Online Shopper Security

Simple Rules to Safer Online Transactions

Always remember these simple rules while Shopping online

  • 1. Keep your Username and Password confidential
  • 2. Do not reveal your Password to anyone. Your Banks or Merchants will never ask for User name or Password for any reason.
  • 3. Do not write down your Password or use it when someone can see it.
  • 4 .Do not choose a password that is easy to guess such as your ID, telephone number, identification number or birth date. Also, avoid using repeated or sequential numbers like 111111 or 654321.
  • 5 .Change your password often.

Apart from the steps mentioned above, you should also be aware that there are several ways a fraudster can retrieve your Password. These include phishing, hacking, retrieving hard-copy documents, looking over one’s shoulder and loading malicious software for example viruses or trojans into your computer, or installing hardware like keyloggers which are tiny plug-in devices in between your keyboard and your computer that records every keystroke typed on your Keyboard.

  • 1. Always Log Out after your Internet Shopping session
    Always remember to Log Out when you are done, for the same reasons you would remove your ATM card after you have completed all your transactions at an ATM. Just click on the Log Out link on the top right of the screen, or on the left navigation panel.
  • 2. Clear your browser’s cache and history
    A browser usually stores information like images and text on your browser cache memory so that the Internet pages will be displayed faster the next time you revisit the website. If you are using a public PC (Personal Computer), at an Internet cafe for example, we strongly advise you to clear the browser cache memory when you are ready to end your Internet session.

How to clear your cache memory:
Internet Explorer

  • Click “Tools”
  • Select “Internet Options”
  • Click “General”
  • Select “Temporary Internet Files” and click “Delete Files”
  • Click on “OK” to save your settings

  • 3. Don’t save your  ID and password
    Some browsers store and list possible matches from words or entries that you have typed previously. You can prevent any  and passwords from being stored in your browser by deactivating the function before you begin your Internet session.

How to deactivate the function:
Internet Explorer

  • Click “Tools”
  • Select “Internet Options”
  • Click “Content”.
  • Select “Personal Information” and click “AutoComplete”.
  • Uncheck “User names and passwords on forms” and click on “Clear Passwords”.
  • Click on “OK” to save your settings

  • 4 .Don’t give out your personal information
    Do not share your password. Our staff and administrators will not ask for your password. Do not be duped by e-mails or phone calls asking you for your password. This is designed to deceive you into sharing your password. As a rule, never share your password with anyone.

  • 5. Secure your wireless network and devices
    Poorly configured wireless equipment may allow malicious entry into your computer directly through the air waves. If you are using a wireless network/device, you are strongly advised to read your instruction manual, or consult the vendors to configure your wireless network/device to ensure adequate security levels.

  • 6. Check your account and transaction history details
    Always check your transaction history details and statements regularly to make sure that all the details are updated and there are no unauthorized transactions on your accounts. Also take note of your last login date and time whenever you login to RHB Bank to make sure that there has not been any unauthorized access.

  • 7. Protect your computer from malicious programmes
    Besides destroying important information on your computer, some viruses and malicious programmes such as Trojan Horse may capture your password without your knowledge. These programmes are often disguised as normal files. To avoid getting infected, you should:
    • Never download any file from questionable websites (programmes, games, pictures, etc) or people (e.g. email attachments).
    • Never use features in your programs that automatically get or preview files.
    • Install a personal firewall and virus detection software. You should also update your software frequently.
    • Disable the preview mode in your email programs.

Use 3D Secure for your Credit Cards.

What is 3D Secure?

Benefits & Privileges
Most Banks in Malaysia has adopted the international standard of MasterCard and VISA International to make transactions on the internet more secure. MasterCard® SecureCode™ and Verified by VISA is a password-based  authentication and authorization by a cardholder for credit card transactions on the internet.

How to Register

  • 1. Register with your Bank Credit Card provider for 3D Secure services, or inquire more information regarding this matter. 3D Secure which is an enhanced online shopping security feature.
  • 2. Then Register your Credit Cards during online shopping.
  • 3. Finally, you may use your secure code during online shopping.

Why is it safe?
This free service comes with 2 features to assure you that your transactions are authenticated by your Bank Providers.
1. Personal greeting
Your self-created personal message will appear each time you purchase on the internet at participating merchants. This personal message is your assurance that you are dealing directly with your bank.
2. Password protection
You will be creating your own password (alpha-numeric); to ensure only you can use your credit card on the internet.

