Team, While Im login into Cimbclicks... A notice popup with content
-------------- To provide the best service to all our CIMB Clicks customers, whilst remaining ahead of the game, it’s imperative that we make CIMB Clicks a safer internet banking alternative. We shall be introducing CIMB Clicks Transaction Protection sometime in January 2011 to reduce the risk of fraud through a non-invasive user experience. As a user, based on the risk level, you may be asked for some additional information before completing a transaction; either through CIMB Clicks or by our Call Center agents with the purpose of ensuring that you’re actually the person who’s conducting the transaction. However if we find the risk level far too high, there will be cases whereby your transaction gets rejected (currently this feature is only applicable to Western Union transfers). On the right are the scenarios that you may encounter whilst transacting : --------------- My opinion with this approach Its can still be manipulate. 1) SMS can be clone or customers do not know the real SMS numbers 2) Call can be done from any phone numbers. How we can verified its from cimb? How we can to verify? Google has the ways of verifying by sending SMS or voice call soon after we click the verify button. at the end, customers need to be inform and brief. _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
