3D Secure is a service facilitated by Visa, Mastercard and PayNet known as Visa Secure, Mastercard ID Check and MyDebit Secure respectively. It lets you transact online securely using your card. This service is only available at 3D Secure merchant sites where an additional password protection is required to authenticate the customer during a purchase via the Internet.

With OCBC Credit Cards and Debit Cards, online shopping and payment have become more accessible to everyone and very much a part of today's lifestyle. To safeguard your online shopping and payment for your peace of mind, your card is added security with 3D Secure (or Three Domain Secure). It's the payment industry's internet authentication feature developed for the protection against online fraud, in which 6-digit One Time Password (OTP) is required.

In June 2024, we will discontinue sending OTP via SMS and switch to a more secure transaction authentication method, OCBC OneToken for you to authorise your online shopping and payment using OCBC Credit Cards and Debit Cards. To ensure a smooth online shopping and payment experience, we encourage you to activate your OCBC OneToken.

Steps to activate OCBC OneToken

For existing OCBC Online Banking user, please refer to the OCBC OneToken page for steps to activate OCBC OneToken. For non-existing OCBC Online Banking user, please refer to the Online Banking Registration page for steps to register for OCBC Online Banking before you activate OCBC OneToken.

1. Visit OCBC Internet Banking website at: https://www.ocbc.com.my/internet-banking/
2. At the OCBC Internet Banking page, select "Sign Up"€ to register
3. Key in your Credit Card or OCBC ATM Card number (10 or 16 digits) and its 6-digit PIN and click "Submit"€
4. Key in your preferred Login ID and Password. Check on the box next to TERMS & CONDITIONS and click "Submit" Security Tips
5. Login ID and Password are case-sensitive. For prevention, please use combination of upper and lower case characters. Choose a Password that contains both numeric and alphabetic characters represented in both upper and lower cases; and avoid using date of birth, pet's name or common names. The minimum password length is 6 characters. Example of a good password: g00dpA55w0rD, mYp4s5w0Rd
6. To select your preferred 2 Factor Authentication (2FA) token, just follow the instructions provided onscreen and complete your OCBC Internet Banking registration.

2 Factor Authentication (2FA)

2FA is an added security feature of OCBC Internet Banking. It is a 6-digit One Time Password (OTP). The OTP is required each time you perform a high-risk transaction like funds transfer to an unregistered third party or a bill payment. OCBC Bank currently offers 2 methods of receiving the OTP. You may opt to have a small hardware device that generates the OTP when you input a request, or alternatively, have the OTP sent to you via SMS on your mobile phone.

Frequently Asked Questions

Can I opt out of 3D Secure checks?

To protect you against the risk of fraud from stolen card details, 3D Secure is a must have. This ensures all your online transactions using OCBC Credit or Debit cards at VISA Secure, Mastercard ID Check and MyDebit Secure merchants are checked for 3D Secure. All card holders will not be able to opt out of 3D Secure.

Will 3D Secure checks add extra time on to the customer checkout experience?

The 3D Secure authentication process is smoothly integrated into the checkout process and will usually only add a few seconds to the normal transaction time. An added few seconds for added protection for both the merchant and cardholder.

How do I register for 3D Secure?

For OCBC cardholders, you need to first register for Online Banking and activate OCBC OneToken. Once activated, you will be able to approve online transactions at 3D Secure merchant websites through the OCBC Malaysia Mobile Banking app.

After I have activated OneToken, when can I start to make e-commerce card payment transactions?

You can start making e-commerce card payment transactions 12 hours after successfully activating OCBC OneToken. When you shop online at 3D Secure merchant websites, you’ll receive a notification to approve the transaction in the OCBC Malaysia Mobile Banking app.

Can I use someone else’s OCBC Malaysia Mobile Banking app to approve my online card transaction?

No. You can only approve the transaction using your own mobile device that has OCBC OneToken activated.

Why am I not receiving any push notifications?

Please ensure that you:

1. Your device is connected to the Internet;
2. Your device is not on ‘Do Not Disturb’ mode and
3. You have enabled push notifications for OCBC Malaysia Mobile Banking app in your device settings.

I accidentally deleted the push notification. What should I do?

Go back to the screen where you were asked to authorise the transaction, then click on ‘Resend a new notification’. You can request this up to 3 times, with a 15-second interval between attempts.

What should I do if I missed the push notification?

The push notification sent to your phone is valid for 3 minutes. You must approve or reject the transaction within this time. If it expires, return to the authorisation screen and click “Resend a new notification” to receive another one.

I have activated OCBC OneToken, but when I did an e-commerce card payment transaction recently, it didn’t ask me to approve the transaction through the OCBC Malaysia Mobile Banking app. Why?

You will only be prompted to approve transactions through the app if the merchant is on a 3D Secure site.

How would I know if the merchant is a 3D Secure site?

Look out for Visa Secure, Mastercard ID Check or MyDebit Secure logo(s) at the merchant website.