Skip to main content

Mitigating Risk Exposure of Bank Clients to Scammers


Practically every other day there is a scam story oaffecting people who may have accidentally clicked on a Malware link unknowingly.

        Once their phones are controlled by the hackers, the money in their bank accounts will disappear in no time, because of the banking apps are installed on their phones. 

        There is a way that the government and the public can reduce the risks of such problem: making it mandatory for people to keep their money in bank accounts where the apps are only installed on a safe device dedicated only for the use of banking apps. 

-----------------------------------

 Terminology

       For the sake of this discussion, we shall use two terms to differentiate the phones used to install and operate bank apps. 

  • DEDICATED DEVICE: This device can be either an older phone or notepad, usually with a lower version of iOS or Android operating system. This is usually a device that is left abandoned in the house after the user upgrades the device to a newer model.

    This DEDICATED DEVICE can be kept in a safe place at home, turned on only when needed to use the bank apps. It should NOT carry other apps that may have malware. Access to the bank app which has the bigger sums of money (we call it "MAIN ACCOUNTS") should be via a safe Wifi connection. 

  • DAILY USE DEVICE: This is the mobile device  e.g. mobile phone or notepad that bring along in our daily activities. It will have all the other apps that we use, BUT only ONE bank app needs to be installed here. The bank account is used as a "PETTY CASH VAULT". The amounts can be determined by the individual. If the phone is hacked, the maximum amount lost is only the the amount kept in the petty cash vault.
        To put it simply, bank apps for accounts with big sums of money can be placed in a separate device. Your DAILY USE DEVICE will only have a "PETTY CASH VAULT", with an amount say, RM1000. You can replenish if you need to when you are at home.

        Unfortunately, this idea cannot be implemented fully UNLESS: 

  •  DEDICATED DEVICE

    Currently, as banks upgrade their bank apps, a higher version of iOS or Android operating system is often required.

    To date, only CIMB bank app can be installed on an old phone with iOS 12 or below. Before installing the bank apps, suggest to reset the phone to factory defaults and erase all possible Malware hiding in the phone.

  • Multi users Accessibility: Allow the DEDICATED DEVICE to be used freely by members in the same family. This will reduce the need to have a few DEDICATED DEVICES, one for each person. The problem I see now is that the latest bank apps require users to "bind" to a phone for certain aspects of security; hence, other people will not be able to use the same app to log into their own bank accounts.
--------------------------------------------

Other risk mitigation measures that can be taken by the banks:
  • Banks should have ways to lock, for example, one's Fixed Deposits. If access can be done via one set of login credentials, at the very least, have another two levels of security before the huge amounts can be transferred out. 

  • Currently, use of biometrics is good BUT it will become a problem when the client is kidnapped. The use of biometrics, for example, will make it easier to access all the accounts by just putting the phone in front of the face of victim. Or force the victim to put his finger on the sensor. 

  • Risk Mitigations: Banks should allow different accounts within the same bank to be using different login IDs. Or, at least to have another level of security before allowing the user to have withdraw their Fixed Deposits.

    Currently, a single set of login credentials grants access to all accounts, including fixed deposits, which significantly increases security risks and exposes users to potential threats.

    At the same time, implementing device-based authentication for individual accounts would greatly enhance security and reduce vulnerability. 

        



Comments

Post a Comment

Popular posts from this blog

IN ALL FOUR LANGUAGES: Ampun Tuanku, Kerajaan Madani sekarang dalam pandangan saya…

My text is in Malay, but the text in English, Mandarin and Tamil below is provided by Artificial Intelligence.” Teks saya dalam Bahasa Malaysia tetapi Teks bahasa Inggeris, Mandarin dan Tamil di bawah dibekalkan oleh Artificial Intelligence:  Daulat Tuanku, beribu-ribu ampun.  Bukan saja di Malaysia, rakyat mengalami kos saraan hidup yang tinggi tetapi selepas Pandemik Covid, banyak negara mengalami isu yang sama.  Secara ringkas, pinjaman negara meningkat selama ini disebabkan masalah 1MDB, pandemik dan interest yang perlu dibayar.  Berbanding dengan zaman DrM di mana elit yang mendapat bantuan, tetapi masih memerlukan bailout termasuklah anak Dr M sendiri.  Dalam era DSAI, ekonomi beliau yang berteraskan B40 dan M40, ini yang rakyat hendak lihat. Semua bantuan yang disalurkan kepada golongan ini akhirnya juga dapat mempertabatkan GDP dan ekonomi negara dan memanfaatkan rakyat Tuanku.  Dana yang digunakan untuk membantu raykat sekalian akhirnya juga akan m...
Post a Comment
Read more

My heart will go on

  It must be at least twenty years ago when I first encountered Malaysia’s very own Stevie Wonder, Colin Ng Soon Beng. It was during Chinese New Year, at the home of a mutual friend. Colin was only about ten years old then. His mother introduced him to me as a “special child.” She said, “Pick a song. We’ll play it for Colin to listen, and he will play it back for you.” I chose My Heart Will Go On from Titanic. To this day, Colin still remembers that it was the song he played for me. Born with multiple disabilities, Colin’s journey has been anything but ordinary. Being visually impaired, he could not learn music the way most children do. Yet God blessed him with an extraordinary gift: a razor-sharp ear. He could identify the brand of a photocopier or the model of a car simply by hearing its sound. His mother, Janet, devoted her life to nurturing his talent. After losing her husband when Colin was 24, she became not only a mother but also a father figure, chauffeur, and companion in ...
Post a Comment
Read more

DALAM EMPAT BAHASA/ IN FOUR LANGUAGES/在四种语言中/ நான்கு மொழிகளில்: A Piece of Good News Worth Celebratinng

Akhirnya, anak Sarawak ini — Soliman Wan — telah menerima kewarganegaraannya! Dilahirkan 52 tahun lalu di kawasan pedalaman Sarawak, bukan sesuatu yang mudah bagi ayah dan ibunya untuk ke bandar bagi mendaftarkan kelahriannya. Tambahan pula, pada waktu itu, ramai penduduk di Sabah dan Sarawak kurang memahami kepentingan dokumen rasmi sebagai bukti status kewarganegaraan. Soliman dilahirkan pada tahun 1974, ketika Malaysia baru berusia 13 tahun. Kefahaman mengenai kewarganegaraan masih belum begitu meluas, terutamanya dalam kalangan masyarakat yang tercicir daripada arus pembangunan dan sistem pendidikan negara. Kehidupan Soliman sebagai seorang pastor penuh dengan cabaran. Tanpa kewarganegaraan, beliau tidak dapat memiliki kad pengenalan, memohon pasport, membuka akaun bank, dan pergerakannya sangat terhad, malah di dalam negara sendiri. Gajinya terpaksa dibayar melalui akaun individu lain yang dipercayai. Kini, dengan penganugerahan kewarganegaraan ini, komuniti Kristian di gerejanya ...
Post a Comment
Read more