23 December 2014
Tuan S.M. Mohamed Idris, JP
Consumers Association of Penang (CAP)
10 Jalan Masjid Negeri
11600 Pulau Pinang
Re: Letter dated 19 November 2014 – Concerns regarding our cyber security and electronic banking unanswered
Thank you for your letter dated 19 November 2014. We apologize for the delay but please allow us to respond to the concerns raised in the letter as best we can.
1. Collaborative steps to improve security
One of the central collaborative agencies established under the auspices of Bank Negara Malaysia (BNM) is the Internet Banking Task Force (IBTF) which was set up in 2004 and comprises representatives from BNM itself, its regulatees – the financial institutions, CyberSecurity Malaysia, the Malaysian Communications and Multimedia Commission (MCMC) and the Royal Malaysia Police (RMP). The IBTF plays an important role in keeping abreast with developments and raising public awareness of increasingly sophisticated fraud techniques using more advanced technological capabilities. It also initiates various collaborative efforts to address internet banking fraud and instil public confidence in internet banking services.
One example is the e-banking awareness campaign, launched in January 2013 as a six-month initiative which was a culmination of earlier awareness programmes initiated by the individual banking institutions in Malaysia. The aim of the campaign is to create greater impact in the fight against e-banking fraud and scams so that customers could not only be protected by also undertake their transactions with greater confidence. This campaign involved a multi-pronged approach covering media and online advertising, below-the-line messaging, public announcements and face-to-face interaction with customers. Samples of the press advertisements and flyers are attached for your reference.
From time to time and depending on circumstances, there are more focussed initiatives between specific agencies such as the collaboration between the RMP and The Association of Banks in Malaysia (ABM) to launch an awareness initiative on the various types of scams in the country. The objective of the initiative is to inform and educate members of the public on the different types of fraud and cybercrime scams being used by today’s criminals. You may access the various methods and modus operandi used in these scams through ABM’s website, www.abm.org.my, which provides a link to the RMP website (www.rmp.gov.my/laman-utama/alert-peringatan).
Recently ABM has also published a brochure titled “Don’t be an Online Banking Fraud Victim” which seeks to educate the public on how to stay safe when conducting banking through the internet. We are in the process of disseminating copies of this brochure to our member banks. May we please enquire whether you would like us to send CAP copies of the brochure for circulation as well? We can afford up to 300 copies in this print edition.
Going forward ABM is proposing to collaborate with MCMC on the second phase of its “Klik Dengan Bijak” programme in 2015, which aims to further enhance the public’s awareness about the potential dangers in cyberspace, including financial scams, as well as provide tips on how to use the internet in a safe and responsible manner.
As you may appreciate, one needs to consider the entire cyber space ecosystem and the various stakeholders therein. Whilst banks have and will continue to put in place various measures to maintain the security and integrity of their respective online banking platforms, Malaysia’s cyber security itself does not come under the purview of the banks but rather the MCMC.
With regard to Automated Teller Machines (ATMs), banks have been working closely with the Criminal Investigation Department of the RMP in relation to the hackings of the ATMs. As you may have read in the newspapers recently, a man believed to be responsible for the ATM thefts in Malaysia as well as other countries such as the United Kingdom, Russia, Germany and Canada, has been arrested in London. It would thus appear that Malaysia was not the only country to have been a victim of the malware attacks on ATMs. Be that as it may, we understand that the authorities in each of the affected countries are working closely together to stem the tide and nab all the perpetrators involved.
2. Safety measures taken by banks
We are unfortunately not able to divulge details of the additional security measures taken by the banks. We can however confirm that banks are using (and will continue to use) every endeavour to be vigilant and are collaborating with MCMC on matters concerning cyber security.
In a briefing to the media on 18 November 2014, Mr Tan Nyat Chuan, Director of Payment Systems Policy, BNM acknowledged that over the past years, banks have made significant investments to widen the accessibility, enhance the security and introduce new features to augment the value proposition of e-payment services to customers.
3. Tapping into the experiences of other countries that predominantly use e-payment to minimize cyber fraud incidents in Malaysia
Yes, we are studying and tapping into the experiences of other countries that predominantly use e-payment.
4. “Why push consumers towards something that is doomed to be flawed forever?”
The world is ever-evolving and technology is the buzz word. Just because something is flawed now does not mean we should give up on it altogether and not move forward. Rather, it is a process of continual development and improvement, one step at a time.
As an example, when the banks first introduced ATMs in Malaysia, bank staff had to be stationed at the ATMs to guide and assist customers. Despite the many teething problems and some customers’ distrust of as well as reluctance to use the ATMs, it is today widely accepted and perceived as a basic service provided by banks.
