CIMB Bank group strengthens security measures

• SecureTAC authorisation is mandatory started Dec 5
• First time logins to be done over the phone Dec 26

CIMB Bank Bhd and CIMB Islamic Bank Bhd collectively announced that they are rolling out new security measures for their CIMB Clicks and CIMB OCTO apps.

In a statement, the banks said this includes compulsory SecureTAC authorisation via the CIMB Clicks App for transactions of US$22.70 (RM100) and above and a mandatory customer call verification process for first-time app logins.

“CIMB is committed to implementing stringent security measures to protect our customers against scams, in line with Bank Negara Malaysia’s direction on additional measures to strengthen banking security to combat fraudulent activities,” said Abdul Rahman Ahmad, CIMB Group Group CEO .

“Whilst these new measures may initially affect banking convenience, we believe they are necessary steps towards creating a safer banking environment. We will continue to introduce additional measures progressively to further reduce the risk of fraud and ensure customers can transact with peace of mind,” he said.

Starting Dec 5, customers will no longer be able to receive SMS TACs for transactions. Instead, they will need to install the CIMB Clicks App and approve the transactions via SecureTAC, it said.

The Bank said it intends to extend SecureTAC authentication to include any transactions valued US$22.80 (RM100) and below, as well as non-monetary transactions, by the first half of 2023.

Meanwhile, CIMB urges all customers who have yet to install CIMB Clicks App to download the app from official app stores and turn on notifications in Settings to receive SecureTAC.

Also effective Dec 26, new users or existing users who are logging in to the CIMB Clicks and CIMB OCTO Apps on a new device will undergo a call verification process to ensure that any first-time login attempt or device change is initiated by the account holder themselves. 

Once a first-time login is performed, customers will be required to call CIMB’s Consumer Contact Centre which is available 24/7 at +603-6204 7788 to verify their registration on the new device and to maintain their access, the bank said.

Alternatively, the bank will also reach customers for verification within 24 hours from the first access from a new device, it said.

If a customer is not contactable within 24 hours of their first-time login, or in the event, the verification process is unable to be completed, their CIMB Clicks ID will be deactivated.

The bank also said it will never ask customers for their log-in ID, password or debit PIN during its call verification process. Do not divulge these details and terminate the call immediately if such requests were made.

CIMB Bank Berhad and CIMB Islamic Bank Berhad plan to enhance the verification process further by the first half of 2023 by implementing a compulsory requirement for customers to call the Bank to activate their account first before they can use it.

In addition to the new measures, CIMB said it has been upgrading its fraud management system on an ongoing basis to better identify indicators of potential fraud and scams.

This includes constant fine-tuning of fraud detection rules and utilising machine learning to continuously enhance predictive capabilities to safeguard customers from fraudulent activities, it said.

Customers are reminded to only download the CIMB Clicks or CIMB OCTO Apps from genuine sources such as the Apple App Store, Google Play Store or Huawei AppGallery.

These apps are only available for customers with devices running Android 9 or iOS 12 and above.