After addressing concerns of being able to login with “wrong passwords” and the appearance of reCAPTCHA on CIMB Clicks, CIMB has finally issued a clarification on unauthorised transactions. As reported early this morning, several users have complained of being charged repeatedly for PayPal transactions via their debit cards.
According to CIMB’s latest FAQ, these unauthorised transactions have nothing to do with CIMB Clicks. Such transactions were performed at 3rd party e-commerce sites that don’t offer 3D authentication. 3D authentication is basically a user verification system where the bank will send a one-time verification code to your mobile device. This One-Time-Pin is then entered on the site to confirm that it is really the cardholder that’s authorising the payment.
Malaysian websites are required to offer One-Time-Pin (3D) for online transactions, however, this isn’t mandatory (non-3D) on international sites such as PayPal and even Facebook. According to CIMB, it is common industry practice for banks to accept payments for both 3D and non-3D transactions.
Despite the recent postings on Facebook, CIMB claims that the level of unauthorised transactions is still within normal levels based on their current monitoring. Customers are urged to report any irregularity with their card transactions through their official channels. According to CIMB, you can file a dispute if you spot any irregular non-3D based transactions and the transacted amount will be credited back into the customer’s your account within 14 days after a verification process.
Below is their updated FAQ on Debit Card transactions.
In order to make a transaction online, a merchant will require your card’s number, expiry date, and the 3 digit CVV number. If someone can complete an unauthorised transaction with your card, there is a high probability that your card details are compromised. If this is your situation, it is best to cancel the card and replace it with a new one.
Today’s security mess surrounding CIMB could have been avoided if there was clear communication from the bank, especially when it involves new security features. The confusion about the password field and the appearance of the additional reCAPTCHA caused unnecessary panic among users who assumed that the two were signs of the website being compromised.
Owners of Proton e.MAS 7 BEV and PHEV as well as e.MAS 5 will be…
Sony PlayStation has recently released the DualSense PC Ready Edition in Malaysia. While it might…
Meta has confirmed that it will remove end-to-end encryption from Instagram Direct Messages (DMs), effective…
After making its official launch in early March 2026, the first sales campaign for the…
TNB Electron has deployed a highly-anticipated EV charger up north in the state of Perlis…
iPhone users in Malaysia can soon enjoy 5G Standalone (5G SA) and 5G Advanced with…
This website uses cookies.