Help & Support

Digital Banking - Online Security

Frequently asked questions
  • Adopting the latest security measures against malware

    As part of our ongoing efforts against cybercrime and to protect your Online Banking experience, we will be introducing an essential security feature to the OCBC Malaysia Mobile Banking app.

    The latest versions of the OCBC Malaysia Mobile Banking app on Android are designed to work better and be more secure on devices where the apps are downloaded from official app stores such as Google Play Store or Huawei AppGallery. These apps go through a verification process before they are available for download. On the other hand, apps from other sources such as websites or apps installed using Android Package Kit (APK) files are not verified. These apps may have security vulnerabilities and can potentially be easily infected with malware. This can give cybercriminals control over your device and potentially access your banking app(s) and personal information.

    By end May 2024, if you try to access the latest OCBC Malaysia Mobile Banking app on a device that has apps downloaded from sources other than an official app store, a message informing you that one or more apps on your device may be from unofficial sources will pop up on the screen. We recommend that you uninstall such apps. You do not have to delete the OCBC Malaysia Mobile Banking app.

    Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you may turn off ‘Accessibility’ for these apps. You can do so via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps*.

    Turning off 'Accessibility' will cut off scammers’ remote access to, or keylogging of, your phone and any access to your bank account(s). However, we do not recommend this option because of the residual risk – cybercriminals may still exploit ‘Accessibility’ services to compromise your devices. The preferred and safer option is to uninstall apps not downloaded from official app stores to completely remove the risk of malware from such apps.

    *The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.

  • When I open the OCBC Malaysia Mobile Banking app, I see a pop-up message informing me that one or more apps on my device may not be from an official source. Why?

    The OCBC Malaysia Mobile Banking app will now work more securely on devices whose mobile apps were all downloaded from official app stores. Malware attacks may emerge from apps that are downloaded from websites and other sources (i.e., not official app stores), potentially giving cybercriminals control of your devices.

    The pop-up message is meant to inform you that apps from unofficial sources have been detected on your device. It is recommended that you uninstall these apps or disable their accessibility permissions in your device settings.

    Here is what the pop-up message looks like:

  • Do I have to re-install the OCBC Malaysia Mobile Banking app when I see the pop-up message?

    You don't need to delete, download, or perform any action on the OCBC Malaysia Mobile Banking app. Instead, please uninstall the unofficial apps displayed in the pop-up message or disable the 'accessibility' feature for those apps.

  • Will the Bank know what other apps I have on my device through this security feature?

    We view privacy seriously. We do not conduct surveillance on customers’ device. The new security feature does not collect or store any personal data from your device; neither will it identify the owner of the device. We do not collect or store information on how our customers use apps installed on their mobile device.

    Instead, an additional security check is simply performed directly at the device level. This means that no information or data will be transmitted back to us. The information collected at the device level is only used to identify if certain security parameters are not met. These parameters include apps residing on a device which were not downloaded from an official app store, and which have ‘Accessibility’ turned on. Apps with ‘Accessibility’ turned on can render your device more vulnerable to exploitation by hackers, scammers and other bad faith actors using malware.

    We apologise for the inconvenience caused and seek your understanding that the security feature was implemented to protect our customers from malware or suspected malicious apps. Please refer to our article on malware for more information on how you can protect yourself.

  • I want to continue using my OCBC Malaysia Mobile Banking app alongside these apps. Is it possible for you to remove this control?

    This security feature was implemented with the intent of protecting our customers from malware and potential malicious apps. If you wish to continue using your OCBC Malaysia Mobile Banking app alongside apps that are downloaded from websites and other sources (i.e., not official app stores), you may turn off ‘Accessibility’ for such apps.

  • I want to continue using my OCBC Malaysia Mobile Banking app. What can I do?

    Yes, you will still be able to access the OCBC Malaysia Mobile Banking app for now. However, we strongly recommend that you consider deleting any unofficial apps for safer banking.

    Alternatively, you can turn off the listed apps’ ‘Accessibility’ via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed apps*.

    *The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.

  • What are ‘Accessibility’ services and how do criminals exploit them?

    Accessibility services, like text-to-speech and speech recognition, are designed to make technology easier to use. For these services to work, advanced Android system permissions have to be granted to the app requesting them, such as allowing the app to read the text on the device’s screen or record text typed using the device’s keyboard. The latter, for instance, could be used to record your online banking login details.

  • How do I change the Accessibility settings for the third-party apps that I have downloaded?

    The path to changing Accessibility settings may differ by device manufacturer and operating system.

    Here are the possible paths for some popular phone models. If you continue to face difficulties with changing the Accessibility settings, please check with your device manufacturer.

    Samsung Galaxy Devices: Settings > Accessibility > Installed Apps or Installed Services

    Oppo A78 5G / Reno8 5G: Settings > Additional Settings > Accessibility

    Oppo Find X2 Pro / A17: Settings > System Settings > Accessibility

    Huawei P50 Pro: Settings > Accessibility features > Accessibility > Installed Services

    Huawei Nova 3i / Nova 5T: Settings > Smart Assistance > Accessibility

    Huawei Mate30 & Huawei Y9a: Settings > Accessibility features > Accessibility (Scroll down to Downloaded Services)

    Google Pixel 5 / Pixel 3 XL: Settings > Accessibility

    Redmi Note 10 5G: Settings > Additional Settings > Accessibility > Downloaded Apps

    Poco X5 5G: Settings > Additional Settings > Accessibility > Downloaded Apps

  • Why are some well-known apps being flagged by the OCBC Malaysia Mobile Banking app?

    This security feature flags apps that have been downloaded from sources other than official app stores. You may have downloaded them from websites or other sources. If you need to continue using these apps, we advise you to first uninstall them and then download and install the most up-to-date version of the app(s) from an official app store.

    Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you can consider turning off ‘Accessibility’ for these apps – via the Settings menu on your device (e.g. on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps). This step will help to prevent your device – and OCBC account(s) – from being controlled by cybercriminals looking to exploit potential vulnerabilities in these apps (because ‘Accessibility’ is turned on).

    Should you require further assistance, please provide more information to us via our OCBC customer feedback form.

  • I am an iOS user; how does this impact me?

    This new anti-malware security feature is applicable to Android users as apps downloaded from other sources (e.g., official brand websites or apps installed using Android Package Kit (APK) files) are not verified and they tend to have more security vulnerabilities and so are more susceptible to malware infection.

    Android are built to work more optimally and securely on devices whose mobile apps were all downloaded from official app stores (e.g., Google Play Store or Huawei AppGallery).

  • What are the official app stores?

    The list includes:

    Google Play Store
    Samsung Galaxy Store
    Huawei AppGallery
    Xiaomi MI App Store
    Amazon appstore
    Vivo V-Appstore
    Oppo App Market

  • Where else has this been implemented?

    First introduced by OCBC on 5 August 2023 in Singapore, the OCBC anti-malware security feature has – until 30 April 2024 – potentially prevented scammers from making away with SGD41 million, from 331 customers’ OCBC accounts.