Online Banking

Online security

OCBC Kill Switch

What is OCBC Kill Switch?

OCBC Kill Switch enables you to immediately block your current, savings, fixed deposit, loan accounts and card if you suspect you are a victim of a scam or if you believe your important account-related details have been compromised.

Once the Kill Switch is activated, no outgoing transactions - whether they're done digitally, via an ATM or at branches - can be made. Even recurring or pre-arranged fund transfers will be disabled.


How it works

You may activate Kill Switch by calling OCBC's contact number at 03-8317 5000 and pressing '8'.

The OCBC Kill Switch disables all of the following:

  • Cash withdrawals
  • Local and overseas fund transfers (outgoing)
  • Bill payments
  • Loan payments
  • Recurring charges & standing instructions
  • Visa & MasterCard transactions using ATM / credit / debit cards physically and digitally

Our Customer Service Executive will help you block access to your compromised bank account or cards, and issue new cards. Our Customer Service Executive will also record your scam report. Only our branch staff or Customer Service Executive can deactivate the Kill Switch, and this will only be carried out after receiving verified instructions from you. Once the Kill Switch is deactivated, your account will return to normal and all prior settings - including GIRO arrangements and future-dated fund transfers - will be reinstated.


Step-by-step guide to activating OCBC Kill Switch

You can activate OCBC Kill Switch without human intervention by calling OCBC Contact Centre at 03-8317 5000.

  • Press 8 to temporarily block your accounts
  • Enter 12-digit NRIC number followed by the hash key
  • Enter 16-digit credit or debit card number
  • Press 1 to confirm card number
  • Press 1 to confirm account and cards suspension
  • Stay on the line to speak to our Customer Service Executive to record your scam report


OCBC Online Banking Security Guarantee

Our online security commitment to you

At OCBC Bank, we are committed to protecting the security of your online transactions. Our website uses leading-edge and industry-standard technology and processes to ensure that your privacy and transactions are not compromised, and that your interests are safeguarded at all times.


Suspected fraud? Inform us immediately

In the unlikely event should you become a victim of an unauthorized transaction, please inform us immediately if you notice anything irregular. You can report to us at 03 8317 5000 or by contacting one of our branches.

Upon receipt of your report, we resolve to get back to you beyond 14 calendar days from the date a disputed transaction is first reported. Depending on the complexity of the claims, we will notify you accordingly if we require more time for investigations.


How to protect yourself from fraud

You can play a part to protect yourself from fraud by adopting the following simple measures:

  • Keep your 2-Factor Authentication Token secure at all times
  • Do not share your security details with anyone (these include your Login ID, Password and 2-Factor Authentication Token)
  • Equip your PC with the latest anti-virus software to protect yourself against any virus or malicious attack


Unauthorised transactions on account

Change your password and contact us immediately at 03 8317 5000

To change your password:


  1. Login to online banking.
  2. Under “My Profile” menu, Select “Change Password” 

Your Password should be 8-12 characters only.


Timed log-off

If you leave your computer or forget to log off, our system will automatically log you off after 5 minutes.

Prevent browser from storing Login ID / Password

Deactivate the function accordingly:

Internet Explorer

  1. Launch your Internet Explorer browser and click on "Tools" >> "Internet Options" >> "Content".
  2. Under "AutoComplete", click on "Settings".
  3. Uncheck "User names and passwords on forms".
  4. Click "OK" to save your settings.

Mozilla Firefox

  1. Launch the Firefox browser and click on “Tools” >> “Options” >> “Security”.
  2. Under Passwords, uncheck “Remember passwords for sites”.
  3. Click "OK" to save your settings.

Google Chrome

  1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
  2. Click “Options” >> “Personal Stuff”.

Under Passwords, check “Never save passwords”

Verify that the website is secure

Things to remember:

  1. Check that you are on our official website at   
  2. Check that the lock icon displayed is enabled at the bottom right-hand of the screen.
  3. You can also verify that the website has the security certificate. This is how you can check:

Internet Explorer

  1. Right-click your mouse.
  2. Select “Properties”.
  3. Click on “Certificates”.
  4. For secured site, you will see the details of the security certificate information.
  5. For unsecured site, there is no security certificate information.

