Online Security

Online Security

The security of your internet and mobile banking is of utmost concern to us. To this end, we are committed to high standards of online security and confidentiality to ensure you can use PBe and PB engage with full confidence.

This page will provide simple yet effective security tips and information to help you become a more knowledgeable and security conscious user.

Let’s stay safe online together.

In this video, we will show how to identify the genuine PBe website from the fake website.

 

Secure, simple and private.

In a world that's more connected than ever, there's an even greater need for security. We recognise how important online banking is to you, so we are making it easier yet secure for you to perform your transactions.

By enrolling a series of unique challenge questions and answers, we are further personalising your online banking experience and minimising the risk of potential unauthorised access to your accounts.

All new customers will be directed to set up their challenge questions and answers when they activate their PBe account for the first time.

Click here for FAQs.

 


An Introduction to Online Banking Fraud
Public Bank is committed to stringent standards on online security and confidentiality to ensure that you are able to use PBe Internet Banking and PB engage Mobile Banking with ease and confidence.

Cyber criminals are always on the lookout for quick financial gains through various methods such as phishing, phone and SMS scams as well as malicious software (malware) attacks. Who are their targets? The general public – people like you.

Hence, always be reminded that when it comes to online banking, one can never be too careful. This leaflet will guide you with the knowledge on how to protect yourself from becoming a victim. Let’s work together to prevent online fraud and identity theft!

10 Tips to Safeguard Your Internet Banking

  1. Always key in PBe’s official website addresses:
    • www.pbebank.com
    • www.pbebank.com.my
      Do not use search engines to locate the Bank’s website address.
  2. Check your address bar. It should be green in colour and a padlock must be displayed.
  3. Enter your User ID. Ensure that your Personal Login Phrase (PLP) is correct before keying in your password.
  4. Check your name, last login date and time at the Welcome Page as well as account balances.
  5. Choose a complex password with a combination of alphanumeric and special characters.
  6. Update your anti-virus software regularly.
  7. Do not share your User ID and Password with anyone.
  8. Never access your internet banking account from publicly shared PCs and WiFi.
  9. Always log out of PBe properly by clicking on the logout button.
  10. Check out PBe’s online security page & Privacy Notice regularly.

10 Tips to Safeguard Your Mobile Banking

  1. Download PB engage from Google Play Store and Apple App Store only.
  2. Password protect your devices.
  3. Don’t store personal financial data on your devices.
  4. Install mobile antivirus software on your devices.
  5. Be careful when Installing new apps. Control app access and permissions.
  6. Inform PBe Customer Support if your device is lost or stolen.
  7. Don’t click on any suspicious or unverified links sent via Facebook, WhatsApp, SMS or e-mail.
  8. Never access PB engage via public WiFi.
  9. Update your operating system regularly.
  10. Always log out of PB engage properly by clicking on the logout button.

Public Bank will never request customers to provide their online banking details. If you receive any suspicious pop-up messages on your browser, calls, e-mails, SMSs, please disregard it.

When in doubt, always consult PBe Customer Support at 03-21795000 or customersupport@publicbank.com.my

PAC
Always reconfirm the details on your PBe Authentication Code (PAC) SMS. PAC is a system generated six digit authentication code. Each PAC is unique and acts as an additional layer of security to protect your banking accounts. Always treat each PAC with care.

You will receive a PAC on your mobile phone when you are performing an online transaction. Always check the transaction details to ensure it is in order before entering the PAC. If you receive a PAC SMS that you did not perform or where the transaction details differ, disregard the PAC and contact our PBe Customer Support immediately.

Remember: PAC is never required at PBe’s login page.

 

New PBe Login Requirement: PLP Confirmation - 18 July 2016

As an added security, logging into PBe is now a 3- step process:

1. Enter User ID
2. Confirm that your Personal Login Phrase (PLP) is correct by selecting 'Yes' or 'No'
3. Enter your Password


On 23 April 2015, Public Bank added a new security feature to PBe and PB engage called Personal Login Phrase (PLP). The PLP is part of the Bank’s ongoing security enhancements to deter online fraud.

The PLP is a user predefined secret passphrase. It will be displayed at the login screen in your subsequent visits to PBe and PB engage.

