.

Fong said some people were fear mongering the situation, including creating a video to show that one can key in an extra character to their password despite being incorrect and is able to login successfully.

Arus Academy @ MakerStudio coordinator Siti Nabihah Mohamad Rozy said she received texts claiming that her debit card was charged RM13.46 and RM21.56 through PayPal on Sunday morning.

“Upon checking, the transactions were not listed in my history but I changed my password and security settings in case,” she told TMR.

For added precaution, she transferred her money elsewhere.

“My card is just fine, and I never used it for payWave. On top of that, my phone is still pretty new. So I wouldn’t think it is infected by any malware or viruses,” she said.

CIMB Group Holdings Bhd’s share price fell 1.55% to RM5.71 yesterday, but the drop was not related to the news of the bank’s banking portal as Bursa Malaysia’s Main Index dropped 20.34 points to close at 1,641.62.