Mozilla Firefox

  1. Site Identity Button will display in one of three colors - grey, blue, or green.
  2. Grey indicates that the site doesn't provide any identity information at all. Also, the connection between Firefox and the server is either unencrypted or only partially encrypted, and should not be considered safe against possible eavesdroppers.
  3. Blue indicates that the site's domain has been verified, and the connection between Firefox and the server is encrypted and therefore protected against eavesdroppers.
  4. Green indicates that the site provides fully verified identity information about its owner, and that the connection is encrypted.

Google Chrome

  1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
  2. Click “Options” >> “Under the Bonnet”.
  3. Under HTTPS/SSL, check the box for “Check for server certificate revocation”.

Clear browser cache after online banking session

Internet Explorer 

  1. Go to “Tools”.
  2. Go to “Internet Options”.
  3. Select “General”.
  4. Under browsing history, click the “Delete” button and select “Temporary Internet files” and “Cookies” for IE8 and above.
  5. Click “OK” to delete all temporary internet files and cookies.

Mozilla Firefox 

  1. Go to “Tool” >> “Clear recent history”
  2. Check the boxes for “Browsing & Download History” and “Cookies”

Google Chrome

  1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
  2. Click “Options” >> “Under the Bonnet”.
  3. Under “Privacy”, click “Clear browsing data”.

Error message indicating an unsecured connection

Please check that your browser is able to carry out secured transactions. This is how you can enable your browser to make such connections:


Internet Explorer

  1. Select “Tools” from the pull-down menu in your browser.
  2. Select “Internet Options”.
  3. Select “Advanced” tab.
  4. Scroll down to Security. Ensure that “Use TLS 1.2” is selected.
  5. Click “OK”.

Mozilla Firefox

  1. At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP) and click “Options”.
  2. Select the “Advanced” panel.
  3. Click the “Encryption” tab.
  4. Verify that “Use TLS 1.2” are checked. 
  5. Click “OK”.

Google Chrome

  1. Click “Customise and Control Google Chrome” menu.
  2. Click “Options”.
  3. Select “Under the Bonnet” tab.
  4. Go to “HTTPS/SSL” section.
  5. Click “Manage certificates”.

In the “Certificates” window you can import, export and remove your SSL certificates.

Password Tips

Selecting a secure password:

  • Choose a password consisting 8 to 12 characters. Your Password must contain both alphabet and number for added security

  • Mix your password with number, upper and lower-case alphabets

  • Include at least one special character (e.g. @,#,$,!)

  • Do not use simple words or use word repetitively (e.g., 7eleven, seven11, etc.)

  • Use a secret 'expression' (see examples) to help you to remember your password easily

  • Select a unique password, not one that you are using for some other purpose

  • Don't use sequence such as abcd123 or 123abcd, whether backwards or forwards

  • NEVER reveal your password to anyone else

  • Secure password examples are given below but please, do not use these examples! Create your password based on your secret expression to help you to remember

    Expression: Four of us climbed Gunung Brinchang in Cameron Highlands
    Suggested password: 4oucGBiCH

    Expression:Mango, lychee and longan puddings are my favourites
    Suggested password: MLL9mfA

    Expression:Monsoon begins in December
    Suggested password: Mnbi12d

    Ensuring your password security

  • Log off immediately after use

  • Don't tell anyone your password

  • Don't write your password down anywhere or store in file in your computer

  • Make sure your chosen password cannot be guessed easily

  • Change your password if there a chance someone might know your password.

  • Make sure no one can see your password when you are using it

  • Be wary of websites that unnecessarily require your OCBC password.

  • Please clear your browsers cache and history after logging out

  • Change your password if

  • You have not changed it for six months.

  • You are notified that it does not meet current standards.

  • You have told it to anyone or have written it down anywhere.

  • You have logged onto a system in another country. If you notice any discrepancy in your account(s) or if you suspect that someone has been using your OCBC Internet Banking Login ID to access your account, change your Password and contact us immediately at 03 8317 5000

  • Important tips on how you can safeguard and protect your account information.

    (a) Password should be alphanumeric.