Never divulge your PLP to anyone under any circumstances.

Here's a step-by-step guide:

Step 1- Key in your User ID and click 'Next'.

Step 2- Enter your password and click 'Login'.


Step 3- A pop up will then prompt you to select a PLP. Click 'Yes'.




Step 4- Enter your chosen personal login phrase and click 'Confirm'.


The PLP will be displayed in all subsequent logins.

Your chosen phrase can be between 13 to 20 characters with a combination of alphanumeric and selected special characters:
` ~ ! @ $ % ^ * _ = + [ ] | ; : . / ?

Tips
  • Try to pick catchy or memorable phases which are meaningful to you.
  • Do not use your User ID and Password for your PLP.

Examples of good PLPs
 
  • VIOSAJ2328
  • No1AsamLaksa@Penang
  • 0ldMcDonaldHad1Farm!
  • BondJamesBond007
 

I do not have any good ideas for my PLP yet. Can I try again later?
Yes, you may proceed to log in and perform your transactions. However, you are required to enter a PLP by your fourth login.

I want to change my PLP. What should I do?
You may change your PLP anytime at Profile Maintenance at the welcome page. Enter the PAC SMS or Secure Sign code received and click “Confirm”.

What if the PLP is not displayed or incorrect?
Do not proceed with the log in if the PLP is not displayed or incorrect. Contact our PBe Customer Support hotline at 03-21795000 immediately.

Public Bank has adopted a new internet security feature named Transport Layer Security (TLS) on PBe to help you visually verify that you've arrived at our authentic web site.

What is TLS and how does it work?

TLS is a security technology for establishing an encrypted link between a web server (website) and a browser (client) on the internet. It allows sensitive and confidential information to be transmitted securely to prevent eavesdropping and tampering of data.

What should I look out for?

  1. The address bar in your browser. It will display https://
  2. The locked green padlock will be displayed on the address bar. You can click the padlock to view details about the certificate that secures the site and the certificate issuer.
 

A green padlock isn't displayed on my address bar. What should I do?

Check your browser version. You would need to install the minimum version of your preferred browser to see the green padlock/indicator.

  1. Google Chrome Version 1.0 and above

     
  2. Internet Explorer Version 7.0 and above

     
  3. Mozilla Firefox Version 3 and above
 

If this does not work, please contact our customer support helpdesk at 03-21795000.

PAC

With effect from 15 November 2006, it is mandatory for all PBe customers to use a security authentication code known as "PBe Authentication Code" (PAC) when performing online transactions and updating of personal details.

The introduction of PAC is to provide a greater security framework so that PBe customers can use our Internet Banking Service with full confidence and at your convenience.

What is PAC?

  1. PAC is a unique 6-digit authentication code which is system generated.
  2. PAC acts as an additional security for you when you perform online transactions and updating your personal details.

How does PAC works?

  1. Login to PBe online banking using your existing USER ID and PASSWORD.
  2. At the PBe transactional screen, ensure the transaction details are correct. Then request for PAC.
  3. The PAC SMS will be sent to your registered mobile phone. The PAC SMS carries within important details regarding the transaction performed.
  4. Enter the PAC number sent via SMS to your mobile phone into the PAC field at the transaction screen. Ensure that the "Serial Number" for the PAC shown on your mobile phone correspond with the "Serial Number" shown at the PBe transaction screen before you click on the “Confirm” button.
IMPORTANT!
  • If you receive a PAC SMS that you did not perform or where the transaction details differ, there is a strong probability that your PBe account may have been compromised. Disregard the PAC. Immediately contact us at 03-2177 3555 between 6 a.m. to 12 midnight, 7 days a week or email us at pbesecure@publicbank.com.my.
  • PAC is not required for PBe login.
Can I use the same PAC for multiple transactions?
  1. No. For online banking safety a new PAC is required for each transaction.
When is PAC required?
  1. PAC is required when performing the following transactions as listed below:
    • Fund Transfer to Own Account (Above RM5,000.00 up to a maximum RM100,000 per day)
    • Fund Transfer to Other PBB Account
    • Interbank GIRO (IBG) / Instant Transfer / RENTAS
    • Bill Payment
    • Investment
    • Prepaid Top-up
    • Manage Favourite Accounts
    • Manage Profile
    • Direct Debit / Payment Agent
    • Financial Process Exchange (FPX)
    • Foreign Remittance
    • Western Union Send Money

How do you obtain your PAC?

