Unauthorised debit card transactions not related to CIMB Clicks, says CIMB

After addressing concerns of being able to login with “wrong passwords” and the appearance of reCAPTCHA on CIMB Clicks, CIMB has finally issued a clarification on unauthorised transactions. As reported early this morning, several users have complained of being charged repeatedly for PayPal transactions via their debit cards. 

Unauthorised non-3D card transactions

According to CIMB’s latest FAQ, these unauthorised transactions have nothing to do with CIMB Clicks. Such transactions were performed at 3rd party e-commerce sites that don’t offer 3D authentication. 3D authentication is basically a user verification system where the bank will send a one-time verification code to your mobile device. This One-Time-Pin is then entered on the site to confirm that it is really the cardholder that’s authorising the payment. 

Malaysian websites are required to offer One-Time-Pin (3D) for online transactions, however, this isn’t mandatory (non-3D) on international sites such as PayPal and even Facebook. According to CIMB, it is common industry practice for banks to accept payments for both 3D and non-3D transactions. 

Disputed transactions to be refunded in 14 days

Despite the recent postings on Facebook, CIMB claims that the level of unauthorised transactions is still within normal levels based on their current monitoring. Customers are urged to report any irregularity with their card transactions through their official channels. According to CIMB, you can file a dispute if you spot any irregular non-3D based transactions and the transacted amount will be credited back into the customer’s your account within 14 days after a verification process.  

Below is their updated FAQ on Debit Card transactions. 

Compromised card details

In order to make a transaction online, a merchant will require your card’s number, expiry date, and the 3 digit CVV number. If someone can complete an unauthorised transaction with your card, there is a high probability that your card details are compromised. If this is your situation, it is best to cancel the card and replace it with a new one. 

Today’s security mess surrounding CIMB could have been avoided if there was clear communication from the bank, especially when it involves new security features. The confusion about the password field and the appearance of the additional reCAPTCHA caused unnecessary panic among users who assumed that the two were signs of the website being compromised. 

Related Posts

CIMB ‘kena hacked’: CIMB says it’s normal to login with extra characters added to password

CIMB ‘kena hacked’: CIMB says, reCAPTCHA authentication is an additional measure to “enhance security”

CIMB ‘kena hacked’: “Our system remains secure”, CIMB issues statement