KUALA LUMPUR, Nov 3 — Bank Negara Malaysia (BNM) Deputy Governor Datuk Marzunisham Omar shared with Bernama in an exclusive interview on measures to strengthen safeguards against financial scams in the country:
1. BNM recently announced additional measures for banks to act in order to strengthen safeguards against financial scams. Are these measures sufficient, seeing that the cyber threat actors continue to find new ways/methods and evolve their techniques?
This issue of scams is a concerning development, not just for us in Malaysia but around the world. Criminals will find every and any opportunity to scam victims, and we have to be prepared that they will continue to devise more sophisticated means.
That’s why keeping banking and payment channels secure and equipped with the latest security controls and fraud risk management capabilities is a priority for BNM and the financial industry.
We will remain alert and, from time to time, update and heighten regulatory requirements and security measures to take into account new risks and modus operandi.
As recently announced on Sept 26, BNM has set out five key measures, including migrating away from SMS One-Time Passwords (OTP) to more secure forms of authentication.
That said, criminals will find new ways to scam victims. So, BNM will continue to study scammers’ tactics and take the appropriate steps, including implementing additional measures to address these new tactics.
At the same time, to combat scams effectively, we need a whole-of-nation approach. We will collaborate with other stakeholders, such as the Royal Malaysia Police (PDRM), to pursue more effective and coordinated enforcement actions.
Each and every one of us, as individual banking consumers, have a role to play. For this reason, financial institutions are stepping up efforts to educate and create awareness among their customers on the latest scam tactics and steps one can take to avoid becoming a scam victim. For example, customers must never share their security credentials, such as passwords and OTPs, with others.
2. In recent events, we have seen some cases where customers’ money was transacted without their knowledge, and this happened to be one of the new situations arising. Why is this happening? Is BNM aware of such cases?
In most of the recent cases where victims claimed that their monies went missing from their bank accounts, it was observed that these victims’ mobile devices were compromised. This is likely due to victims downloading files or applications (apps), such as Android Package Kit, from unverified sources or links onto their mobile devices.
Criminals get victims to click links or download malicious apps by putting up fake advertisements for products or services such as food delivery or maid services. Recently, we have even seen fake ads for pet grooming services!
These malicious apps and pages will ask customers to pay for the product or service through a legitimate-looking online banking interface where banking credentials such as usernames and passwords would be stolen.
Once downloaded, these apps can also access, read, hide and delete your SMS messages. Consequently, scammers can now read the SMS OTP from your bank. This leads to unauthorised transactions, which is why some victims claim they never received any SMS OTP or transaction notification.
For this reason, it’s important that devices we use to conduct banking transactions, such as mobile phones, have up-to-date software and operating systems. Do not click on suspicious links or download apps from unverified sources.
Whenever prompted to key in your banking security credentials like your password or OTP, make sure that the URL of the page is the correct one and that the connection is secure. If you are not sure, abandon the transaction.
Some of the measures taken by banks include the removal of hyperlinks from SMSes sent. So, if you do receive any hyperlink via SMS purportedly from your bank, please do not click on it. Always call your bank to verify the information received.
3. Cooperation between service providers and relevant authorities is crucial to combat the threat of financial scams. How do you see the integration between mobile network operators and financial institutions in tackling financial scams to date?
Criminals know that mobile phones play a big part in our lives, and they know that 98 per cent of the adult population has access to mobile phones. They are taking advantage of this fact to prey on victims.
In the past, a lot of this was done by making phone calls where scammers impersonated banks or other authorities to obtain personal banking information or to lure unsuspecting victims into transferring funds.
Increasingly, we are seeing the use of SMS, WhatsApp and other social media, urging customers to click links or open attachments that lead to compromised accounts.
Therefore, the telecommunications network is a critical link, and so mobile network operators have a part to play in addressing financial scams. One such area of collaboration between the telecommunication companies (telcos) and the banking industry is the National Scam Response Centre (NSRC).
The centre was established as a command centre to coordinate rapid responses to online financial scams. Based on scam reports received by the NSRC, the Malaysian Communications and Multimedia Commission (MCMC) will take steps to terminate phone accounts used by criminals.