  1. If you have registered your mobile phone number, your PAC can be requested via PBe and the 6-digit authentication code will be transmitted to your mobile phone via SMS
    Note: For customers who are going overseas, you must have an active Malaysian mobile service number with international call roaming service or apply for the SecureSign Token.

How to register your mobile phone number?

  1. All PBe customers with mobile phone service are required to register their mobile phone number via Public Bank branches.
    Note: Should there be a change in your mobile phone number, you are required to update your new mobile phone number at any Public Bank branches.
  2. Once you have registered your mobile phone number, you can request for PAC online and it will be transmitted to your mobile phone via SMS.

 

Fraud Alert: Phone Scam Targeting Public Bank Customers

Recently, the Bank received numerous enquiries from customers regarding telephone calls supposedly from the Bank on false pretext to obtain personal banking details to defraud customers.

The victim will receive a telephone call purportedly from the Bank. The caller will say that the Bank had detected large sums of money being transferred from the victim's account. The caller will then request the victim to disclose his / her banking details such as PBe User ID and Password, bank account number, ATM, Credit or Debit Card details to facilitate investigation.

The caller will convey a sense of urgency and pressure the customer to listen to their instructions or face dire financial consequences.

To make the scam even more convincing, the fraudster may use a technique known as Caller ID spoofing so that PBe Customer Support contact number, 03-2179 5000, is displayed as an incoming call on the victim's mobile phone shown below:

Always be sceptical of calls you received even it is from the Bank. If the caller asked for your personal banking information such as your Internet Banking User ID, Password, PAC code or your ATM Card Number and PIN, hang up the call immediately.

The Bank will NEVER request for personal banking details when contacting customers. Do not disclose your personal and financial information over the telephone, through e-mail, SMS or over the Internet unless you yourself initiated the contact or know with whom you are dealing with.

If in doubt, contact any PBB / PIBB branch or PBe Customer Support at 03-2179 5000 for assistance.


Fraud Alert: BNM Bogus E-Mail

Recently, Bank Negara Malaysia (BNM) has issued a warning on a bogus e-mail. According to the Central Bank, the e-mail using BNM's name requested the public to download an attachment.

Please be reminded that BNM and Public Bank will never request for your personal banking information be it via phone calls, SMS or e-mails.

The e-mail scam has extended to include LHDN.

Click here for more information.


Malware Targets Corporate Customers

Recently, incidents of financial malware (malicious software) targeting corporate customers have been reported by some banks in Malaysia.

How does the malware work?

  1. PCs are infected with the malware disguised as file downloads through attachments and links sent from unknown e-mail sources or websites visited.
  2. When the unsuspecting victim access the bank's genuine website, the malware is activated. A keylogger/spyware will capture the login credentials.
  3. Pop-up windows seemingly from the bank requests for confidential banking information for bogus reasons e.g. security updates, system maintenance, profile updates, etc

Note: PBB will NEVER request for our customer’s confidential or banking information online for any reason.

Should it happen to PBB corporate customers, the scam is to trick the user into divulging the SecureSign token information.

Here is a possible fake scenario:

Upon clicking 'Next', the user is requested to enter the SecureSign code into the field provided.

At the same time, the fraudster had performed an unauthorised fund transfer through the genuine website with the compromised User ID and Password to an account number 2238679850 for the amount RM5,957.50 and is now awaiting the token code to complete the fraudulent transaction.

In PBB’s genuine website, the beneficiary's account, amount and SecureSign code is displayed together with the transaction details for customer's confirmation.


Phishing Through Search Engines

This is a variation of phishing e-mails. Instead of re-directing a user to a phishing website via a hyperlink embedded in an e-mail, cyber criminals are now targeting their victims through advertisement space that appears in search results based on keywords entered.

When a user unwittingly clicks on the malicious link, he or she is taken to a phishing website.

