28 September 2022

Why SecureTAC is better than SMS TAC ?

Being one of the 5 measures (click here to read) which were highlighted by BNM to safeguard online banking users, financial institutions were advised to move away from using SMS TAC (or SMS OTP) to a more secure and better method.


The largest bank in Malaysia, Maybank, said that it will fully migrate to a more secure authentication method via Secure2u by June 2023, from SMS one-time password (OTP), to heighten online banking security.

Obviously, this is in line with BNM’s steer for banks to migrate from SMS OTP to more secure authentication for online banking transactions, Maybank said in a statement.

Wait.

Firstly, tell me what is a TAC?

Transaction Authorisation Code (TAC) is a security feature to protect your account from unauthorised use. To complete a transaction, you will receive a TAC from your bank in order to verify that you are the rightful person performing the transaction.

Oh, I see.

Then, why SecureTAC is better?
  • No more waiting for SMS
  • And, because of that, it works while you're in overseas too!
  • SecureTAC protects your transactions with enhanced encryption so that you can approve your web/app transaction right from your banking app quickly and safely
  • You need to register/activate your SecureTAC feature first before using it, thus, making it safer
  • The bank no need to pay the telco on the SMS services (this is what I think lah...😙)
Fyi, whenever a message was being sent via an SMS, there is the possibility of your online banking details being compromised or used by any third party.

Meaning, using SecureTAC reduces your exposure to SMS TAC fraud.

                                Ways to approve transactions with TAC (source: CIMB)


Source from Maybank:
"To further strengthen your online banking security, starting October 2022, the Secure2u feature on the MAE app will be enhanced with a 12-hour activation period when you enable Secure2u on a different device. This helps to prevent unauthorised Secure2u approvals."

Secure Verification vs Secure TAC

Bonus for you lah. Actually, there is a slight difference between the two methods to approve your transactions. Both are also secured, but with different methods only.
  1. Secure Verification

    Once you've requested for a Secure Verification, you will receive a push notification alert on your smartphone (this is the device you registered for Secure2u). Tap on the push notification to view your Secure Verification, then ‘Approve’ or ‘Reject’ the transaction within the time limit.

  2. Secure TAC

    You can get the 6-digit Secure TAC from your banking App by tapping on ‘Secure2u’ on the app menu. For Maybank, on the MAE app, tap ‘More’ > ‘Secure2u’ to retrieve it. Enter the Secure TAC to approve your transaction. This 6-digit number is auto-generated every 30 seconds, so make sure the number is still valid when you enter it.

Left: Secure Verification
Right: Secure TAC



Follow our active FB page via 

No comments:

Post a Comment

Finance Malaysia Blog appreciates your comment. Cheers!