KUALA LUMPUR: Users are overwhelmingly frustrated by the frequent online banking services outages and demand stronger security measures and clearer communication from financial institutions (FIs).
Industry observers believe the recent disruptions in online banking services by two of Malaysia's largest banks call for more proactive security measures and transparent communication strategies from FIs.
Consumers Association of Penang (CAP) president Mohideen Abdul Kader said FIs often have a "kill switch", a security feature that allows account holders to instantly block their internet banking access, accounts and cards if they suspect they are victims of a scam or that their login credentials have been compromised.
"Some FIs also offer a temporary kill switch to deactivate credit cards when they are not in use. FIs should display a message if there is an outage or anything concerning online services to prevent unnecessary worry for their customers, who might otherwise fear that their devices have been compromised," he added.
"The recent outages during scheduled maintenance and connectivity issues have left customers frustrated," Mohideen said, adding that the inconvenience caused despite maintenance typically scheduled between midnight and 7am.
Consumers are often annoyed by auto-dialers that make it difficult to reach the relevant department, especially in urgent situations such as reporting lost cards, he added.
Consumer Choice Centre Malaysia country associate Tarmizi Anuwar said such disruption had happened many times before and is still happening.
"Consumers are frustrated and disappointed because there is no early notification or clear communication from the bank.
"It also interferes and makes it difficult for users to buy and sell, such as ordering food or purchasing goods digitally. Especially now consumers tend to use online banking instead of cash," Tarmizi told Business Times.
To prevent future service disruptions, he said customers want banks to invest in robust IT infrastructure capable of handling high transaction volumes without crashing, which requires regular maintenance and upgrades to avoid system failures.
Customers also expect banks to maintain clear and timely communication during any issues.
This includes promptly notifying customers about disruptions, providing estimated resolution times, and explaining the steps being taken to resolve the problem.
Tarmizi proposed a few proactive measures for banks to consider such as to utilise multiple communication channels (email, SMS, mobile app notifications, website alerts and social media) to promptly inform customers of any service disruptions.
This includes details on the nature of the issue and expected resolution time.
He said banks should publish transparent reports on service disruptions, including causes, impact, response measures and steps taken to prevent future occurrences.
Lastly, having redundant systems in place ensures continuity of service. "If one system fails, another can seamlessly take over, minimising downtime and customer inconvenience," added Tarmizi.
Association of Development Financial Institution of Malaysia secretary general Mohd Prasad Hanif said Bank Negara Malaysia's possible move in implementing penalties for service disruptions can serve as a strong deterrent against such occurrences.
"However, I also believe that banks and financial institutions are already aware of the gravity of this issue.
"Many institutions are diligently working on enhancing their systems by implementing redundant systems and boosting the robustness of their critical infrastructures," Mohd Prasad added.
"This demonstrates their commitment to providing uninterrupted services to their customers; however, while we support the enforcement of penalties, we also recognise and encourage the ongoing efforts of financial institutions to improve their systems," he said.
Responding to queries from Business Times on the possible penalty against FIs, Bank Negara said it will assess the root cause and impact of a service outage before deciding if supervisory or enforcement actions are required.
"The impact of an outage is determined by assessing multiple factors, including the impact on governance or operations; financial; reputation; legal; and safety and security of the relevant stakeholders, which include the financial institution.
"This assessment and further determination of enforcement action is in line with the approach and processes outlined in the recently published Enforcement Approach," said the central bank.
The central bank also has implemented robust policies aimed at ensuring uninterrupted online financial services.
These policies mandate banking institutions to design critical systems with high availability capabilities and redundant components to prevent any single point of failure.
Furthermore, to minimise the risk of prolonged disruptions, these systems must have comprehensive disaster recovery strategies, including secondary sites with equivalent infrastructure, and undergo periodic tests to verify their effectiveness.
In addition to infrastructure readiness, Bank Negara requires banking institutions to maintain an updated IT incident management framework.
This framework ensures swift and efficient responses to any technical issues that may arise, thereby safeguarding the continuity of services.
The central bank said it encourages banks to adopt new technologies and innovations to enhance the resilience of their online service infrastructure, provided they adhere to stringent risk management practices and safeguards.
"Bank Negara continuously reviews and updates its policies to stay relevant and supportive of banking institutions in building stronger resilience for their online services. Moreover, Bank Negara conducts regular supervisory reviews and surveillance to ensure that banks comply with regulatory requirements.
"In cases where compliance gaps are identified, banks are promptly required to remediate these issues. Bank Negara reserves the right to take supervisory actions as necessary to uphold service standards and protect consumer interests," it added.
To maintain transparency and accountability, banking institutions must promptly notify Bank Negara of severe service outages.
Bank Negara also mandates reporting mechanisms for banks to submit operational risk and cybersecurity-related incidents, ensuring comprehensive oversight and management of potential risks to the financial system.