请阅读 针对恶意软件采取最新的安全措施 常见问题中文版本

As part of our ongoing efforts against cybercrime and to protect your online banking experience, we introduced an essential security feature to the OCBC Digital app.

The latest versions of the OCBC Digital app on Android are built to work more optimally and securely on devices whose mobile apps were all downloaded from official app stores (e.g. Google Play Store or Huawei AppGallery). Such apps are verified before they are made available for downloading. Apps from other sources (e.g. official brand websites or apps installed using Android Package Kit (APK) files) are not verified. They tend to have more security vulnerabilities and so are more susceptible to malware infection, which can allow cybercriminals to gain control of your device and, subsequently, your banking app(s) and personal details.

This inherent risk in apps downloaded from sources other than official app stores has been reiterated by Singaporean authorities, who classify malware scams as particularly aggressive and a serious threat to consumers. Despite constant reminders by the authorities of the dangers of downloading these apps, the number of customers falling prey to malware scams has continued to increase.

If you try to access the latest OCBC Digital app on a device which has apps downloaded from sources other than an official app store, a message – warning you that one or more apps on your device may contain malware – will pop up on the screen. We recommend that you uninstall such apps before continuing to use the OCBC Digital app securely. You do not have to delete the OCBC Digital app.

Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you may turn off ‘Accessibility’ for these apps before continuing to use the OCBC Digital app securely. You can do so via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps*.

Turning off 'Accessibility' will cut off scammers’ remote access to, or keylogging of, your phone and any access to your bank account(s). However, we do not recommend this option because of the residual risk – cybercriminals may still exploit ‘Accessibility’ services to compromise your devices. The preferred and safer option is to uninstall apps not downloaded from official app stores to completely remove the risk of malware from such apps.

*The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.

You may refer to our article on malware for more information on protecting yourself.

FAQs

1. When I open the OCBC Digital app, I see a pop-up message informing me that one of more apps on my device may contain malware. Why?

As part of our efforts to safeguard our customers against malware attacks, and combat fraud and scams, we have introduced an essential security feature for the OCBC Digital app.

The OCBC Digital app will now work more securely on devices whose mobile apps were all downloaded from official app stores. Malware attacks may emerge from apps that are downloaded from websites and other sources (i.e. not official app stores), potentially giving cybercriminals control of your devices.

The pop-up message is meant to inform you that the OCBC Digital app will not work until you uninstall one or more apps not downloaded from an official app store (this is the preferred option), or until you turn off ‘Accessibility’ for these apps.

Here is what the pop-up message looks like:

2. Do I have to install the OCBC Digital app again when I see the pop-up message?

You do not have to delete, download, or do anything to the OCBC Digital app. Instead, please uninstall the apps shown in the pop-up message to continue using the OCBC Digital app or turn off ‘Accessibility’ for those apps.

3. Will the Bank know what other apps I have on my device through this security feature?

We take privacy seriously. We do not monitor customers’ phone activity or conduct surveillance on customers’ phones. The new security feature does not collect or store any personal data; neither will it identify the owner of the device. We do not collect or store information on how our customers use apps installed on their mobile device.

Instead, an additional security check is simply performed directly at the device level. This means that no information or data will be transmitted back to us. The information collected at the device level is only used to identify if certain security parameters are not met. These parameters include apps residing on a device which were not downloaded from an official app store, and which have ‘Accessibility’ turned on. Apps with ‘Accessibility’ turned on can render your device more vulnerable to exploitation by hackers, scammers and other bad faith actors using malware.

We apologise for the inconvenience caused and seek your understanding that the security feature was implemented to protect our customers from malware or suspected malicious apps. Please refer to our article on malware for more information on how you can protect yourself.

4. I want to continue using my OCBC Digital app alongside these apps. Is it possible for you to remove this control?

This security feature was implemented with the intent of protecting our customers from malware and suspected malicious apps. If you wish to continue using your OCBC Digital app alongside apps that are downloaded from websites and other sources (i.e. not official app stores), you may turn off ‘Accessibility’ for such apps.

Please refer to our article on malware for more information on protecting yourself.

5. I want to continue using my OCBC Digital app. What can I do?

To continue using your OCBC Digital app securely, we recommend that you follow these steps:
1. Uninstall the app(s) shown in the message that pops up on your screen when you open your OCBC Digital app.
2. Log in to the OCBC Digital app to ensure that it works.
3. Once you confirm that the OCBC Digital app works, you can try to download the app(s) you deleted from an official app store (e.g. Google Play Store, Samsung Galaxy Store, Huawei Store).

Alternatively, you can turn off the listed apps’ ‘Accessibility’ via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed apps*.

*The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.

