This bank’s new app security feature is pissing off customers

By | August 11, 2023

Eugen Barbu/500px/Getty Images

OCBC has left several of its customers frustrated after introducing a security feature that locks access if mobile apps downloaded from unofficial app stores are detected on the user’s device.

The Singapore bank rolled out the security feature on its mobile app earlier this week, citing the need to protect its customers from malware.

Also: 4 ways to avoid clicking on malicious links that everyone online should know

The “improvement” allows its app to identify apps not downloaded from official app stores, such as the Google Play Store and Huawei AppGallery. The new security feature also checks the permission settings of apps against what the bank deems to pose potential risks or which are commonly used in malware-based apps.

When apps that do not meet both criteria are detected, customers will not be able to log into their account via OCBC’s mobile app or online banking site until they uninstall or remove the “rogue” apps.

Customers who wish to continue using these apps are advised to download and reinstall them from official app stores, OCBC said on its Facebook page.

OCBC further noted that the new security feature does not monitor its customers’ phone activities or conduct surveillance on the mobile device – neither collecting nor storing customers’ personal data.

“This technology only detects apps that are not downloaded from official app stores when the OCBC Digital app is opened,” the bank added. “It doesn’t identify the owner of the device. All it does is warn customers about apps that could compromise the device for malware scams.”

Also: The best VPN services (and tips for choosing the right one for you)

“We apologize for the inconvenience. We ask for your patience as this feature aims to protect customers from malware scams,” it said.

However, its customers became frustrated after finding they could not access their banking services, prompting several to post their complaints on the bank’s Facebook page. These included users who said apps they had downloaded from official app stores were identified as malware by OCBC’s security feature.

One such customer said Microsoft Authenticator was singled out even though the two-factor authentication app was released by Microsoft and downloaded from the Play Store. The customer added that they were still unable to access OCBC’s app even after uninstalling and reinstalling Microsoft Authenticator from the Google App Store as recommended by an OCBC administrator.

Others said apps for their smart home devices, such as the LG ThinQ, were also highlighted, even if they were downloaded from official app stores. System optimization apps like CCleaner didn’t make the cut either.

Also: How to use ChatGPT to create an app

Another reported that even their Trend Micro antivirus mobile app was flagged as it was not downloaded from an official app store.

Most said that OCBC’s recommended solution of deleting and reinstalling the specific apps from official app stores did not work.

One customer also noted that apps developed from China appeared to be blocked, even though the apps were not detected as security risks by their own antivirus tool.

One customer highlighted the oft-cited need to balance convenience and security, or companies like OCBC risk losing their customers instead. Another put it more clearly: “What right does OCBC have to decide what we can install?”

Amid the complaints, industry regulator the Monetary Authority of Singapore (MAS) released a statement expressing its support for the bank’s security feature, which it said aims to address risks associated with downloading applications from unauthorized sources, as these may contain malware.

“It is in the nature of new innovations that they can cause unintended inconvenience,” the regulator said, adding that it would work with banks in Singapore to learn from such experiences so that security features can be continuously improved.

MAS said it had been working with these organizations on measures to combat risks related to malware fraud, which customers had increasingly fallen victim to, and “strongly supports” banks’ initiatives to strengthen the security of digital banking activities.

The regulator noted that the Association of Banks in Singapore will also review the effectiveness of existing anti-fraud measures as the threat landscape evolves.

“Security measures will come with a degree of added inconvenience for customers, but they are necessary to maintain the safety and confidence of digital banking,” MAS said. “Together with a vigilant and discerning public, robust security measures will help us strengthen our defenses against fraud.”

OCBC was at the center of a wave of SMS phishing scams last year which wiped SG$13.7 million ($10.17 million) from 790 customers’ accounts. Fraudsters had manipulated SMS sender ID information to push out messages that appeared to be from OCBC, urging victims to resolve issues with their bank accounts. They were then redirected to phishing websites and asked to enter their bank login details, including username, PIN and One-Time Password (OTP).

Also: How to protect and secure your password manager

This prompted the Singapore government to step up security measures to strengthen local banking and communications infrastructures, which included the need for SMS service providers to check a registry before sending messages. Banks are also expected to develop “more versatile” artificial intelligence (AI) models to detect suspicious transactions.

In addition, Singapore’s banks were instructed to provide a “kill switch” that allows customers to quickly suspend their accounts if they suspect a security breach.

Consumers were also encouraged to use mobile banking apps instead of web browsers to access their accounts to minimize the risk of navigating to fraudulent websites. Singapore’s government had stressed the need for customers to take responsibility for their own cyber hygiene by taking “necessary precautions.”

#banks #app #security #feature #pissing #customers

Leave a Reply

Your email address will not be published. Required fields are marked *