Online Banking

Online security

OCBC Online Banking Security Guarantee

Our online security commitment to you

At OCBC Bank, we are committed to protecting the security of your online transactions. Our website uses leading-edge and industry-standard technology and processes to ensure that your privacy and transactions are not compromised, and that your interests are safeguarded at all times.

 

Our guarantee against losses due to fraud*

As an assurance of our commitment, we guarantee a full refund of any money that has been lost due to fraud via our Internet and Mobile Banking service. You can bank online with an absolute peace of mind that your money is protected against fraud.

 

Suspected fraud? Inform us immediately

In the unlikely event should you become a victim of an unauthorized transaction, please inform us immediately if you notice anything irregular. You can report to us at 1300 88 5000 or by contacting one of our branches.

Upon receipt of your report, we resolve to get back to you within seven (7) working days. Depending on the complexity of the claims, we will notify you accordingly if we require more time for investigations.

 

How to protect yourself from fraud

You can play a part to protect yourself from fraud by adopting the following simple measures:

  • Keep your 2-Factor Authentication Token secure at all times
  • Do not share your security details with anyone (these include your Login ID, Password and 2-Factor Authentication Token)
  • Equip your PC with the latest anti-virus software to protect yourself against any virus or malicious attack

 

Unauthorised transactions on account

Change your password and contact us immediately at 1300 88 5000 or 603 8317 5000 if you are calling from overseas.

To change your password:

 

  1. Login to online banking.
  2. Under “My Profile” menu, Select “Change Password” 

Your Password should be 6-12 characters only.

 

Timed log-off

If you leave your computer or forget to log off, our system will automatically log you off after 5 minutes.

Prevent browser from storing Login ID / Password

Deactivate the function accordingly:


Internet Explorer

  1. Launch your Internet Explorer browser and click on "Tools" >> "Internet Options" >> "Content".
  2. Under "AutoComplete", click on "Settings".
  3. Uncheck "User names and passwords on forms".
  4. Click "OK" to save your settings.


Mozilla Firefox

  1. Launch the Firefox browser and click on “Tools” >> “Options” >> “Security”.
  2. Under Passwords, uncheck “Remember passwords for sites”.
  3. Click "OK" to save your settings.


Google Chrome

  1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
  2. Click “Options” >> “Personal Stuff”.

Under Passwords, check “Never save passwords”

Verify that the website is secure

Things to remember:

  1. Check that you are on our official website at https://www.ocbc.com.my/internet-banking   
  2. Check that the lock icon displayed is enabled at the bottom right-hand of the screen.
  3. You can also verify that the website has the security certificate. This is how you can check:

Internet Explorer

  1. Right-click your mouse.
  2. Select “Properties”.
  3. Click on “Certificates”.
  4. For secured site, you will see the details of the security certificate information.
  5. For unsecured site, there is no security certificate information.


Mozilla Firefox

  1. Site Identity Button will display in one of three colors - grey, blue, or green.
  2. Grey indicates that the site doesn't provide any identity information at all. Also, the connection between Firefox and the server is either unencrypted or only partially encrypted, and should not be considered safe against possible eavesdroppers.
  3. Blue indicates that the site's domain has been verified, and the connection between Firefox and the server is encrypted and therefore protected against eavesdroppers.
  4. Green indicates that the site provides fully verified identity information about its owner, and that the connection is encrypted.


Google Chrome

  1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
  2. Click “Options” >> “Under the Bonnet”.
  3. Under HTTPS/SSL, check the box for “Check for server certificate revocation”.

Clear browser cache after online banking session

Internet Explorer 

  1. Go to “Tools”.
  2. Go to “Internet Options”.
  3. Select “General”.
  4. Under browsing history, click the “Delete” button and select “Temporary Internet files” and “Cookies” for IE8 and above.
  5. Click “OK” to delete all temporary internet files and cookies.


Mozilla Firefox 

  1. Go to “Tool” >> “Clear recent history”
  2. Check the boxes for “Browsing & Download History” and “Cookies”


Google Chrome

  1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
  2. Click “Options” >> “Under the Bonnet”.
  3. Under “Privacy”, click “Clear browsing data”.

Error message indicating an unsecured connection

Please check that your browser is able to carry out secured transactions. This is how you can enable your browser to make such connections:

 

Internet Explorer

  1. Select “Tools” from the pull-down menu in your browser.
  2. Select “Internet Options”.
  3. Select “Advanced” tab.
  4. Scroll down to Security. Ensure that “Use SSL 3.0” is selected.
  5. Click “OK”.


