The Bank of Maldives (BML) has enabled One Time Passwords (OTPs) for all QR payments.
BML said it is part of its plan to further enhance security for payments through its mobile application.
The bank had previously set a limit of MVR 750 for transactions made using QR to make Scan to Pay. However, the bank has removed the limitation by enhancing the QR payment feature with an OTP.
The updated BML Mobile Banking app will allow customers to make Scan to Pay transactions of any amount using an OTP that can be generated with an Authenticator, SMS, or email.
Several precautions have also been taken to protect customers from scams that continue to be prevalent.
In December 2022, the bank enabled authenticator apps to generate OTPs for all transactions processed via Internet and Mobile Banking to protect customers even if an email account has been compromised.
The bank also assured that it would continue its efforts to protect customers and announce further enhancements to its security features at the end of March.
Due to the evolving nature of scams, the bank has urged all of its customers to be aware of scam tactics and cautioned against sharing personal information with anyone.
BML advised customers to always be cautious of the following:
- BML will never send SMS with website links. Even if the message looks like it is from BML, customers are advised not to click on any links and refrain from entering details. Calls or SMS can be "spoofed" to make it seem like they are coming from BML or any other trusted party.
- Not to open suspicious texts, pop-up windows, or click on links or attachments in SMS and emails.
- Never share any OTPs with anyone else since it is a security measure.
- Change the banking and email passwords frequently, and choose passwords that will be difficult for others to guess.
- Customers are advised not to save email or banking passwords on their web browsers (such as Google Chrome). In case the email account is compromised, saved usernames and passwords on the web browser will be easy to access.
- Checking website links properly; secure sites, such as Internet Banking, will always display a 'lock' symbol in the address bar. Never follow links to go to Internet Banking. Scammers create web pages that look similar to Internet Banking to lure customers into entering their usernames and passwords.
- Checking notifications because BML sends Internet Banking login notifications to the customer's registered email address for each login. Customers are advised to change the password as soon as possible if they receive a notification that they do not recognise or if they think their credentials have been compromised.