CIMB announced that they will be implementing single-device authentication for CIMB Clicks from the end of this month, October 2022. By then, all new and existing users who download or re-install the CIMB Clicks app (iOS, Android) will only be able to register a single device to use the app and its SecureTAC feature.
As for existing users who currently are using two registered devices, CIMB says that it will be initiating its migration exercise to a single device by March 2023. Users will be urged to proactively deactivate their non-primary devices before then.
According to the bank, they are taking a phased approach introducing this new measure “to ensure customers will have sufficient time to adapt”. After the migration period, CIMB will automatically deactivate non-primary registered devices on the app. Here’s how to deactivate your non-primary devices:
- Log into the CIMB Clicks app (iOS, Android) using your primary device
- Scroll left on the home screen to find ‘Settings’
- Refer to ‘Other Registered Device’ to check if there are other devices registered
- Swipe left on the device name
- Tap on the “Delete” button (in red) and confirm the deletion
Once you’ve removed your ‘Other Registered Device’, an SMS notification will be sent to your main device to let you know that you’ve deleted the secondary device. CIMB also advises customers to “be attentive and take immediate action” if they receive any notifications of a new and unknown device being activated using their account.
In September, Bank Negara Malaysia instructed financial institutions like CIMB to stop using SMS One Time Passwords (OTP) as a form of authentication for online activities or transactions. They ask institutions to take “to further strengthen safeguards against financial scams” as “scams and cybercrimes have been on the rise” in Malaysia.