Impersonation scam is a fraud initiated by a scammer pretending to be the victim’s close contact to trick the victim into sending them money.
Security Threats
Your Protection
How we protect you online?
The bank understands your constant concerns about the security and safe keeping of your online account. With the rise in online fraud, we recognize our role in culling these incidents. Here are some of the steps and precautions that we take in order to combat these threats.
The most basic security feature used as profile identification.
Be sure to select a strong password consisting upper and lower case letters, numerals and characters to keep your profile even more secure.
PLP functions just like a secret code that would be displayed for you just before you enter your password to login.
Your PLP should be unique and only you would know what it is. Never divulge your PLP to anyone under any circumstances.
If your PLP does not match, do not key in your password and instead contact the bank immediately.
PLP Registration
Step 1 - Key in your User ID and click 'Next'.
Step 2 - Enter your password and click 'Login'.
Step 3 - A pop up will then prompt you to select a PLP. Click 'Yes'.
Step 4 - Enter your chosen personal login phrase and click 'Confirm'.
Tips
- Phishing website will never be able to replicate your PLP.
- Try to pick catchy or memorable phrases which are meaningful to you.
- Do not use your User ID and Password for your PLP.
Examples of good PLPs
- VIOSAJ2328
- No1AsamLaksa@Penang
- 0ldMcDonaldHad1Farm!
- BondJamesBond007
Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are security protocols for establishing an encrypted links between a server (website) and a client (web browser) on the internet.
SSL/TLS allows sensitive information such as your login credentials and credit card numbers to be transmitted securely. This prevents any hackers to eavesdrop or tamper your data for malicious intentions.
How to check if the website is secured by SSL/TLS protocols?
- Check the URL on the browser. Ensure it is displaying the words “HTTPS” and has green padlock icon.
- Click on the padlock icon. This will bring up the security information of the website.
- Click on “Certificate/More Information” to view the SSL/TLS version, issued website, and the validity of the certificate.
IMPORTANT
When you’re banking with PBe, Make sure the SSL/TLS certificated is issued to as follows:
- Home page: www.pbebank.com
- PBe Login page: www2.pbebank.com
If they are not displayed as above, close the website immediately and report to the Bank accordingly.
Sample (PBe Login Page)
Your online activity is constantly being monitored for abnormal or suspicious behaviour. Whenever a discrepancy is detected, a notification will be sent out to inform about the inconsistency and then further action can be taken to secure your account.
Challenge questions are presented to provide an extra layer of security to further authenticate your identity when you login and transact with us.
These three questions that you set up with your own personal answers help us verify your identity. When setting up your Challenge Questions, please ensure that you pick your questions which are personal to you so that you can remember the answers easily.
Steps to set up the challenge questions
- After login to your account, select Profile Maintenance.
- In the profile maintenance page, select Manage Profile
- Finally, select Change Challenge Question
These three questions that you set up with your own personal answers help us verify your identity.
When setting up your Challenge Questions, please ensure that you pick your questions which are personal to you so that you can remember the answers easily.
PBe Authentication code or PAC is a six digit authentication code generated by the system and delivered via SMS to your registered mobile phone when performing online transactions.
How does PAC works?
- When making a transaction, ensure that the transaction details are correct. Then request for PAC.
- The PAC SMS will be sent to your registered mobile phone. The PAC SMS carries within important details regarding the transaction performed.
- Enter the PAC number sent via SMS to your mobile phone into the PAC field at the transaction screen.
Ensure that the “Serial Number” for the PAC shown on your mobile phone correspond with the “Serial Number” shown at the PBe transaction screen before you click on the “Confirm” button.
Important!
- If you receive a PAC SMS that you did not perform or where the transaction details differ, there is a strong probability that your PBe account may have been compromised.
Disregard the PAC. Immediately contact us at 03-2177 3555 between 6 a.m. to 12 midnight, 7 days a week or email us at pbesecure@publicbank.com.my. - PAC is not required for PBe login.
SecureSign is a digital signing service for customers to perform and approve financial transactions performed via PBe in a safe and secure manner. It offers another layer of security over your online banking account.
SecureSign uses a digital signing process whereby a transaction performed through PBe is approved by the authorizer(s) based on a SecureSign Code generated by the SecureSign token.
SecureSign uses Two Factor Authentication to verify and secure online banking transactions. The token is secured with PIN and uses advance encryption standards.
The bank will send a SMS alert whenever a transaction is made to your bank account or credit/debit card.
The alert will contain details of your transaction for you to review and as a notification that your transaction has been confirmed.
This also functions as a security feature as when you receive an alert but did not make any transaction, you will immediately know your card/account is compromised.
From here, you can contact the bank for further action.
Automatic Time-Out
If you are logged in to your account and the page hasn’t received any activity after a certain period of time, your account will be automatically logged off.
This will significantly reduce the risk of your idle account exposed to data breach.
Date/Time Stamp
Upon logging out, an activity summary listing will be displayed.
The activity summary will display your login and logout time/date stamp and any transactional activity during your session.
You can review the summary to check if the information displayed is accurate and check for any discrepancies.
How you can protect yourself online
Online security begins and ends with you. Therefore it is crucial for you to know of the safety measures that you can make by yourself to avoid being scammed.
Here are some tips on how you can perform security checks on your end.
- Activate and approve transactions with PB SecureSign
- Reduce your daily transfer limits
- Don't download any APK files
- Don't login from downloaded APK files
Using a strong password is the first security measure you can setup for your online accounts. A strong password consists of upper & lower case letters, numerals, and characters.
Try not to use the same password for different online accounts. This will only make it easier for hackers to compromise all your accounts.
After the transfer is done, verify your post transaction notification to further check the details of your transaction.
The notification will tell you the amount of funds transferred and to whom.
If you receive this notification but you did make any transaction, immediately call the bank for further action.
Equip yourself with all the tools to combat scams.
Try out our online quiz to test your knowledge or visit the Online Security page frequently to identify new threats.
Sign up for our newsletter and follow us on WeChat to receive constant updates. Keeping up with the latest threats enables you to identify the signs and symptoms of fraudulent attempts on your online account.
Before you key in your password, always look out for your Personal Login Phrase (PLP) and ensure it is displayed correctly.
Do not proceed with the login procedure if the PLP does not match the one that you’ve set.
Ensure all your devices are secured from threats. Install anti-virus software for your PC and browser.
Do not do your banking session while connected to a public Wi-Fi connection.
This will severely expose your device to hackers. Besides that, avoid rooting or jailbreaking your mobile device, doing so will put your device at risk.
After the transfer is done, verify your post transaction notification to further check the details of your transaction.
The notification will tell you the amount of funds transferred and to whom.
If you receive this notification but you did make any transaction, immediately call the bank for further action.
Have you encountered any problems regarding the security of your account such as your password or your account being compromised by hackers?
Or did you come across any suspicious activities such as receiving a suspicious looking email claiming to be from the bank or an SMS reporting a transaction that you didn’t perform?
If you are unsure on how to proceed in these situations, do not hesitate to contact the bank for help.
You can alert us at 03-2177 3555 between 6 a.m to 12 a.m, 7 days a week or email us at pbesecure@publicbank.com