Mozilla Firefox

  1. At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP) and click “Options”.
  2. Select the “Advanced” panel.
  3. Click the “Encryption” tab.
  4. Verify that “Use SSL 3.0” and “Use TLS 1.0” are checked. 
  5. Click “OK”.


Google Chrome

  1. Click “Customise and Control Google Chrome” menu.
  2. Click “Options”.
  3. Select “Under the Bonnet” tab.
  4. Go to “HTTPS/SSL” section.
  5. Click “Manage certificates”.

In the “Certificates” window you can import, export and remove your SSL certificates.

Password Tips

Selecting a secure password:

  • Choose a password consisting 6 to 12characters. Your Password must contain both alphabet and number for added security

  • Mix your password with number, upper and lower-case alphabets

  • Do not use simple words or use word repetitively (e.g., 7eleven, seven11, etc.)

  • Use a secret 'expression' (see examples) to help you to remember your password easily

  • Select a unique password, not one that you are using for some other purpose.

  • Don't use sequence such as abcd123 or 123abcd, whether backwards or forwards


  • Secure password examples are given below but please, do not use these examples! Create your password based on your secret expression to help you to remember

    Expression: Four of us climbed Gunung Brinchang in Cameron Highlands
    Suggested password: 4oucGBiCH

    Expression:Mango, lychee and longan puddings are my favourites
    Suggested password: MLL9mf

    Expression:Monsoon begins in December
    Suggested password: Mnbi12

    Ensuring your password security


  • Log off immediately after use

  • Don't tell anyone your password

  • Don't write your password down anywhere or store in file in your computer

  • Make sure your chosen password cannot be guessed easily

  • Change your password if there a chance someone might know your password.

  • Make sure no one can see your password when you are using it

  • Be wary of websites that unnecessarily require your OCBC password.

  • Please clear your browser’s cache and history after logging out


  • Change your password if


  • You have not changed it for six months.

  • You are notified that it does not meet current standards.

  • You have told it to anyone or have written it down anywhere.

  • You have logged onto a system in another country. If you notice any discrepancy in your account(s) or if you suspect that someone has been using your OCBC Internet Banking Login ID to access your account, change your Password and contact us immediately at 1-300-88-5000 (with Malaysia) or 03-83175000 (outside Malaysia) when calling overseas.


  • Entering OCBC Internet Banking


    To login, please key in Internet Banking Login ID and a Password, which is only known to you.

    During the Session

    Once you have logged in, all communications are encrypted to protect the confidentiality of your transactions using Secure Sockets Layer (SSL 128 bit), the highest level of encryption used.

    The session will automatically be terminated if account remains unused for 10 minutes.

    This reduces risks of unauthorised access to your account.

    Security Tips

      Online Scams

    Although phishing is now widely known, it is not the only online scam that exists. To counter this problem, it is strongly encouraged that you exercise caution, and prudence to protect yourself from such scams. Knowing how some of these work, will equip you with the knowledge to recognize the tell-tale signs of a scam and safeguard yourself against online fraud.

    Always bear in mind the following :
    OCBC will never request for you to provide your private particulars such as Login ID or Password for whatever reason.
    When in doubt or suspicious about the authenticity of the request, always double-check with the bank. Contact us via our official channels: www.ocbc.com.my or our hotline 1300-88 5000. Never rely on any information or link from the fraudulent email.

    Some of the more common scams

    Vishing (voice phishing)
    "Vishing" stands for voice phishing and is one of the variations of the phishing scam.

     a) "Vishing"
    How it works -an email is sent out requesting the recipient to verify his bank account immediately by calling the stated number in the email. The information given by the recipient over the phone will then be used to siphon money out of his bank account.

     b) "Cold-call Vishing"
    Automated programs are designed by the fraudsters to make random calls to as many people as possible. The recipient will hear a pre-recorded message citing some valid sounding reason requesting the recipient to enter his account number and PIN or other sensitive information for verification. The information is then used in the same way as illustrated in scenario a). 
     
    "Nigerian Scams"
    These get-rich-quick scams have been around for many years, initially through letters, faxes, telexes and have progressed to emails.

     How it works - a fraudulent email is sent on behalf of a very rich and powerful individual or a government office. The email requests the use of the recipient's bank account to transfer large sums of money out of their country. In return, the recipient will be rewarded handsomely. Should the recipient respond, the fraudster will eventually request for some money to be sent citing reasons like the need to bribe officials who are blocking the transfer.