6. What are ‘Accessibility’ services and how do criminals exploit them?

Accessibility services, like text-to-speech and speech recognition, are designed to make technology easier to use. For these services to work, advanced Android system permissions have to be granted to the app requesting them, such as allowing the app to read the text on the device’s screen or record text typed using the device’s keyboard. The latter, for instance, could be used to record your online banking login details.

7. How do I change the Accessibility settings for the third-party apps that I have downloaded?

The path to changing Accessibility settings may differ by device manufacturer and operating system.

Here are the possible paths for some popular phone models. If you continue to face difficulties with changing the Accessibility settings, please check with your device manufacturer.

Samsung Galaxy A53 5G / Flip 4 / Fold4 / A73 5G / S21 Ultra / A23 5G: Settings > Accessibility > Installed Apps

Samsung Galaxy S21 5G / Galaxy S10: Settings > Accessibility > Installed Services

Oppo A78 5G / Reno8 5G: Settings > Additional Settings > Accessibility

Oppo Find X2 Pro / A17: Settings > System Settings > Accessibility

Huawei P50 Pro: Settings > Accessibility features > Accessibility > Installed Services

Huawei Nova 3i / Nova 5T: Settings > Smart Assistance > Accessibility

Huawei Mate30 & Huawei Y9a: Settings > Accessibility features > Accessibility (Scroll down to Downloaded Services)

Google Pixel 5 / Pixel 3 XL: Settings > Accessibility

Redmi Note 10 5G: Settings > Additional Settings > Accessibility > Downloaded Apps

Poco X5 5G: Settings > Additional Settings > Accessibility > Downloaded Apps

8. Why are some well-known apps being flagged by the OCBC Digital app?

This security feature flags apps that have been downloaded from sources other than official app stores. You may have downloaded them from websites or other sources. If you need to continue using these apps, we advise you to first uninstall them. After taking the steps listed in question 5, you can then download and install the most up-to-date version of the app(s) from an official app store (this is the preferred option).

Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you will be given the option to continue using the OCBC Digital app after turning off ‘Accessibility’ for these apps – via the Settings menu on your device (e.g. on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps). This step will help to prevent your device – and OCBC account(s) – from being controlled by cybercriminals looking to exploit potential vulnerabilities in these apps (because ‘Accessibility’ is turned on).

We apologise for the inconvenience caused. The security feature was implemented to protect our customers from malware or suspected malicious apps. Should you require further assistance, please provide more information to us via our OCBC customer feedback form.

9. Where can I read more about how malware may infect my mobile device?

You may refer to the joint advisory issued by the Singapore Police Force and Cyber Security Agency on how malware may infect your mobile device through the downloading of apps that are not found on official app stores.

10. What are the official app stores?

The list includes:
• Google Play Store
• Samsung Galaxy Store
• Huawei AppGallery
• Xiaomi MI App Store
• Amazon appstore
• Vivo V-Appstore
• Oppo App Market

What is the OCBC kill switch?

The kill switch enables OCBC customers to immediately freeze all their current and savings accounts (including joint accounts), ATM access, debit and credit cards and digital banking if they suspect they are a victim of a scam or if they believe key account-related details have been otherwise compromised.

Once the kill switch is activated, no transactions – whether done digitally, via an ATM or at branches – can be made. Even recurring or pre-arranged fund transfers will be disabled.

How it works

Customers can activate the kill switch by calling 1800 363 3333 (+65 6363 3333 if calling from overseas) and selecting option ‘8’.

It can also be activated via the OCBC app and at selected OCBC ATMs.

The kill switch will suspend all accounts and the following services:

• Cash withdrawals and deposits (including salary crediting)
• Local and overseas funds transfers, both incoming and outgoing
• Bill payments
• GIRO transactions, both incoming and outgoing
• NETS payments
• Visa and Mastercard payments made using ATM/credit/debit cards in stores and online
• Digital banking transactions

One of our Customer Service Executives will contact the customer after the kill switch is activated to remove compromised bank account access or cards, and issue new ones. Only a bank branch employee or Customer Service Executive can deactivate the switch – and would only do so after receiving duly verified instructions from the customer. Once the kill switch is deactivated, the customer’s account will return to ‘normal’ and all settings prior to the account suspension – including GIRO arrangements and future-dated funds transfers – will be reinstated.

Step-by-step guide to activating the kill switch

To activate the kill switch and temporarily suspend their account(s), customers can use any of these three methods: Call our Personal Banking hotline, go to selected OCBC ATMs or use the OCBC app.