Likewise, we share with BNM’s vision that online banking is the way forward and will become a norm in the not too distant future.
5. Sharing of responsibility
Yes, banks are responsible for the assets of their customers and accordingly continue to take the necessary precautions to safeguard the integrity and security of their systems. We also wish to reiterate that we are not pushing the onus solely onto the consumers. What we are saying is that the responsibility of safeguarding consumers’ assets must be shared between the consumers and financial institutions.
Taking from Deputy Governor of BNM, Datuk Muhammad Ibrahim’s keynote address at the Payment System Forum and Exhibition 2014, “consumers also have an important role to play to avoid becoming victims of fraud. As consumers, we should learn about the simple yet important steps that we can take to conduct safe payment transactions [and] should pay particular attention to the fraud alerts provided by our banks and the police and take the necessary precautions.”
6. Malware attack on ATMs
Financial institutions do have safety nets in place. In this instance, a few banks that were not fully protected were affected. Fortunately, no customers’ money was lost in these incidents.
7. Compensation in the event of fraud
If fault is found to be not on the part of the consumers, banks will compensate the consumers for losses suffered as a result of fraud. However, in the event there is negligence or an element of fraud on the part of the consumer, the consumer would have to bear the losses, whether in part or in full depending on the circumstances of each case.
8. Consumer education and awareness
As part of the “Think Online Safety, Think C.A.R.D.” campaign, road shows were held in various shopping centres around the Klang Valley. We invite you to visit our website (www.abm.org.my/ncgthinkcard/) for more information about the campaign.
In addition to this campaign, other initiatives by banks to educate the consumers and create awareness about online security include sending SMS blasts, placing notices on the ATMs and posters in their banking halls, placement of advertisements in various media and notices on the banks’ websites, but to name a few.
Further, ABM in collaboration with our member banks, BNM and the Association of Islamic Banking Institutions Malaysia held road shows around Malaysia from October 2013 till March 2014. The road shows which began in Seberang Perai, Penang, were also held in Seremban, Melaka, Ipoh, Kuantan, Johor Bahru, Kangar, Alor Setar, Kota Bharu, Kuala Terengganu, Kota Kinabalu and Kuching. These road shows were aimed at providing the general public the opportunity to experience e-banking first hand and enabling them to put forward any questions or concerns they may have regarding e-banking to the bank officers face-to-face.
We will be continuing with a second series of these e-payment road shows beginning in early 2015. More details about this road show(s) will be announced in due course.
9. Herding of consumers towards full online banking
As you would be aware, accelerating the migration to e-payments is one of the key strategies in BNM’s Financial Sector Blueprint to be achieved by 2020. A successful migration has the potential to drive further efficiency gains and cost savings which will improve the country’s competitive position. Research has suggested that a successful migration to e-payments has the potential to save the country about 1% of gross domestic product annually. Banks thus have a major role to play in trying to drive the shift from paper-based payment instruments to e-payments and e-banking towards achieving the government’s Vision 2020 agenda.
We are not “herding” consumers towards online banking as you have stated in your letter. We are cognizant of the different strata of society and are encouraging those who can and are ready to move to do so, as they would enjoy the many benefits of online banking.
10. Gradual approach to e-payment and e-banking
Yes, we agree with your statement that banks approach e-payment and e-banking gradually. As you may recall, BNM announced a new two-pronged pricing strategy for payment services in March 2013 to encourage the use of e-payments. In the first phase, the transaction fee for Interbank GIRO conducted via internet and mobile banking was reduced from RM2 to 10 sen effective 2 May 2013.
The second phase will see the implementation of a 50 sen cheque processing fee with effect from 2 January 2015 which is introduced to reflect the higher processing cost of cheques. As explained by Datuk Muhammad Ibrahim in his above-mentioned keynote address, the 50 sen cheque processing fee collected by the banks will be channelled into a fund under the e-Payment Incentive Fund framework. This fund would be used for infrastructure development and to provide incentives to the banks’ customers to adopt e-payments. Hence, the cheque processing fee goes back to the consumers for their benefit.
Perhaps it would be more constructive if you could share with us the education programmes for consumers which you have in mind for 2015 and we can provide you with speakers on the subject of cyber security and electronic banking. Let us make the electronic banking journey together with both the interests of the consumers and of the nation in mind.
May we take this opportunity to wish you a Happy 2015!
THE ASSOCIATION OF BANKS IN MALAYSIA
Chuah Mei Lin