Important! The Bank’s official URL addresses are as follows:
https://www.pbebank.com
https://www.pbebank.com.my

Some samples are shown below:






Phishing Webpages 

  1. The URL address in the address bar is wrong, the site is unverified. Hence, there is no green padlock and address bar.
  2. The login fields are wrong. Currently, only the User ID login field is displayed on the first screen. The Personal Login Phrase (PLP) is only displayed for verification together with the Password field at the subsequent login page.
  3. To learn more about phishing, click here

  1. Beware, PAC (PBe Authentication Code) is NEVER required during the login process.
  2. If your PBe account has been compromised, this is an attempt by cyber criminals to steal the PAC for a transaction performed by them.
  3. Read each PAC SMS delivered to your mobile phone very carefully. If you did not perform a fund transfer, disregard the PAC and report the matter to us at 03-2177 3555 between 6 a.m. to 12 midnight, 7 days a week or email us at pbesecure@publicbank.com.my.
  4. To learn more about PAC, click here

Financial Malware

It was recently reported in the mainstream media that a malware known as the ‘Zeus’ virus is targeting e-banking consumers’ mobile phones and tablets causing the devices to be more vulnerable to financial data theft.

The new scam works in the following manner:

While the customer is accessing the bank’s website from a PC infected with the malware (virus), a pop-up notice is displayed requesting for the customer’s mobile phone details for various reasons.



Subsequently, in an attempt to get access to the PAC SMS, a SMS is sent to the customer’s mobile phone with a download link provided.


The app shown below is fake. If it is found on your mobile phone, have it uninstalled immediately.




Please be reminded that Public Bank does not, and will never request for sensitive/confidential information from our customers online or via e-mail, letters and telephone calls/sms. The Bank has your personal information and mobile phone number when an account was opened with us.

You are advised to exercise caution when performing your online transactions and ensure your PC and mobile devices are protected with an effective anti-virus software.

Should you encounter such prompts, please take the following actions:

 

  1. Do not act on such notices. Exit the page immediately.
  2. Set your PC to scan for the virus from the following links:
  3. Alert us at 03-2177 3555 between 6 a.m. to 12 midnight, 7 days a week or email us at pbesecure@publicbank.com.my for assistance.

For further information please visit
http://www.mycert.org.my/en/services/advisories/mycert/2014/main/detail/1002/index.html

Computer Viruses
 
Computer viruses are malicious software or malware that infect computer devices and perform harmful actvities such as interfering with the system's operations, corrupting data, logging user's keystrokes and stealing private information.
 
Computer viruses are usually spread through e-mail attachments, infected files and software downloaded from the Internet.
 
Phishing Scam 
 
Phishing is a process to obtain personal and financial information such as user IDs, passwords and security codes from the user. It is a form of identity theft. Emails purportedly from the Bank are sent to many recipients under false pretence.
 
More often than not, the emails may imply a sense of urgency or serious consequences should the user did not respond to it. For example, it could be worded in such a manner that if no action is taken, the account will be suspended.
 
It usually comes with a link that the user can click on which will direct the unsuspecting victim to a fake website to steal the user ID, password and PAC. 
 
Samples of phishing emails - click here

Samples of phishing/fake website - click here
 
Phone Scam
 
This comes in the form of a phone call purportedly from Bank Negara Malaysia, Bukit Aman/Polis DiRaja Malaysia or a Government Agency. The victim is usually informed of some irregularities with the account in question and action needed to be taken immediately. 
 
To make it even more convincing, the caller will refer the victim to another 'person of authority' within the same agency who could 'assist' in the matter. 
 
Usually, the victim is coaxed into transferring all the money into a third party account for safekeeping when in actual fact it had been withdrawn.
 
SMS Scam
 
These are fraudulent SMS sent to unsuspecting victims informing them that they have won a cash prize. To claim the prize, the victim is told to transfer a certain amount of money to a third party account or open an internet banking account at the ATM. The victim is tricked into divulging the registered User ID and Password to the fraudster.
 
Having done as instructed, the victim had unknowingly given the fraudster access to their banking account. 
 
Beware! If it is too good to be true, it probably is. 
 
