Online Banking & App Security | Latest Measures | OCBC Help & Support

Help And Support

OCBC Digital Banking - Online Security

Frequently asked questions
  • Adopting the latest security measures against malware

    请阅读 针对恶意软件采取最新的安全措施 常见问题中文版本

    As part of our ongoing efforts against cybercrime and to protect your online banking experience, we introduced an essential security feature to the OCBC Digital app.

    The latest versions of the OCBC Digital app on Android are built to work more optimally and securely on devices whose mobile apps were all downloaded from official app stores (e.g. Google Play Store or Huawei AppGallery). Such apps are verified before they are made available for downloading. Apps from other sources (e.g. official brand websites or apps installed using Android Package Kit (APK) files) are not verified. They tend to have more security vulnerabilities and so are more susceptible to malware infection, which can allow cybercriminals to gain control of your device and, subsequently, your banking app(s) and personal details.

    This inherent risk in apps downloaded from sources other than official app stores has been reiterated by Singaporean authorities, who classify malware scams as particularly aggressive and a serious threat to consumers. Despite constant reminders by the authorities of the dangers of downloading these apps, the number of customers falling prey to malware scams has continued to increase.

    If you try to access the latest OCBC Digital app on a device which has apps downloaded from sources other than an official app store, a message – warning you that one or more apps on your device may contain malware – will pop up on the screen. We recommend that you uninstall such apps before continuing to use the OCBC Digital app securely. You do not have to delete the OCBC Digital app.

    Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you may turn off ‘Accessibility’ for these apps before continuing to use the OCBC Digital app securely. You can do so via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps*.

    Turning off 'Accessibility' will cut off scammers’ remote access to, or keylogging of, your phone and any access to your bank account(s). However, we do not recommend this option because of the residual risk – cybercriminals may still exploit ‘Accessibility’ services to compromise your devices. The preferred and safer option is to uninstall apps not downloaded from official app stores to completely remove the risk of malware from such apps.

    *The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.

    You may refer to our article on malware for more information on protecting yourself.


    FAQs

    1. When I open the OCBC Digital app, I see a pop-up message informing me that one of more apps on my device may contain malware. Why?

    As part of our efforts to safeguard our customers against malware attacks, and combat fraud and scams, we have introduced an essential security feature for the OCBC Digital app.

    The OCBC Digital app will now work more securely on devices whose mobile apps were all downloaded from official app stores. Malware attacks may emerge from apps that are downloaded from websites and other sources (i.e. not official app stores), potentially giving cybercriminals control of your devices.

    The pop-up message is meant to inform you that the OCBC Digital app will not work until you uninstall one or more apps not downloaded from an official app store (this is the preferred option), or until you turn off ‘Accessibility’ for these apps.

    Here is what the pop-up message looks like:


    2. Do I have to install the OCBC Digital app again when I see the pop-up message?

    You do not have to delete, download, or do anything to the OCBC Digital app. Instead, please uninstall the apps shown in the pop-up message to continue using the OCBC Digital app or turn off ‘Accessibility’ for those apps.


    3. Will the Bank know what other apps I have on my device through this security feature?

    We take privacy seriously. We do not monitor customers’ phone activity or conduct surveillance on customers’ phones. The new security feature does not collect or store any personal data; neither will it identify the owner of the device. We do not collect or store information on how our customers use apps installed on their mobile device.

    Instead, an additional security check is simply performed directly at the device level. This means that no information or data will be transmitted back to us. The information collected at the device level is only used to identify if certain security parameters are not met. These parameters include apps residing on a device which were not downloaded from an official app store, and which have ‘Accessibility’ turned on. Apps with ‘Accessibility’ turned on can render your device more vulnerable to exploitation by hackers, scammers and other bad faith actors using malware.

    We apologise for the inconvenience caused and seek your understanding that the security feature was implemented to protect our customers from malware or suspected malicious apps. Please refer to our article on malware for more information on how you can protect yourself.


    4. I want to continue using my OCBC Digital app alongside these apps. Is it possible for you to remove this control?

    This security feature was implemented with the intent of protecting our customers from malware and suspected malicious apps. If you wish to continue using your OCBC Digital app alongside apps that are downloaded from websites and other sources (i.e. not official app stores), you may turn off ‘Accessibility’ for such apps.

    Please refer to our article on malware for more information on protecting yourself.


