Chong (right) and his special assistant Michael Kong are seen at the press conference.
KUCHING (Sept 30) Stampin MP Chong Chieng Jen has accused Bank Negara Malaysia (BNM) of implicitly admitting that the one-time password (OTP) system of banks is flawed and allows scammers easy access to commit financial crimes online.
The Democratic Action Party (DAP) Sarawak chairman said BNM recently announced Malaysian banks would move away from the OTP system to more secure measures to prevent scams involving unauthorised transfers of funds, charging of credit cards, and other bank fraud.
“Implicit in such announcement is the admission that there are flaws and deficiency in the current OTP system used by our banking system,” he told a press conference to highlight the plight of an alleged victim of unauthorised online transactions here today.
“If such were the case, it is most unfair for the customers of banks to bear the losses which are caused mainly by the deficiency in the internet banking security system.”
On the case of the alleged victim, a credit card holder, Chong said her bank should have reimbursed her losses totalling RM18,000 from two unauthorised transactions as it has the resources and insurance to compensate victims rather than leaving them to their own devices and becoming the prey of online scammers.
He said the bank, in the interest of equity and justice, should also cancel the unauthorised charges to the cardholder’s credit card.
Chong claimed the fact finding and explanation of the Ombudsman for Financial Service (OFS) in the case was illogical and unreasonable, therefore compounding the misery of the victim.
According to him, the OFS is entrusted with a statutory duty to adjudicate matters between financial institutions and their customers judiciously, and should have discharged its duty with more care in this case.
He claimed that based on an audio recording, the alleged victim said upon receiving SMS notifications that her credit card had been charged without her authorisation, she had called a friend to ask about the OTP.
“By the conversation in the recording it is most illogical of the OFS to come to the finding that she admitted someone had called her pretending to be her friend and that she thus revealed the OTP number to that person. There was nothing to that effect.
“All she did mention to the bank officer in the call was that she called a friend to enquire as to what to do on receiving OTP transactions charged to her credit card not carried out or authorised by her. In the recording, the cardholder also did not reveal her OTP number to her friend,” Chong claimed, refuting the OFS’ findings on the incident in June this year.
According to him, even the bank call centre’s conversation recording showed there was no admission by the alleged victim that she had given away the OTP number.
Chong also questioned why the bank did not immediately block the unauthorised transactions upon receiving the call from the cardholder via its call centre.
“If even upon a prompt response (within five minutes) could not stop any unauthorised transaction charged to one’s credit card, what is the use of the SMS notification on charges to credit card?” he asked.
According to him, the bank’s response should have been immediate from the time of the victim’s call.
He also questioned how two transactions totalling RM18,000 could have gone through when the alleged victim’s credit limit was only RM17,000.
“It is the norm in financial practice that once the amount exceeded the limit, the whole transaction would not go through.
“Therefore, at the very least, the whole of the second charge of RM9,000 ought not be charged to the credit card,” he stated.
Chong said the alleged victim has the option to file a legal suit against the bank but it would be costly, tedious, and take a long time to get justice.
He added a police report had been lodged over the matter.