1. Call our Personal Banking hotline (1800 363 3333 or +65 6363 3333 if calling from overseas):

• Press 8 to have one of our Customer Service Executives assist you in English (or 9 if you require assistance in Mandarin)
• If you are in the queue to be served but wish to promptly activate the kill switch, press 8
• Press 1 to proceed
• Enter your 7-digit NRIC number followed by the hash key
• Press 1 to confirm NRIC number
• Enter your 16-digit credit or debit card number, or 10-digit ATM card number (not required if you called using the mobile number in our records)
• Press 1 to confirm card number (not required if you called using the mobile number in our records)
• Press 1 to confirm the suspension of your account(s) and card(s)
• You will be transferred to speak with a Customer Service Executive

2. Go to an OCBC ATM:

• Log in with an ATM/credit/debit card and PIN
• Select ‘More Services’
• Select ‘Suspend your accounts and cards’
• Select ‘Confirm’

3. Use the OCBC app:

• Launch the OCBC app and navigate to 'More’ > 'Kill switch'
• Select your identification type (NRIC/passport) and provide details
• Enter an SMS OTP to authenticate the request
• Your account(s) and card(s) will be suspended immediately
• "More" can be found prior to log in to OCBC app

When you make a PayNow or FAST transfer via Online Banking, the screen may show that your request is being reviewed. You will receive an email and SMS notification informing you that we are reviewing your request as well. For security reasons, we may also call you to verify the details of your request.

FAQs

1. Why is my request to make a PayNow/FAST transfer being reviewed and not immediately processed?

   For your security, we may review your request. This will take no longer than 6 hours and we will inform you of the outcome via email and SMS/push notification. During this time, we may call you to verify the details of your request. Please do not make another transfer to this payee until you hear from us.

2. I need to make a PayNow/FAST transfer urgently. What should I do?

   If you need help urgently, please call us at 1800 363 3333 (or +65 6363 3333 if overseas).

Our online security commitment to you

At OCBC Bank, we are committed to protecting the security of your online transactions. We use leading-edge and industry-standard technology and processes to help ensure that your privacy and transactions are not compromised on our servers, and that your interests are safeguarded.

Our guarantee against fraudulent transfers

As an assurance of our commitment, we guarantee a full refund of any money that has been transferred out of your account due to fraud via our Internet and Mobile Banking service, subject to our Electronic Banking Terms & Conditions. If you play your part in protecting yourself from fraud, you can bank online with peace of mind that the money in your account is protected against fraud.

Play your part in protecting yourself from fraud

Our guarantee protects you if you have played your part in protecting yourself from fraud by adopting the following measures:

• You have not shared your security details with anyone (these include your Access Code, PIN and security token);
• You have kept your hardware token secure at all times;
• You have secured your mobile device with passcode/biometric authentication to prevent another person from accessing your phone;
• You have equipped your computer or mobile device with the latest operating system security patches, anti-virus, anti-malware and firewall software. The installed software should be regularly updated to the latest version and run with latest signatures;
• You have followed our recommendations on Safeguarding Your Internet Banking Access and complied with all your obligations under the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts;
• You have updated us immediately when there is a change in your contact details, such as mobile number and e-mail address, for the purposes of receiving SMS alerts or e-mail notifications for online banking transactions and activities;
• You have updated us immediately when you change your mobile number for receiving One-time Password (OTP) via SMS; and
• You inform us immediately if:
  • you are aware of any suspected fraud, including any compromise or loss of your security device or security details; or
  • you receive SMS or e-mail alerts for transactions which you did not perform; or
  • you are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform,
  • and you furnish us with all information requested by us and provide your full co-operation.

Suspected unauthorised transactions? Inform us immediately

In the event should you become a victim of an unauthorised transaction, please inform us immediately. You can report to us at 1800 363 3333 or (65) 6363 3333 if you are calling from overseas or by visiting one of our branches during our opening hours.

After receiving the information required to facilitate the investigation, the Bank will complete an investigation of any relevant claim within 21 business days for straightforward cases or 45 business days for complex cases. We will notify you accordingly if we require more time for investigations.

For more information, click here

The 'OTP' button allows you to generate a One-Time password (OTP) for you to login to OCBC app and OCBC Internet Banking as well as for transactions that require OTP.

The 'SIGN' button is used to generate a unique code based on a series of numbers that you will enter into the token for important transactions. This code is then required to complete the transaction on OCBC app and OCBC Internet Banking.

There will be an on-screen step-by-step instruction to guide you on OCBC app and OCBC Internet Banking as you perform those transactions that require the use of the 'SIGN' button.

Simply download the latest OCBC app and follow the steps guide to activate OCBC OneToken.

IMPORTANT: If you are an existing hardware token user, you will need it to set up and activate your OneToken.

After activating your newly replaced hardware token, you may discard your older token as it will be deactivated automatically. You do not need to return it to the Bank.

You may refer to the Safety and Security information hub to discover the measures that we have in place to help you bank safely.

Learn about:

• How to get started with online banking
• How we protect you
• Security advisories
• How to safeguard yourself against prevailing scams and cyberthreats