OCBC has left some customers frustrated after introducing a security feature that locks out access if a mobile app downloaded from an unofficial app store is detected on a user’s device.
A bank in Singapore introduced security features to its mobile app earlier this week, citing the need to protect its customers from malware.
Also: 4 Ways to Avoid Clicking on Malicious Links Everyone Online Should Know
This “enhancement” will allow the app to identify apps that have not been downloaded from official app stores such as the Google Play Store or Huawei AppGallery. New security features check app permission settings against those deemed by banks to be potential risks and those commonly used in malware-laden apps.
If an app is detected that does not meet both criteria, the customer will not be able to log into their account via OCBC’s mobile app or online banking site until they uninstall or remove the “bad” app.
Customers who wish to continue using these apps are advised to download and reinstall them from the official app store, OCBC said. its Facebook page.
OCBC also noted that the new security feature does not monitor customer phone activity, does not perform surveillance on mobile devices, and does not collect or retain personal customer data.
“The technology detects apps that have not been downloaded from the official app store only when you open the OCBC Digital app,” Bank added. “It does not identify the owner of the device, it only warns customers about apps that can infect their devices with malware scams.”
Also: The best VPN services (and tips for choosing the one that’s right for you)
“We apologize for the inconvenience. Please be patient as this feature is intended to protect customers from malware scams.”
However, customers complained about not being able to access banking services, with several expressing their displeasure on the bank’s Facebook page. This included a user who said an app downloaded from the official app store was identified as malware by OCBC’s security features.
One such customer said that Microsoft Authenticator was chosen even though the two-factor authentication app was published by Microsoft and downloaded from the Play Store. The customer added that even after he uninstalled and reinstalled her Microsoft Authenticator from the Google app store as recommended by the OCBC administrator, she was still unable to access OCBC’s app.
Some also said that apps for smart home devices such as LG ThinQ are highlighted even though they were downloaded from the official app store. System optimization apps such as CCLeaner also had no success.
Also: How to create an app using ChatGPT
Another company reported that even Trend Micro’s antivirus mobile app was flagged because it was not downloaded from an official app store.
Most said that the OCBC-recommended solution of deleting and reinstalling the specific app from the official app store did not work.
A customer also noted that an app developed outside of China appeared to be blocked even though the app was not detected as a security risk by its own antivirus tool.
One customer emphasized the often-cited need to balance convenience and security. Otherwise, companies like OCBC risk losing customers, he stressed. Another put it more plainly, “Does OCBC have the right to decide what can be installed?”
Amid the complaints, the industry regulator, the Monetary Authority of Singapore (MAS), statement He expressed support for the bank’s security features and said it aims to address the risks associated with downloading applications from fraudulent sources. This is because these applications may contain malware.
“The nature of new innovations may cause unforeseen inconveniences,” the regulator said, adding that it will work with banks in Singapore to learn from these experiences so they can continue to enhance their security capabilities. .
MAS says it is working with these organizations to address the risks associated with malware scams that customers are increasingly falling victim to and is “strongly endorsing” banks’ efforts to enhance the security of their digital banking activities. Stated.
The regulator said Singapore’s banking association will also review the effectiveness of existing anti-fraud measures as the threat landscape evolves.
“The security measures will come with some customer inconvenience, but they are necessary to maintain the security and trust of digital banking,” MAS said. “Combined with the vigilance and insightful strong security measures of the public, we can strengthen our defenses against fraud.”
OCBC was at the center of a spate of SMS phishing scams last year that saw S$13.7 million ($10.17 million) stolen from the accounts of 790 customers. The scammers were manipulating her SMS sender ID details to push out messages that appeared to come from OCBC, urging victims to resolve bank account issues. She was then redirected to a phishing website and asked to enter her bank login details such as username, PIN and One Time Her Password (OTP).
Also: How to protect and secure your password manager
This has prompted the Singapore government to step up security measures to harden local banks and telecommunications infrastructure, including requiring SMS service providers to check messages against registries before sending them. Banks are also expected to develop “more versatile” artificial intelligence (AI) models for detecting suspicious transactions.
In addition, banks in Singapore have been instructed to provide a “kill switch” that allows customers to immediately suspend their accounts in the event of a suspected security breach.
Consumers were also asked to access their accounts using mobile banking apps rather than web browsers to minimize the risk of visiting fraudulent websites. The Singapore government has stressed the need for customers to take responsibility for their own cyber hygiene by taking “necessary precautions”.
