Bank of Maldives (BML) has enabled One Time Passwords (OTPs) for all QR payments as part of its plan to further enhance security for payments through its application. BML stated that the updated Mobile Banking app will allow customers to make Scan to Pay transactions of any amount using an OTP that can be generated via Authenticator, SMS, or email.
BML highlighted that several steps have been taken to protect customers from scams that continue to be prevalent. In December 2022, the Bank enabled authenticator apps to generate OTPs for all transactions processed via the Internet and Mobile Banking to protect customers even if an email account has been comprised. The bank stated that it will continue its efforts to protect customers and will announce further enhancements to its security features at the end of March. It added that scams evolve over time, and advised all customers to be aware of scam tactics and never share personal information.
As such, BML advised customers to always be cautious as the bank will never send SMS with website links. The bank urged customers to refrain from clicking any links even if it looks like it’s from BML. It stated that SMS or calls can be spoofed to seem as if it comes from BML or another trusted party. It also advised customers to not open suspicious texts, pop-up windows, or click on links or attachments in SMS and emails. It noted that an OTP is used as a security measure and warned customers to never share any OTPs they receive.
Additionally, BML advised customers to change their passwords frequently, including their banking password as well as email passwords, and to choose passwords that would be difficult for others to guess. It also urged customers to not save their email or banking passwords on their browsers, as usernames and passwords will be easy to access if their email account is compromised.
Furthermore, BML urged customers to check the website links properly, as secure sites including Internet Banking will always have a lock symbol on the address bar. It further advised customers to never follow links to go to Internet Banking, as scammers can create web pages that look similar to Internet Banking to lure individuals into entering their username and password.
BML further stated that it will send Internet Banking login notifications to their registered email for every login and to change their password as soon as possible if they receive a notification that they do not recognise or if they think their credentials could be compromised.