Samples of SMS scams - click here

These are some of the measures implemented to safeguard your online banking transactions with us:

Encrypted Data 
 
All information transmitted over PBe is protected by Transport Layer Security (TLS).This prevents information theft.

 
Transport Layer Security (TLS) Certificate

TLS is a security technology for establishing an encrypted link between a web server (website) and a browser (client) on the internet. It allows sensitive and confidential information to be transmitted securely to prevent eavesdropping and tampering of data.

These visual cues will help you identify that you have arrived at the genuine PBe site.



PAC Number
 
PBe Authentication code or PAC is a six digit authentication code generated by the system and delivered via SMS to your registered mobile phone when performing online transactions.

 

SecureSign 
 
SecureSign is a digital service for corporate customers to perform and approve financial transactions performed via PBe in a safe and secure manner. It offers strong two factor authentication to effectively combat fraud by ensuring the authencity of transactions.


 
Automatic Timeout  
 
If you’ve accidentally left your computer unattended for a certain period of time, your account will be automatically logged off.

 

Date/Time Stamp
 
The date and time of your last visit is displayed on your home page. Please take a few seconds to check if the information displayed is accurate.

 

Security Advisory 
 
If you ever doubt the legitimacy of any emails, sms-es or calls claiming to be from the Bank, please contact us at 03-2177 3555 between 6 a.m. to 12 midnight, 7 days a week or email us at pbesecure@publicbank.com.my immediately.
 

Mobile banking is expected to advance more rapidly in Malaysia as the usage of devices such as smartphones and tablets continues to rise. While the advancement of technology has made online banking more convenient for consumers, cyber fraud has also become more sophisticated.

According to reports, Android mobile devices run a higher risk of being infected by malicious software (malware). As smart consumers, it is our duty to keep our mobile devices safe from malware.

How can you protect your mobile devices from malware?

  1. Refrain from rooting or jailbreaking your mobile devices as this could compromise its security features
  2. Install anti-virus or anti-malware software
  3. Download apps from Google Play/ Apple App Store only
  4. Refrain from clicking hyperlinks from SMS messages, messaging apps or e-mails from unknown sources
  5. Control and manage application access and permissions

 

Secure your Computer 
 
Ensure your computer or mobile device Operating System (OS), Browser and Firewall settings are up to date with the latest security patches. Enable automatic Windows update. Employ strong User IDs and Passwords. Change your passwords regularly. Clear your browser's cache and history after each log in session.
 
Anti-Virus Programs
 
Protect your computer with a strong and effective anti-virus software and keep it updated. Enable total protection where possible to block Trojans, hackers and spyware from infecting your computer. Regularly scan your computer for viruses and malicious software.
 
Other Safety Tips
 
Other things to do to keep your transactions safe 
  • Do not open any suspicious or unsolicited emails; delete them. 
  • Do not click on any links or open any attached files found in spam emails/SMS. 
  • Do not give your personal and financial information over the telephone to unverified callers. 
  • Never enter your internet account details on a website that you are not sure is genuine.
  • Verify your PLP before you login
  • Always check the PAC SMS content before entering the PAC code at the website.
  • Do not use search engine to locate the Bank’s website address. Type the Bank’s official URL at the address bar which is www.pbebank.com or www.pbebank.com.my
  • Do not select the browser option for storing or retaining user name and password.

Are you an easy target or a sharp internet user? Take our quiz to find out!


Ready for another challenge? Click here for our previous quiz.

Experiencing laggy internet banking sessions recently?
 
This could be caused by your browser. Please upgrade your browser to its latest version to improve your online banking experience with PBe.
 
Why you should upgrade your browser:
 
  1. Security
    The latest browsers protect you against new viruses, Trojans and other threats.
  2. Speed
    You will experience a smoother online banking session.
  3. Compatibility
    Website interfaces will be displayed more accurately.
  4. User-friendliness
    New browsers typically come with new features, extensions and better customisability which will improve your overall web surfing experience.
Click on the links below to download now.
Bank Negara - click here
The Association Of Banks In Malaysia- click here
PDRM click here
MCMC click here
Scam Alert Singapore click here