    (b) Password should not be based on user-id, personal telephone number, birthday or any other personal information.

    (c) Password must be kept confidential and not be divulged to anyone.

    (d) Password must be memorised and not be recorded anywhere.

    (e) Password must be changed regularly.

    (f) The same PASSWORD should not be used for different websites, applications or services, particularly when they relate to different entities.

    (g) Please do not select the browser option for storing or retaining user name and password.

    (h) Please check the authenticity of the bank's website by comparing the URL and observing the bank's name in its digital certificate or by observing the indicators provided by an extended validation certificate.

    (i) Please check that the bank's website address changes from http:// to https:// and a security icon that looks like a look or key appears when authentication and encryption is expected.

    (j) Please do not allow anyone to keep, use or tamper with your 2FA security token.

    (k) Please do not reveal the OTP (One Time Password) generated by the 2FA token to anyone.

    (l) Please do not divulge the serial number of your 2FA token to anyone.

    (m) Please check your bank account balance and transactions frequently and report any discrepancy.

    Entering OCBC Internet Banking

    To login, please key in Internet Banking Login ID and a Password, which is only known to you.

    During the Session

    Once you have logged in, all communications are encrypted to protect the confidentiality of your transactions using Secure Sockets Layer (SSL 128 bit), the highest level of encryption used.

    The session will automatically be terminated if account remains unused for 10 minutes.

    This reduces risks of unauthorised access to your account.

    Security Tips

      Online Scams

    Although phishing is now widely known, it is not the only online scam that exists. To counter this problem, it is strongly encouraged that you exercise caution, and prudence to protect yourself from such scams. Knowing how some of these work, will equip you with the knowledge to recognize the tell-tale signs of a scam and safeguard yourself against online fraud.

    Always bear in mind the following :
    OCBC will never request for you to provide your private particulars such as Login ID or Password for whatever reason.
    When in doubt or suspicious about the authenticity of the request, always double-check with the bank. Contact us via our official channels: or our hotline 03 8317 5000. Never rely on any information or link from the fraudulent email.

    Some of the more common scams

    Vishing (voice phishing)
    "Vishing" stands for voice phishing and is one of the variations of the phishing scam.

     a) "Vishing"
    How it works -an email is sent out requesting the recipient to verify his bank account immediately by calling the stated number in the email. The information given by the recipient over the phone will then be used to siphon money out of his bank account.

     b) "Cold-call Vishing"
    Automated programs are designed by the fraudsters to make random calls to as many people as possible. The recipient will hear a pre-recorded message citing some valid sounding reason requesting the recipient to enter his account number and PIN or other sensitive information for verification. The information is then used in the same way as illustrated in scenario a). 
    "Nigerian Scams"
    These get-rich-quick scams have been around for many years, initially through letters, faxes, telexes and have progressed to emails.

     How it works - a fraudulent email is sent on behalf of a very rich and powerful individual or a government office. The email requests the use of the recipient's bank account to transfer large sums of money out of their country. In return, the recipient will be rewarded handsomely. Should the recipient respond, the fraudster will eventually request for some money to be sent citing reasons like the need to bribe officials who are blocking the transfer.

    This is a classic example of "if an offer is too good to be true, it usually is".

    Other variations:

    - the recipient is a winner of a foreign lottery and will need to pay tax before he can receive his winnings.
    - the millions of dollars that need to be transferred is part of the embezzled funds of an ousted / deceased dictator.
    - the sender purports to be a company representative and you will need to pretend to be the next of kin of a deceased
      customer in order to receive a certain percentage of the estate

      Other Security Tips

    A) Protecting Your Password

    Your password is important. Follow these tips when selecting a secure password:

    • Never reveal your ID and Password to anyone. If you suspect that someone has gained access to your User Name and Password, change it immediately.
    • Do not use the same number or letter sequence for User Name and Password.
    • Avoid using the same password for everything, such as email, voice mail, etc
    • Use both upper and lowercases or mix letters with numbers and if possible include symbols.
    • Avoid easily identifiable passwords such as phone numbers and birth dates.
    • Change your password frequently using the "Chg Passwd" function.
    • If you suspect any unusual activity or the last logon time stamp, you should immedialtely change your password by using the "Chg Passwd" function.
    • Do not use password from other Internet sites.
    • Do not leave your system unattended when you are logged on to
    • Always clear your PC browser's cache after each session. This will ensure that all your account information is permanently removed from your system memory. How to Clear Your Cache

      • For Internet Explorer, please select Tools > Internet Options > General > Temporary Internet Files > Delete Files .
      • For Firefox, please ensure that "Cache" is selected under Tools > Options > Privacy > Private Data > Setting.  Click "OK" to confirm and select "Clear Now" .