    This is a classic example of "if an offer is too good to be true, it usually is".

    Other variations:

    - the recipient is a winner of a foreign lottery and will need to pay tax before he can receive his winnings.
    - the millions of dollars that need to be transferred is part of the embezzled funds of an ousted / deceased dictator.
    - the sender purports to be a company representative and you will need to pretend to be the next of kin of a deceased
      customer in order to receive a certain percentage of the estate

      Other Security Tips

    A) Protecting Your Password

    Your password is important. Follow these tips when selecting a secure password:

    • Never reveal your ID and Password to anyone. If you suspect that someone has gained access to your User Name and Password, change it immediately.
    • Do not use the same number or letter sequence for User Name and Password.
    • Avoid using the same password for everything, such as email, voice mail, etc
    • Use both upper and lowercases or mix letters with numbers and if possible include symbols.
    • Avoid easily identifiable passwords such as phone numbers and birth dates.
    • Change your password frequently using the "Chg Passwd" function.
    • If you suspect any unusual activity or the last logon time stamp, you should immedialtely change your password by using the "Chg Passwd" function.
    • Do not use password from other Internet sites.
    • Do not leave your system unattended when you are logged on to https://www.ocbc.com.my/internet-banking/
    • Always clear your PC browser's cache after each session. This will ensure that all your account information is permanently removed from your system memory. How to Clear Your Cache

      • For Internet Explorer, please select Tools > Internet Options > General > Temporary Internet Files > Delete Files .
      • For Firefox, please ensure that "Cache" is selected under Tools > Options > Privacy > Private Data > Setting.  Click "OK" to confirm and select "Clear Now" .

    • Check and ensure that your PC browser does not store your password. If you are using Microsoft Internet Explorer 5.5 and above, you should check and ensure that the browser's 'Use Online AutoComplete' function is disabled.
      • On you Internet Explorer browser Menu bar, go to [Tools].
      • Select [Internet Options].
      • Select [Advanced] and scroll down to [Browsing].
      • Uncheck [Use Online AutoComplete].
      • Click [OK].

    B) Additional Security Tips

    • Install anti-virus or anti-spyware and firewalls in your personal or home computers, particularly when they are linked via broadband connections, digital subscriber lines or cable modems.
    • Update the anti-virus and firewall products with security patches or newer versions on a regular basis.
    • Remove file and printer sharing in your computers, especially when they have Internat access via cable modems, broadband connections or similar set-ups.
    • Make regular backup or critical data.
    • Consider the use of encryption technology to protect highly sensitive data.
    • Log off the online session and turn off the computer when not in use.
    • Do no install software or run programs of unknown origin.
    • Delete junk or chain emails
    • Do not open email attachments from strangers.
    • Do not select the option on browsers for storing or retaining user name and password.
    • Do not disclose personal, financial or credit card information to little-known or suspicious websites.
    • Do not use a computer or a device that cannot be trusted.
    • Do not use public or Internet cafe computers to access online banking or perform online financial transactions.
    • Once your Access Code/User ID/Username or PIN/Password become invalid or cease to have effect, you should inform us immediately by using the e-mail option "Contact Us" or our Call Centre at 1300-88-5000.
    • You should also exercise precaution against viruses or other programmes such as Trojan Horse that can capture your password keystrokes and other personal information. Such captured data can be sent to another party without prior consent. To avoid getting infected, we recommend that you
      (1) equip your Personal Computer with the latest virus detection software so as to protect yourself against any virus attacks and other malicious attacks,
      (2) update the anti-virus and firewall products with security patches or newer versions on a regular basis,
      (3) avoid downloading any files from websites and people you are not sure about,
      (4) avoid using programs that allow you to automatically get or preview files and
      (5) install a personal firewall to protect against hackers, virus attacks or Trojan Horse programs.
    • You should check your account and transaction history regularly to ensure that all details are updated and that there are no unauthorised transactions on your account(s). OCBC Internet Banking will display your last login date and time, whenever you logon, to help you monitor this.
    • If you notice any unusual/unauthorised transactions, please change your PIN and notify us immediately. It is important that you inform us immediately.
    • Your usage of OCBC Internet Banking is subject at all times to the Internet Banking Terms and Conditions. You should therefore read carefully and adhere to the recommended security practices. The Bank is not responsible for any loss or damage in connection to the use of OCBC Internet Banking services unless such loss is attributable to our negligence or wilful default.