As announced during Budget 2023, one of the measures to curb scams being explored by the authorities is to provide a platform for the public to report any account or mobile number suspected of being used by online scam criminals.
4. The Prime Minister’s Department recently announced the establishment of the National Scam Response Centre (NSRC). What can the public expect from the NSRC?
The NSRC was established as a command centre to coordinate rapid responses to online financial scams. The NSRC is a joint effort between the National Anti-Financial Crime Centre, PDRM, BNM and MCMC, together with the banking industry and telcos.
By putting these different agencies and organisations under a single umbrella, we can better pool our resources and share information to take quicker action, especially tracing stolen funds and then freezing them. The goal is for law enforcement agencies to track down the criminals behind the scams and ultimately bring them to justice.
It is very important for victims to immediately contact their bank’s dedicated scam hotlines or NSRC’s hotline at 997 as soon as they discover that they have been scammed. This is to enable prompt action to be taken to prevent further financial losses.
After alerting the bank or NSRC’s 997 hotline, victims of financial scams must make a police report at the nearest police station as soon as possible. This is important to allow authorities to launch a formal investigation and bring the perpetrators to justice.
5. Public awareness is an important aspect of dealing with financial scams. Do you see any need for the government to introduce new laws or regulations, specifically involving acts of negligence among the public, to increase the awareness of financial crimes?
Indeed, public awareness is important, and as I mentioned earlier, the public plays an important role in combating financial scams.
In the recent Financial Capability and Inclusion Demand Survey conducted by BNM, 37 per cent of the respondents mentioned that they are willing to share their passwords or PIN number with close friends, while only 38 per cent pay attention to the security of a website before making online transactions.
These findings are very concerning. Hence, each and every one of us must take responsibility to protect our personal and banking information and never disclose our security credentials to any individual, be it our username, password, PIN, TAC or OTP number. We should also not download apps from unverified sources or click on suspicious links.
Rather than legislate or regulate customer behaviour, our priority is to educate and inform the public so that they remain alert and aware of scams while knowing how to protect themselves against such threats.
Scam awareness initiatives have intensified in recent months. For example, through the Amaran Scam Facebook page, the public can get reminders and advisories on the latest scam tactics and how they can protect themselves against financial scams.
October was also the Financial Literacy Month, and over the course of the month, the Financial Education Network Mobile Coach travelled to 61 locations across seven states, meeting with local communities around the country and reaching all walks of life to impart financial awareness and education. This includes the promotion of safe and secure use of digital financial services by consumers.
On Oct 30, 2022, the banking industry came together to launch The National Scam Awareness Campaign as a continuation of an effort to educate consumers on financial scams while sharing tips to stay safe online. The campaign, with its tagline of ‘Ingat 3 Saat OK’ and focusing on the actions of Stop, Think and Block, is expected to roll out this month (November) with more prominent messages across multiple channels.
In addition, in September, BNM and PDRM collaborated to launch the virtual Financial Crime Exhibition to educate the public against financial scams. The virtual exhibition, which can be accessed at museum.bnm.gov.my/fce, featured various types of financial crimes and how it has evolved over time.
6. Increasing cyber threats around the globe is one thing that is concurrently related to increasing financial crimes. How does BNM see the trends of financial scams, especially in this enhanced digital society?
We do acknowledge that globally, cyber threats and related financial crimes are on the rise, in tandem with increasing online and digital abuses. For example, the exchange and consumption of information have become much easier, thus presenting an opportunity for fraudsters and scammers to exploit any gaps and weaknesses that they can find. This, coupled with low awareness of using digital financial services responsibly, may lead individuals to fall victim to financial scams.
Therefore, BNM will continue to collaborate with the financial industry to increase public awareness, particularly on how financial consumers can transact online safely and securely. For example, our recently launched e-Duit campaign (Selamat, Senang, Segera) focuses on educational programmes to enhance e-payment literacy and awareness of good cyber hygiene practices.
Financial services providers will also focus on their safety features to ensure consumers can transact online securely. BNM will also continue to enhance the banks’ security measures while pursuing more effective and coordinated scam response and enforcement actions.