KUALA LUMPUR: OCBC Bank (Malaysia) Bhd is rolling out a communications plan via electronic direct mailers, social media and the bank's website to guide its customers on switching from one-time passwords (OTP) by SMS to the OCBC OneToken.
As an early adopter of digital tokens, the bank said it is encouraging its customers to switch from OTP to the more secure OCBC OneToken.
OCBC OneToken is a digital token available in the OCBC Malaysia Mobile Banking app that allows customers to securely generate the OTP to authorise their online banking transactions.
According to the bank, the OneToken can only be activated on a single mobile phone at any given time, and provides two factor authentication security as well as built-in defence capabilities to detect threats on customers' mobile phones.
Upon successful OCBC OneToken activation, customers will receive SMS and email alert notifications.
As an additional safeguard following this, OCBC Bank’s customers can only access OCBC Online Banking after a 12-hour cooling-off period.
OCBC Bank CEO Datuk Ong Eng Bin said the majority of the bank's customers have already made the switch to OCBC OneToken but there remains several more who have yet to make the important move.
“Fraudsters are looking to exploit any mistake by customers in order to gain access to their accounts online.
"A significant step every customer can take to protect themselves is to switch from receiving an OTP by SMS to OCBC OneToken instead.
"This blocks out one of the most common ways through which fraudsters try to trick customers into divulging their personal details and OTPs,” he said.
He added that by default, all the IVR messages for the bank’s contact centre numbers, whether for individuals or corporates, begin by asking if they wish to report a scam.
If they do, the next step would be to press “9” to be put in touch with a customer service officer. Only after inviting a person to report a scam does the IVR move on to the other options.