Security​

 

Online safety tips


1. How to bank safely on AmOnline?

Protect yourself and your finances against phishing, fraud, and scams by practicing the following:

NEVERALWAYS
NEVER share your debit card & credit card details, AmOnline username and AmOnline password to anyone, inclusive your immediate family members.ALWAYS change your AmOnline password and Card PIN regularly
NEVER enter above details to phishing website.

NEVER access AmOnline web using public computer or someone else laptop.
ALWAYS ensure the AmOnline URL is “https://ambank.amonline.com.my/web/”.

ALWAYS access AmOnline internet banking from your own personal device
NEVER log on to AmOnline from link shared to you via email, social media (inclusive WhatsApp), phone call or text message. Banks will never share any link for you to log on to your AmOnline
ALWAYS verify the security image is yours whenever you log in

ALWAYS bind your AmOnline account to your own device. NEVER bind your AmOnline account to your immediate family members or friends
NEVER install any AmOnline apk from third party website.ALWAYS download from legitimate stores: Apple App Store, Google Play Store or Huawei Gallery.
NEVER log on to AmOnline from jailbroken / rooted devices or devices running on unsupported OS version. Refer to minimum system requirements to use AmOnline for details.ALWAYS check your transactions & notifications regularly. If you find any suspicious activities or transactions to your AmOnline account, proceed to deactivate your AmOnline access via the "Deactivate AmOnline" function

Click here for more security tips.

2. How do we keep you safe?

  • 24x7 monitoring of suspicious transactions that may be potentially fraudulent by our surveillance team.
  • In the event of any abnormal activity in your account(s), we may contact you to confirm if the transactions are legitimate.
  • To safeguard your account when you bind your AmOnline account to a new device, you will need to serve a pre-defined cooling off period. Refer to “Cooling-Off Period” FAQ for more details.
3. There is a suspicious transaction, what should I do?

If you notice any suspicious AmOnline activities or unauthorised access, DO NOT PANIC! You can safeguard your bank account with these steps:

  1. Go to your AmOnline app or web.
  2. For App, tap on "Kill Switch" then select "Deactivate AmOnline". For Web, click on “Deactivate AmOnline”.
  3. Tell us what happened.
  4. Key in your details and select “Yes, Deactivate” to deactivate.

By doing this, your AmOnline account will be suspended temporarily to protect it from any unauthorised access. Refer to “Kill Switch” FAQ for more details.

4. Why should I keep my registered device with AmOnline safe at all times?

As your registered device is your only device to authorise transactions, receive important notifications, and contains your sensitive financial information, keeping your device safe adds another security layer to protect yourself from unauthorised access and potential frauds.

Here are a few things you can do:

  • Always have the latest version of AmOnline app and device OS.
  • Do not share your password with anyone.
  • Do not click on any suspicious links from messages, emails and websites.
  • Monitor your account balance and transaction history regularly.

 

5. How do I create a strong username?

  • Your username must have a combination of uppercase, lowercase, and numbers with length between 8 to 15.
  • Have different username for each online account.

6. How do I create a strong AmOnline password that is secure?
To prevent unauthorised access to your AmOnline account, refer to DO’s and DON’T’s below:

DODON'T
Create a password combination of
  • Uppercase letters,
  • Lowercase letters,
  • At least a number,
  • At least one special character (e.g !@#$%^&*()-+)), and
  • 10 - 18 characters long
DO NOT choose a password which is the same as your username
Memorise your password
DO NOT choose your name, date of birth or your phone number as your password

Change your password frequently

*Note: AmOnline will remind you to change your password from time to time.

DO NOT share your password with everyone
Create a password that is hard to guess
DO NOT store your password in internet browser
7. How to create a hard-to-guess password?

