3D Secure is a service facilitated by Visa, Mastercard and PayNet known as Visa Secure, Mastercard ID Check and MyDebit Secure respectively. It lets you transact online securely using your card. This service is only available at 3D Secure merchant sites where an additional password protection is required to authenticate the customer during a purchase via the Internet.

With OCBC Credit Cards and Debit Cards, online shopping and payment have become more accessible to everyone and very much a part of today's lifestyle. To safeguard your online shopping and payment for your peace of mind, your card is added security with 3D Secure (or Three Domain Secure). It's the payment industry's internet authentication feature developed for the protection against online fraud, in which 6-digit One Time Password (OTP) is required.

In June 2024, we will discontinue sending OTP via SMS and switch to a more secure transaction authentication method, OCBC OneToken for you to authorise your online shopping and payment using OCBC Credit Cards and Debit Cards. To ensure a smooth online shopping and payment experience, we encourage you to activate your OCBC OneToken.

Steps to activate OCBC OneToken

For existing OCBC Online Banking user, please refer to the OCBC OneToken page for steps to activate OCBC OneToken. For non-existing OCBC Online Banking user, please refer to the Online Banking Registration page for steps to register for OCBC Online Banking before you activate OCBC OneToken.

1. Visit OCBC Internet Banking website at: https://www.ocbc.com.my/internet-banking/
2. At the OCBC Internet Banking page, select "Sign Up"€ to register
3. Key in your Credit Card or OCBC ATM Card number (10 or 16 digits) and its 6-digit PIN and click "Submit"€
4. Key in your preferred Login ID and Password. Check on the box next to TERMS & CONDITIONS and click "Submit" Security Tips
5. Login ID and Password are case-sensitive. For prevention, please use combination of upper and lower case characters. Choose a Password that contains both numeric and alphabetic characters represented in both upper and lower cases; and avoid using date of birth, pet's name or common names. The minimum password length is 6 characters. Example of a good password: g00dpA55w0rD, mYp4s5w0Rd
6. To select your preferred 2 Factor Authentication (2FA) token, just follow the instructions provided onscreen and complete your OCBC Internet Banking registration.

2 Factor Authentication (2FA)

2FA is an added security feature of OCBC Internet Banking. It is a 6-digit One Time Password (OTP). The OTP is required each time you perform a high-risk transaction like funds transfer to an unregistered third party or a bill payment. OCBC Bank currently offers 2 methods of receiving the OTP. You may opt to have a small hardware device that generates the OTP when you input a request, or alternatively, have the OTP sent to you via SMS on your mobile phone.

Frequently Asked Questions

Can I opt out of 3D Secure checks?

To protect you against the risk of fraud from stolen card details, 3D Secure is a must have. This ensures all your online transactions using OCBC Credit or Debit cards at VISA Secure, Mastercard ID Check and MyDebit Secure merchants are checked for 3D Secure. All card holders will not be able to opt out of 3D Secure.

Will 3D Secure checks add extra time on to the customer checkout experience?

The 3D Secure authentication process is smoothly integrated into the checkout process and will usually only add a few seconds to the normal transaction time. An added few seconds for added protection for both the merchant and cardholder.

How do I register for 3D Secure?

For OCBC cardholders, you need to first register for Online Banking account and request to activate OCBC OneToken. Once the OneToken is successfully activated, you will need to wait after 12 hours to be able to retrieve a One Time Password (OTP) for online transactions at 3D Secure merchant websites.

Can I opt to receive OTP via SMS for online transactions at 3D Secure merchant websites?

In June 2024, we will discontinue sending OTP via SMS for online transactions at 3D Secure merchant websites. You will need to retrieve the One Time Password from OCBC OneToken to complete the online transaction.

Will I be charged for 3D Secure?

Currently there is no service charge for 3D Secure.

After I have activated OneToken, when can I start to make e-commerce card payment transaction?

You can only start to make e-commerce card payment transaction after 12 hours from the successful activation of OCBC OneToken.

Can I retrieve OTP from my friend’s or relative’s OCBC Malaysia Mobile Banking app to make e-commerce card payment transaction using my OCBC Credit Card or Debit Card?

No. For your security you can only retrieve the OTP from the OCBC OneToken registered in your mobile phone.

What should I do if I have entered wrong OTP during e-commerce card payment transaction?

If you have entered wrong OTP for 3 times, you are required to revisit the merchant website to make a new payment transaction.

I have activated OCBC OneToken, but when I did an e-commerce card payment transaction recently, it didn't ask me for my OTP.

If the merchant is not on 3D Secure site, you will not be asked for your One Time Password. The OTP will only be asked for transactions at 3D Secure merchant sites.

How would I know if the merchant is a 3D Secure site?

Look out for Visa Secure, Mastercard ID Check or MyDebit Secure logo(s) at the merchant website.