    • Check and ensure that your PC browser does not store your password. If you are using Microsoft Internet Explorer 5.5 and above, you should check and ensure that the browser's 'Use Online AutoComplete' function is disabled.
      • On you Internet Explorer browser Menu bar, go to [Tools].
      • Select [Internet Options].
      • Select [Advanced] and scroll down to [Browsing].
      • Uncheck [Use Online AutoComplete].
      • Click [OK].

    B) Additional Security Tips

    • Install anti-virus or anti-spyware and firewalls in your personal or home computers, particularly when they are linked via broadband connections, digital subscriber lines or cable modems.
    • Update the anti-virus and firewall products with security patches or newer versions on a regular basis.
    • Remove file and printer sharing in your computers, especially when they have Internat access via cable modems, broadband connections or similar set-ups.
    • Make regular backup or critical data.
    • Consider the use of encryption technology to protect highly sensitive data.
    • Log off the online session and turn off the computer when not in use.
    • Do no install software or run programs of unknown origin.
    • Delete junk or chain emails
    • Do not open email attachments from strangers.
    • Do not select the option on browsers for storing or retaining user name and password.
    • Do not disclose personal, financial or credit card information to little-known or suspicious websites.
    • Do not use a computer or a device that cannot be trusted.
    • Do not use public or Internet cafe computers to access online banking or perform online financial transactions.
    • Once your Access Code/User ID/Username or PIN/Password become invalid or cease to have effect, you should inform us immediately by using the e-mail option "Contact Us" or our Call Centre at 03 8317 5000.
    • You should also exercise precaution against viruses or other programmes such as Trojan Horse that can capture your password keystrokes and other personal information. Such captured data can be sent to another party without prior consent. To avoid getting infected, we recommend that you
      (1) equip your Personal Computer with the latest virus detection software so as to protect yourself against any virus attacks and other malicious attacks,
      (2) update the anti-virus and firewall products with security patches or newer versions on a regular basis,
      (3) avoid downloading any files from websites and people you are not sure about,
      (4) avoid using programs that allow you to automatically get or preview files and
      (5) install a personal firewall to protect against hackers, virus attacks or Trojan Horse programs.
    • You should check your account and transaction history regularly to ensure that all details are updated and that there are no unauthorised transactions on your account(s). OCBC Internet Banking will display your last login date and time, whenever you logon, to help you monitor this.
    • If you notice any unusual/unauthorised transactions, please change your PIN and notify us immediately. It is important that you inform us immediately.
    • Your usage of OCBC Internet Banking is subject at all times to the Internet Banking Terms and Conditions. You should therefore read carefully and adhere to the recommended security practices. The Bank is not responsible for any loss or damage in connection to the use of OCBC Internet Banking services unless such loss is attributable to our negligence or wilful default.
    • Security Alert on Malware in Circulation (1 Oct 2014)
      We would like to bring to your attention that there have been recent reports of a new Zeus Trojan malware targeting mobile banking systems. The malware is delivered to smartphones or tablets via a link or attachment in a phishing message through SMS or social media messaging channels such as WhatsApp, Twitter.Please exercise caution when opening links or attachments on your messaging applications and to install anti-spyware software on your mobile devices.
    • A security vulnerability known as Padding Oracle On Downgraded Legacy Encryption (“POODLEâ€�) affecting some web browsers (eg. Internet Explorer 6 and below) was discovered recently.To ensure you are well protected, please update and install the latest version of the web browsers (eg. Internet Explorer 8 or above) with SSL (Secure Sockets Layer) v3.0 disabled.

