Monday, 15 April 2024

OCBC's anti-malware security feature prevented over $1.4M in losses

5 min read

OCBC’s anti-malware security feature has prevented scammers from making away with more than SGD 2 million ($1.4 million) in savings, from more than 30 customers’ OCBC bank accounts in the first month since its launch on 5 August 2023.

The security feature was first rolled out in version 18.1 of the OCBC Digital app for Android, and since then, no losses from malware scams have been reported by OCBC customers using this version of the app and above.

Between 5 August and 5 September 2023, OCBC received reports from more than 30 customers about their Android mobile phones being compromised by sideloaded apps – apps from sources outside official app stores – containing malware. Scammers used the malware to take full control of these customers’ phones. Nonetheless, there were no losses from the customers’ OCBC bank accounts as the anti-malware security feature in the OCBC Digital app had blocked access upon detection of these malicious apps on the phone. This effectively prevented the scammers who had taken control of customers’ mobile phones from making fund transfers through the OCBC Digital app.

The anti-malware security feature also prevents scammers from logging into OCBC internet banking via web browser to access customers’ bank accounts. A physical hard token, or digital token that is within the OCBC Digital app, is required to log into OCBC internet banking. The blocking of the OCBC Digital app by the anti-malware security feature prevents scammers from using the digital token.

While there was already more than SGD2 million ($1.4 million) in these customers’ savings accounts, the amount that might have been lost to scammers could have been much higher as scammers have previously redeemed fixed deposits and unit trusts early or drawn down cash advances under customers’ credit cards.

Beaver Chua, head of anti-fraud, group financial crime compliance, OCBC, said: “Malware scams targeting Android mobile phone users have increased significantly in the past few months, with social engineering by scammers having become increasingly sophisticated. Sideloaded apps are the main conduits used by such scammers. Once customers’ mobile phones have been infected by malware, scammers can remotely access their mobile phones, and make fraudulent transfers from their bank accounts via banking apps. There was therefore an urgent need for a much stronger defence. We are heartened that since 5 August, none of our customers using version 18.1 of the OCBC Digital app and above have reported losses arising from malware scams.”

“We will continue to monitor the landscape and put in necessary safeguards for our customers, while simultaneously educating them so that they can take their own precautions,” Chua said.

In response to the launch of the OCBC anti-malware security feature on 5 August, the Association of Banks Singapore stated that banks are working closely with government and law enforcement authorities to fight malware scams, and to detect behaviours consistent with known malware activities. Hence, stronger security features are being rolled out. This is in line with the 8 August 2023 statement by the Monetary Authority of Singapore that strongly supported measures by banks to address the risks associated with malware-related scams.

 Re-disseminated by The Asian Banker

Diary of Activities
Finance Vietnam 2024
18 July 2024
Finance Thailand 2024
25 July 2024