i have question here related to Paypal transaction fraud....

Can we disable "non 3D transaction" (the one that doesn't require OTP like paypal) on our debit card to prevent case like this???

Good to know that. Thanks bro. But still, remember the time when it was compulsory to change all normal card to debit card. I think if we did not tell them to deactivate the debit card feature, it will automatically activated once we changed it right?

One of my friend had tie his debit card to Google for verification half of year ago, CIMB did blocked it and sms inform whether enable non TAC transaction or not.

So ya, it should have disabled long ago, but somehow they enabled it back as default?

Or it could be the Paypal payment gateway at MY, so CIMB enable/allow by default, which causing this issues.

No use since police usually don't do anything. That's mostly correct to most people

But many agency still needs the police report done to build up the statistics. If only you can make police report online.

In the end, BNM said, no police report, nothing had happened, no one lost their money. For agency like BNM to actually make an official report saying CIMB screwed up in 2018, they need to be based on something, like the police report, the MCMC report, the TTPM cases, etc.

So make those police reports. Then, next year BNM can publish official report, CIMB screwed up in 2018. This much CIMB customers/account holders lost this much money. Also this much customers confirm/testify can login with incorrect password. In order for agency like BNM to acknowledge that CIMB screwed up is official reports by customers, that is police reports and the likes.

Even though bank customers knows they have been wronged by the bank, without official reports, BNM can only say officially no customer has been wronged by bank, because no reports were filed by the customers.

No official report, nothing had happened according to government agency. You know how Malaysia is, sometimes they are too rigid and fixated on formalities.

You need to set pin in order to activate it. It's compulsory for debit and credit card, any bank.

We do what we think is right...

For me, police might or might not able to help but there is a higher chance to recover or backup if you report to police for any fraud case.

Thanks for the clarification. You've been most helpful. 👍

You want police report, i give you later

At police station now

This is one of the sms received. The available and current amount not tally and match the sms deducted amount

yea bro, make police report then go cimb change debit card. your card is being circulated among cyber criminal. show cimb staff the police report and ask for free change.

Just finish police report, yesterday transfer all available amount to other bank. Wait refund and will close the acc for good

btw did this go to other paper n tv media?
as far as I know astro news never mention this at all

Just finish police report, yesterday transfer all available amount to other bank. Wait refund and will close the acc for good

i have no fckin idea why i'm still getting Invalid User ID or Password [CLK00619] every single time try to change pw

already adhere to their instructions
- >8 characters
- alphanumeric, 1 upper, 1 lower, 1 special character
- not userID or secureword
- no consecutive number/character

i'm fckin pissed.. changed my own acc pw so easy, but for my mum's dunno y so hard

This is not necessarily the case. What the Javascript is doing is encrypting the password for transmission. If you read the code, it also does the same thing for username. You might ask.. why? Its to protect against sniffing or mitm attacks. This way even if an attacker sniffs out your traffic, its not obvious what your actual plaintext username/password is. They can still replay the request to get in, but at least they don't know what your actual username/pass is.. which you might be using for other sites as well.

The backend could then just decrypt the value, then run it through a different hash/encryption algorithm to check against the DB.

The stupid thing about CIMB was having a max limit on password length. Even now it doesn't make sense that its limited to 20 chars, if you're encrypting/hashing passwords the max length shouldn't really matter.

could it be existing password issue? friends had similar issue and they said if existing PW longer than 8 chars, when changing password, try using only first 8 chars

calm down first bro, old password put only front first 8 characters

own acc passed xmungkin other cannot

I changed yesterday and today tak ada masalah pun.

Any sample of the password you intend to change to?

Thanks you two!

oh man.. been trying to change the pw since yesterday.. why cimb never mentioned need to put first 8 character only in the old password box