Your password must have a combination of uppercase and lowercase letters, numbers, special characters (e.g. !@#$%^&*()-+) and 10—18 characters long. Try the following method but do not copy the examples:

Think of a short sentence:

E.g: Running in the rain -> ruNn1ng!n5heR@in
E.g: I love my parents -> 1L@v5paRent$

8. Besides setting a hard-to-guess password, what else do I need to do to keep my account safe & secure?

 

  • Change your password regularly. You can check your last password change at AmOnline app > tap on “More” and you can see the last change of your password.
  • Always verify your security image during login. DO NOT proceed to enter your password if the security image displayed is incorrect.
  • Always use supported mobile OS versions and web browser versions.
  • Do not use third party keyboards.
  • Check your account regularly.
  • You can refer to the most common types of banking scams at Security Alerts at AmBank website.

 

 

 

9. How do I know if I am using supported mobile OS or web browser versions?

The minimum system requirements are:

App:

  • Your device must not be jailbroken or rooted.
  • iOS version 12 and above
  • Android version 12 and above

You can check your mobile device OS version in your phone Settings.

Web:

  • Google Chrome version 109 and above
  • Apple Safari version 12 and above
  • Mozilla Firefox version 115 and above
  • Microsoft Edge version 109 and above

10. If I lost my mobile phone or want to sell my phone, what do I need to do?
We highly recommend you unbind your AmOnline profile at AmOnline web. Log in to AmOnline web > Go to Settings > Select “Sign-In & Security” > Click on “My Device”> Click on “Remove Device” button.
11. Why can’t I perform transactions or change my AmOnline transaction limit?
As part of security control, newly registered AmOnline customers are only allowed to perform transactions up to the pre-defined limit within the pre-defined period set by the Bank.

If you have just bound your AmOnline profile to your personal mobile device, you will need to serve pre-defined cooling-off. This is a security measure to temporarily restrict transactions via AmOnline. Full access will be restored automatically after the cooling-off period has ended.
12. I have just increased my transaction limit, why am I still unable to perform transaction with my new increased limit?
As part of security measure, for any increased transaction limit, you need to serve a 12-hour cooling-off period. Once the cooling-off period is over, you will get notified via push notification and email. Meanwhile you can still transact with your previous limit.
13. Why was my transaction rejected?

To provide you with a seamless and safer online banking experience without having your security compromised, the Bank’s advanced monitoring and surveillance system helps to detect potentially fraudulent activities in your account(s) and device used.


How do we keep you safe?

  • 24x7 monitoring of suspicious transactions that may be potentially fraudulent by our surveillance team.
  • In the event of any abnormal activity in your account(s), we may contact you to confirm if the transactions are legitimate.
  • To safeguard your account when you bind with new device, you can only do your first transaction after 12 hours.
14. How do I make a report if I am a victim of a scam?

If you suspect you have been scammed, immediately perform Kill Switch to deactivate your AmOnline access. Call our contact center at +603-2178 8888 (Monday – Sunday, 7.00 AM to 11.00 PM) to report the case and it will be escalated to our Cybercrime team for further investigation. The team will respond to you on the resolution after the investigation.

Alternatively, you can reach out to National Scam Response Centre (NSRC) and make a police report.

NSRC: 997 (8:00 AM – 8:00 PM, everyday)

Note: Only call the above numbers if you believe you are being scammed. Please avoid making false claims if you are not a victim as it could lead to unnecessary investigations or disruption to the bank or National Scam Response Centre (NSRC).

15. What are the information I need to provide when I call Contact Centre or National Scam Response Centre (NSRC)?
You will be asked for the following information, including but not limited to:

  • Your personal details (name, identification number).
  • Suspicious transaction details (bank account number, transaction date and amount).
  • Why you suspect this is a fraudulent transaction and how did it happen.

Please refer to NSRC website should you require more information.

16. What happens if I am not satisfied with the resolution?
You may call our Contact Centre. Alternatively, you may refer to the Ombudsman for Financial Services (OFS) at +603 2272 2811 or email [email protected].
17. AmOnline App notified me that there is Malware Detected. What does this mean?

If you see this screen, it means we have detected malicious apps (harmful/unsecured apps) on your device, which may put your banking information and online banking security at risk.

This also means you will not be able to use AmOnline until the malicious apps are removed.

18. What do I need to do if I see the Malware Detected message?

You will need to remove all malicious apps before you are able to use AmOnline App again, safely.