Concerns Regarding Our Cyber Security And Electronic Banking Still Unanswered

The Associations of Banks in Malaysia (ABM) has endeavoured to address the Consumers Association of Penang’s (CAP) concerns regarding Malaysia’s cyber security but unfortunately have left many queries unanswered. CAP believes it is necessary that we spell out our concerns clearly and in detail once more, so that they may be addressed appropriately; and we hope that relevant parties are able to explain things in a plain manner.

 We would much appreciate it if those in charge could explain to us very specifically, what new measures will banks take to ensure our cyber security is iron clad. After all, vague explanations accompanied by declarations of repeating the same old security measures to combat new threats do not exactly incite consumer confidence.

CAP is curious if all relevant parties are studying countries that are already primarily using e-banking and e-payment and have a high percentage of cyber fraudulent activities? Are banks tapping into the experiences of other countries that predominantly use e-payment to minimize cyber fraud incidents in Malaysia?

ABM has stated that fraudsters will forever device new ways to exploit weaknesses in the system and take advantage of unsuspecting consumers. This is unacceptable as it is clearly just an excuse to pardon the shortcomings of banks. If what they say is true, then why push consumers towards something that is doomed to be flawed forever?

They have also articulated that consumers fall victim to fraudsters due to their lack of awareness and knowledge regarding recent scams and to us this sounds very much like consumers are being blamed for successful fraudulent activities. ABM is also saying that it is the consumers’ responsibility to protect their assets and devices. Is it not the responsibility of institutions, such as banks, to protect consumers and their assets? Please stop putting the onus on consumers and be responsible instead.

Since ABM is of the opinion that consumers fall victim to fraudsters because they are unaware and unknowledgeable when it comes to recent scams; can we then assume that banks in Malaysia are unaware and unknowledgeable as well since they themselves were unable to detect the latest major fraud activity where nearly RM 3 million was taken from our ATMs until it was too late. We believe it is important that the institutions safeguarding our assets be on their toes at all times and that they equip themselves with vital knowledge and information.

In addition, the not so subtle herding of consumers towards full online banking shows insensitivity on the part of banks. Many people in Malaysia are still technologically stunted; they do not own smartphones and/or have not subscribed to data plans and rely on the availability of Wi-Fi. It is irresponsible to assume that everyone can afford to have a smartphone equipped with a data plan as a significant number of consumers can only afford the conventional way of banking. To add insult to injury, this bullying of consumers to use e-payment and e-banking assumes that everyone is tech literate, which is not the case.

What’s more, if indeed consumers are not knowledgeable enough on the latest scams and how to protect themselves when conducting online banking, all banks and related parties should be doing more to educate consumers. Posting “do’s and don’ts” on your website is not enough; ABM cannot expect that consumer know where to go looking for such information. There is an awareness campaign that has been featured in the news but anywhere else you look it is non-existent. What are banks, Bank Negara Malaysia (BNM) and ABM doing to increase awareness among consumers?

ABM has declared that in relations to e-banking and e-payment, “fraud incidents only accounted for 0.0054% of total transaction volume and 0.0011% of the transaction value of electronic payment transaction” and the pay-off of “affordability, convenience and speed, far outweigh the risks given the low level of fraud”. Thus, CAP believes that banks should have no issues monetarily compensating victims of cyber fraud without going through any red-tape since banks seem to consider such a “small” sum of money negligible.

We reiterate our view that Bank Negara Malaysia and all banks should stop pushing consumers towards e-banking and e-payment until we can be sure that our cyber security is not so easily compromised. Furthermore, since such an abrupt change will no doubt cause much anxiety to the technically illiterate, perhaps it would be wise to approach e-payment and e-banking gradually; customers can slowly migrate to this form of payment over the span of a few years.

Letter to the Press, 19 November 2014