    As a user OCBC Internet Banking, you have the right to
    (1) suspend your Internet Banking Access immediately should you suspect any unusual activity and/or unauthorised access,
    (2) terminate this service,
    (3) request for a new set of OCBC Internet Banking PIN and
    (4) obtain information from the Bank regarding your online transactions

    Safeguard yourself against online scams

    With the Email emerging as an increasingly important communication tool, it is critical to take precautionary measures against cyber frauds.

    1. Be wary of:

    (a) any false e-mail address, logo or graphic designed to mislead you into accepting the validity of any email or website;
    (b) any fake domain name which appears to be the Bank's website or the website of any other financial institution;
    (c) any hyperlink to any fake website;
    (d) any embedded form in any email; or
    (e) or any other technique or method designed to mislead you or trick you into providing personal details, such as your Internet Banking, Phone Banking or ATM PIN, user name or password, or any other sensitive information or downloading a virus.

    2. Never access OCBC Internet Banking from a link in an email.

    3. Always enter the domain name of the Bank (ie. www.ocbc.com.my ) into your browser when logging onto the Bank's website. You are advised to take the necessary precautions and not to accept any websites at face value that redirects the link to OCBC Bank Group. If you are in doubt, please contact the bank at :

    OCBC Bank (Malaysia) Berhad
    Personal :1300-88 5000 or 03-8317 5000
    Business :1300-88 7000 or 03-8317 5200

    OCBC Al-Amin Bank Berhad
    Personal :1300-88 0310  or 03-8314 9310
    Business :1300-88 0255  or 03-8314 9090

    4. Never reveal your PIN to anyone. The Bank will never request for your Internet Banking, Phone Banking or ATM PINs for any reason.

    5. Be aware of Phishing. Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit card numbers. Before entering your Login ID (Username) and Password, you should always ensure that the website you are visiting belongs to OCBC. This can be verified by the URL displayed in your browser as well as the Bank's name in its digital certificate. This precaution will ensure that you are not revealing your OCBC Bank Internet Banking Login ID (Username) and Password to a website other than OCBC . Always check that our website address changes from http:// to https:// and a security icon, usually in the form of a lock or key, appears when authentication and encryption is expected.


    OCBC Internet Banking - Official website (for Personal Banking)

    OCBC Internet Banking for personal banking customers is accessible from the website address https://www.ocbc.com.my/internet-banking/ or via the link in OCBC website www.ocbc.com.my



    To view the security certificate, double click on the "Padlock" or "Key" at the bottom right side of your screen and a new window will pop-out. This Certificate will ensure the authenticity of the website.



    Ensure the following on the Certificate:

    (a) The Certificate is issued to www.ocbc.com.my

    (b) The Certificate is issued by Verisign

    (c) The Certificate has a valid date (not expired)

    You are encouraged to delete junk mail, chain mail or any other unsolicited email. Do not open email attachments from strangers.

    If you discover or believe that there are fraudulent e-mails, fake websites or other scams directed at you or any other customer of the Bank, the Bank or the OCBC Bank Group, please notify the Bank immediately at :

    OCBC Bank (Malaysia) Berhad
    Personal :1300-88 5000 or 03-8317 5000

    OCBC Al-Amin Bank Berhad
    Personal :1300-88 0310  or 03-8314 9310

    Velocity@OCBC - Official website (for Business Banking)

    Velocity@ocbc is OCBC Bank's award-winning corporate Internet banking portal that lets you manage your payment, collection and trade activities anytime, anywhere in the world. Velocity@OCBC for business banking customers is accessible from the website address http://www.ocbc.com/velocity/my/index.shtm



    To view the security certificate, double click on the "Padlock" or "Key" at the bottom right side of your screen and a new window will pop-out. This Certificate will ensure the authenticity of the website.




    Ensure the following on the Certificate:

    (a) The Certificate is issued to bbmy.ocbc.com

    (b) The Certificate is issued by Verisign

    (c) The Certificate has a valid date (not expired)

    You are encouraged to delete junk mail, chain mail or any other unsolicited email. Do not open email attachments from strangers.

    If you discover or believe that there are fraudulent e-mails, fake websites or other scams directed at you or any other customer of the Bank, the Bank or the OCBC Bank Group, please notify the Bank immediately at :

    OCBC Bank (Malaysia) Berhad
    Business :1300-88 7000 or 03-8317 5200

    OCBC Al-Amin Bank Berhad
    Business :1300-88 0255  or 03-8314 9090