    As a user OCBC Internet Banking, you have the right to
    (1) suspend your Internet Banking Access immediately should you suspect any unusual activity and/or unauthorised access,
    (2) terminate this service,
    (3) request for a new set of OCBC Internet Banking PIN and
    (4) obtain information from the Bank regarding your online transactions

    WARNING: All claims will be investigated and if found to be false, will be rejected. If payment had been made on the claim, it must be refunded to the Bank. All expenses incurred in the investigation and in recovering the payment will be borne by the maker of the false claim. Police report will be lodged against all false claims.

    Safeguard yourself against online scams

    With the Email emerging as an increasingly important communication tool, it is critical to take precautionary measures against cyber frauds.

    1. Be wary of:

    (a) any false e-mail address, logo or graphic designed to mislead you into accepting the validity of any email or website;
    (b) any fake domain name which appears to be the Bank's website or the website of any other financial institution;
    (c) any hyperlink to any fake website;
    (d) any embedded form in any email; or
    (e) or any other technique or method designed to mislead you or trick you into providing personal details, such as your Internet Banking, Phone Banking or ATM PIN, user name or password, or any other sensitive information or downloading a virus.

    2. Never access OCBC Internet Banking from a link in an email.

    3. Always enter the domain name of the Bank (ie. ) into your browser when logging onto the Bank's website. You are advised to take the necessary precautions and not to accept any websites at face value that redirects the link to OCBC Bank Group. If you are in doubt, please contact the bank at :

    OCBC Bank (Malaysia) Berhad
    Personal :03-8317 5000
    Business :03-8317 5200

    OCBC Al-Amin Bank Berhad
    Personal :03-8314 9310
    Business :03-8314 9090

    4. Never reveal your PIN to anyone. The Bank will never request for your Internet Banking, Phone Banking or ATM PINs for any reason.

    5. Be aware of Phishing. Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit card numbers. Before entering your Login ID (Username) and Password, you should always ensure that the website you are visiting belongs to OCBC. This can be verified by the URL displayed in your browser as well as the Bank's name in its digital certificate. This precaution will ensure that you are not revealing your OCBC Bank Internet Banking Login ID (Username) and Password to a website other than OCBC . Always check that our website address changes from http:// to https:// and a security icon, usually in the form of a lock or key, appears when authentication and encryption is expected.

    6. OCBC does not make unsolicited requests for your personal information through e-mail or on phone unless you have initiated the contact. We will under no circumstances ask you to reveal your PIN.

    7. You are advised to personally enter the domain name of the bank in your browser to log onto OCBC Internet Banking. You should not accept links or redirections from other websites or media for the purpose of logging onto OCBC Internet Banking.

    8. Look for the SSL encrypted connection, indicated as https:// or a padlock, as well as check that the Bank's name is in its digital certificate.

    9. You are advise to always be on the alert for phony websites and suspicious emails purporting to be from OCBC Bank. If you are aware off or have received such communication, please report immediately by contacting us.

    OCBC Internet Banking - Official website (for Personal Banking)

    OCBC Internet Banking for personal banking customers is accessible from the website address or via the link in OCBC website

    To view the security certificate, double click on the "Padlock" or "Key" at the bottom right side of your screen and a new window will pop-out. This Certificate will ensure the authenticity of the website.

    Ensure the following on the Certificate:

    (a) The Certificate is issued to

    (b) The Certificate is issued by DigiCert

    (c) The Certificate has a valid date (not expired)

    You are encouraged to delete junk mail, chain mail or any other unsolicited email. Do not open email attachments from strangers.

    If you discover or believe that there are fraudulent e-mails, fake websites or other scams directed at you or any other customer of the Bank, the Bank or the OCBC Bank Group, please notify the Bank immediately at :

    OCBC Bank (Malaysia) Berhad
    Personal :03-8317 5000

    OCBC Al-Amin Bank Berhad
    Personal :03-8314 9310

    What is Malware?

    Malware is also known as "malicious software." Malware is any kind of unwanted software that is installed without your adequate consent. Viruses, worms, and Trojan horses are examples of malicious software that are often grouped together and referred to as malware.

    Click here for more information.