Good point, TS pls explain.

So what is the problem with the captchcha thing?

Then got card numbers leak?

reCaptcha is already quite a common thing, lah.

https://m.facebook.com/story.php?story_fbid...100000339018919
Original post..that one i post is feedback from other case.but similar

ok, ran through their page, apart from the recaptcha, nothing else to worry about.

and for the record, using recaptcha on a bank login page is plain dumb.

Recently a exploit involving Paypal payment gateway was shown in some videos.

Either their data is compromised by their own carelessness on website or data breach at seller side like the Starwood issue.

But many water fish just blame it on banks and make malicious fitnahs.

This shows the general public lack of common sense to determine the reliability of the information and knowledge of the basic issue.

#donedakwah

Ok.maybe nothing to do we recaptcha.but many report unauthorized usage from paypal

one more thing is for the app...if u put your password and any numbers or letters after it....you would still be able to login...i've tried myself

plus the weird placement of recaptcha is kinda throwing people off

really? someone is so fired

Yup. Also, CIMB limiting their password to only 8 characters, it's plain dumb.

Other countries already using 2FA for banking transaction, but Malaysian banks still use Mobile Number authentication. Just a ticking timebomb considering how easy it is to hijack a number..

Called the call centre. They say the recaptcha is a recent enhancement and that it's indeed the original CIMBClicks page. Also checked about the phone number +603 6204 7788 which they say is legit.

Number is legit but alot number spoofer using this number

the person must have had link his bank info to paypal and had his paypal info hacked or something. you dont need tac if you are paying using paypal

But seems only C*** is always being affected? I dun see other banks kena that much.

most likely leak card info

but how do they get around the registration of card into paypal is another story, as far as i know, paypal charge you with a code number in the description, and you can only get that code via your statement. after input the code only can link.

its not that you can input any text after your pass, most people didnt realize this but before this cimb only can input 8 character as password, really dumb but i think since this month only they allow for more characters as password. made me scratched my head a bit when it happen, last2 i just input first 8 character then walla. all this while i thought it was capturing my full password even during regeistration

This post has been edited by feiraron: Dec 16 2018, 11:01 PM

Instead of recaptcha, they should follow what UK banks doing. 2FA. But problem is that could be too complicated for users to set up the first time. Recaptcha is to identify bots. What about real humans? I don't think recaptcha is relevant for a banking website.

I'm using HSBC UK's 2FA. Really powerful. But is a pain to set up for the first time.

This post has been edited by jimmyktp: Dec 16 2018, 11:00 PM