PETALING JAYA: With rising cases of online fraud and unauthorised access of personal data, financial institutions should upgrade their security systems and engage cybersecurity experts to address such threats, said criminologist Datuk Dr P. Sundramoorthy.

He said apart from rogue bank officials complicit with scam syndicates, the other threat to sensitive data leakage are online hackers.

“Crime prevention initiatives and strategies do come with a cost. However, the mid-term and long-term benefits will eventually outweigh this cost.

“Banks must prioritise security and protect its customers by all means before more fall victim,” said Sundramoorthy, who is with Universiti Sains Malaysia’s Centre for Policy Research.

He said securing confidential information by having a comprehensive and multi-layered approach to cybersecurity and data protection is a primary security step banks should adopt.

He said there are several ways banks can help protect the personal financial data of their customers such as strong encryption, secure servers, firewalls and keeping software up to date to prevent data breaches.

Sundramoorthy told The Star that strict policies and regulations restricting access to customer data should be a bank’s priority.

He said banks should also limit which employees can access sensitive customer information and have strict data access policies in place.

“They must have a system using multi-factor authentication. There should be multiple steps to verify a user’s identity, such as a password plus a one-time code, making it harder for unauthorised access. There must also be frequent and consistent monitoring of transactions and accounts, alerting customers promptly if any suspicious activity is detected,” he stressed.

Sundramoorthy said banks should also constantly educate its clients on online security, to identify scams and other measures to protect their data and not solely rely on law enforcement to keep the public in the know.

Certified fraud examiner Raymon Ram, who specialises in financial forensics and fraud risk management, said the recent arrest of two bank officers who allegedly aided a scam syndicate underscores the importance of cybersecurity protocols.

The bank officers were nabbed in March for aiding a scam syndicate in online fraud.

Selangor police believe they supplied scammers with dozens of mule bank accounts meant for moving funds from victims.

Raymon said while banks in Malaysia had stringent security protocols to protect customer’s data, the case proved there were vulnerabilities that can be exploited through insider threats, corruption or online hacking.

“The risk of corruption and hackers exists and cannot be entirely discounted. Continuous improvements in cybersecurity protocols, adherence to standard operating procedures and rigorous enforcement of the Financial Services Act (FSA) 2013 are essential to mitigate these risks and maintain public trust in the financial system,” Raymon said.

He said the Personal Data Protection Act (PDPA) 2010, guidelines from Bank Negara and the FSA collectively provide a robust legal framework to safeguard customer data. He said the FSA mandates strict regulatory compliance, internal controls and oversight mechanisms to prevent misuse of information and ensure accountability within financial institutions.