    5. I want to continue using my OCBC Digital app. What can I do?
      To continue using your OCBC Digital app securely, we recommend that you follow these steps:
      1. Uninstall the app(s) shown in the message that pops up on your screen when you open your OCBC Digital app.
      2. Log in to the OCBC Digital app to ensure that it works.
      3. Once you confirm that the OCBC Digital app works, you can try to download the app(s) you deleted from an official app store (e.g. Google Play Store, Samsung Galaxy Store, Huawei Store).

    Alternatively, you can turn off the listed apps’ ‘Accessibility’ via the Settings menu on your device. For example, on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed apps*.

    *The steps to turn off an app’s ‘Accessibility’ may differ by phone model. Please refer to question 7 or check with your device manufacturer.


    6. What are ‘Accessibility’ services and how do criminals exploit them?

    Accessibility services, like text-to-speech and speech recognition, are designed to make technology easier to use. For these services to work, advanced Android system permissions have to be granted to the app requesting them, such as allowing the app to read the text on the device’s screen or record text typed using the device’s keyboard. The latter, for instance, could be used to record your online banking login details.


    7. How do I change the Accessibility settings for the third-party apps that I have downloaded?

    The path to changing Accessibility settings may differ by device manufacturer and operating system.

    Here are the possible paths for some popular phone models. If you continue to face difficulties with changing the Accessibility settings, please check with your device manufacturer.

    Samsung Galaxy A53 5G / Flip 4 / Fold4 / A73 5G / S21 Ultra / A23 5G: Settings > Accessibility > Installed Apps

    Samsung Galaxy S21 5G / Galaxy S10: Settings > Accessibility > Installed Services

    Oppo A78 5G / Reno8 5G: Settings > Additional Settings > Accessibility

    Oppo Find X2 Pro / A17: Settings > System Settings > Accessibility

    Huawei P50 Pro: Settings > Accessibility features > Accessibility > Installed Services

    Huawei Nova 3i / Nova 5T: Settings > Smart Assistance > Accessibility

    Huawei Mate30 & Huawei Y9a: Settings > Accessibility features > Accessibility (Scroll down to Downloaded Services)

    Google Pixel 5 / Pixel 3 XL: Settings > Accessibility

    Redmi Note 10 5G: Settings > Additional Settings > Accessibility > Downloaded Apps

    Poco X5 5G: Settings > Additional Settings > Accessibility > Downloaded Apps


    8. Why are some well-known apps being flagged by the OCBC Digital app?

    This security feature flags apps that have been downloaded from sources other than official app stores. You may have downloaded them from websites or other sources. If you need to continue using these apps, we advise you to first uninstall them. After taking the steps listed in question 5, you can then download and install the most up-to-date version of the app(s) from an official app store (this is the preferred option).

    Alternatively, if you prefer to keep these apps after having assessed that they are not malicious and do not pose a malware risk, you will be given the option to continue using the OCBC Digital app after turning off ‘Accessibility’ for these apps – via the Settings menu on your device (e.g. on Samsung mobile devices with the latest One UI user interface, you can navigate to Settings > Accessibility > Installed Apps). This step will help to prevent your device – and OCBC account(s) – from being controlled by cybercriminals looking to exploit potential vulnerabilities in these apps (because ‘Accessibility’ is turned on).

    We apologise for the inconvenience caused. The security feature was implemented to protect our customers from malware or suspected malicious apps. Should you require further assistance, please provide more information to us via our OCBC customer feedback form.


    9. Where can I read more about how malware may infect my mobile device?

    You may refer to the joint advisory issued by the Singapore Police Force and Cyber Security Agency on how malware may infect your mobile device through the downloading of apps that are not found on official app stores.


    10. What are the official app stores?
      The list includes:
    • Google Play Store
    • Samsung Galaxy Store
    • Huawei AppGallery
    • Xiaomi MI App Store
    • Amazon appstore
    • Vivo V-Appstore
    • Oppo App Market
  • OCBC kill switch

  • Additional verification to secure your PayNow and FAST transfers

  • OCBC Online Banking Security Guarantee

  • Safeguarding your Internet Banking Access

  • Difference between the 'OTP' and 'SIGN' buttons on the OCBC hardware token

  • New OCBC OneToken activation

  • Discarding faulty hardware token

  • Online banking security and safety tips