Local e-banking systems remain intact despite CIMB’s glitch

CIMB clarifies that the ‘direct debit’ transactions were legitimate debit card transactions done by customers themselves


MALAYSIA’S e-banking systems remain secured despite a recent glitch affecting CIMB Bank Bhd’s customers, specifically on direct debit transactions, during the Movement Control Order period.

A cyber security expert, LE Global Services Sdn Bhd CEO Fong Choong Fook said online and mobile banking systems in Malaysia are safe, and that most hacking cases occurred due to weaknesses among consumers.

“Our e-banking systems are generally safe. Consumers need to be aware that in most account hacking cases lie the consumers themselves which include computers being hacked, the TAC (transaction authorisation code) number accidentally revealed to strangers, and username and passwords being captured via untrusted networks,” Fong told The Malaysian Reserve.

Local bank users were panicking last weekend over their savings when some of CIMB customers reported seemingly unauthorised transactions executed through auto debit.

Some of the customers claimed on social media that their accounts were being deducted in the range of thousands of ringgit.

In response, CIMB clarified that the direct debit transactions were legitimate debit card transactions done by customers themselves.

“These were isolated incidents relating to incomplete transactions performed by customers with overseas merchants, such as online streaming subscriptions/services.

“However, the transaction descriptions were re-termed as ‘direct debits’, causing confusion for our customers. We apologise for the confusion and we will be communicating with the affected customers directly,” CIMB said in a Facebook posting on Saturday.

The company further said in the Facebook posting’s comment section that customers who were impacted by the “direct debit” transactions will be receiving an SMS (short message service) notification with the details of their transactions, such as date, amount and the merchant description.

The bank added that it will reverse the 1% administration fee charged by Mastercard, which was factored into these transactions.

Early last month, it was reported that credit card details from at least six South-East Asian countries — including Malaysia and Singapore — have been leaked online.

CIMB, which had suffered data leak issue in the past, clarified that there is no “no credible evidence that any actionable customer data has been compromised from us”.

Fong said consumers need to ensure that they are connected through a known and trusted network, for instance their home WiFi instead of a public WiFi, when doing online banking and shopping.

He added that the public must keep their computer software and antivirus updated, while being prudent to the latest cyber threats.

Additionally, he said consumers must beware of scam calls that trick them on e-banking details and TAC information.

“We anticipate continuous attacks still coming from phishing emails and spams. When in doubt, do not open suspicious attachments and do not click any links in the emails,” he said.