CIMB has announced the measures it will be taking following the Bank Negara Malaysia mandate earlier in the week. For the most part, the changes that the bank is promising is similar to what Maybank has announced this week.
To start, CIMB has announced that it will be migrating away from OTP SMS by the first half of next year. When that happens, the only method of authentication that will be available for customers will be SecureTAC via the CIMB Clicks App. On that note, the bank will also be implementing measures to limit customers to only having one secure mobile device for authenticating banking transactions. This is expected to roll out by the end of October.
In addition to the above safeguards, CIMB will also progressively introduce a cooling-off period for when users register for online banking for the first time, or when designating a secure device. No time window was provided for this, but the bank says that activation of service will only take place after verification or contact has been made with the customer.
On the flip side, if a customer suspects their banking details to be compromised, CIMB says that it is working on letting customers temporarily suspend their own account. This service is expected to be made available by the first half of 2023 as well, on its digital banking platform.
Something else that CIMB plans to change with the way it does things relates to messages that it sends to customers. The bank says that by the end of the year, it will stop including clickable links in SMS that it sends to customers. So if you get an SMS claiming to be from the bank, but it includes a live URL, you can safely write it off as a scam attempt and ignore it.