Frequently Asked Questions on 3D secure.
MasterCard® ‘SecureCode’ & Verified by Visa (‘VbV’)

  • 1. What is ‘SecureCode’ & ‘VbV’?
  • SecureCode & VbV is a service to enhance your existing MasterCard & Visa account provided by RHB Bank Berhad. A private code means added protection against unauthorized use of your card when you shop at participating online retailers.

  • 2. How does ‘SecureCode’ & ‘VbV’ work?
  • Once you’ve registered and created your own private SecureCode & VbV, you will be automatically prompted by RHB Bank Berhad 3D Platform at checkout to provide your SecureCode & VbV each time you make a purchase with a participating online merchant.

    RHB Bank Berhad 3D Platform quickly confirms your SecureCode & VbV and then your purchase is completed. Your SecureCode & VbV will never be shared with the merchant. It’s just like entering your PIN at an ATM.

  • 3. How does ‘SecureCode’ & ‘VbV’ protect me?
  • When you correctly enter your SecureCode & VbV during a purchase at a participating online merchant, you confirm that you are the authorized cardholder and your purchase is then completed.

    If an incorrect SecureCode & VbV is entered, the purchase will not be completed. Even if someone knows your credit card number, the purchase cannot be completed without your SecureCode & VbV at a participating merchant.

  • 4. What card do I use? Will I need to get a new card to use ‘SecureCode’ & ‘VbV’?
    You will be able to use any of your existing MasterCard & Visa credit cards, as long as the cards are from RHB Bank Berhad.

  • 5. How many cards can I register with ‘SecureCode’ & ‘VbV’?
  • We encourage you to register all of your MasterCard & Visa cards. There is no limit on how many cards you can register.

  • 6. Can I use ‘SecureCode’ & ‘VbV’ from any computer?
  • SecureCode & VbV works with most browsers. Because there’s no special software to install, you can shop from any computer and still receive the added protection afforded by SecureCode & VbV.

  • 7. What happens when my card expires or my billing information changes?
  • RHB Bank Berhad will automatically update this information in your profile.

  • 8. What happens if I cancel my existing card then get a new one with a different account number?
    You will need to register the new card for SecureCode & VbV. Simply return to the registration site, and complete the registration process with your new card.

  • 9. How do I know whether a merchant participates in ‘SecureCode’ & ‘VbV’?
  • Most participating merchants will display the SecureCode & VbV logo on their site. However, even if you don’t see the SecureCode & VbV logo, the merchant may still be a participant and you will be prompted to provide your SecureCode & VbV.

  • 10. How will the online merchant know that I’m registered for ‘SecureCode’ & ‘VbV’?
    When you use a card that is enrolled in the SecureCode & VbV program at participating online merchants, the merchant automatically recognizes your MasterCard & Visa card number during the transaction.

  • 11. What happens when I use my SecureCode & VbV at a participating merchant?There is no need to login or sign in. When you make a purchase at a participating merchant and enter your registered MasterCard or Visa payment details, you will automatically be prompted by RHB Bank Berhad 3D Platform to enter your SecureCode or VbV.

    After reviewing the details of your purchase and confirming that your “Personal Assurance Message (PAM)” is correct, simply type in your SecureCode or VbV to complete your purchase.
  • 12. What is a Personal Assurance Message (PAM)?
    he Personal Assurance Message (PAM) is a message that you create during sign-up. Each time you make an online purchase at a participating merchant, you will be prompted to enter your SecureCode or VbV. At this time, you’ll see your PAM and other purchase details. The PAM is your assurance that you are communicating with RHB Bank Berhad 3D Platform.

    If the PAM displayed in the pop-up box is incorrect, you should not enter your SecureCode or VbV, but should instead contact Customer Care Centre immediately by calling the phone number on the back of your enrolled MasterCard or Visa card, to report a possible fraud.

  • 13. What are the Secret Question and Answer?
  • If you forget your SecureCode or VbV when making an online purchase, you will be supplied with your Secret Question. If you then supply the correct answer, your purchase will be completed. Once your purchase is completed, you should visit the registration site, click on the “Forgot SecureCode/VbV” link and follow the subsequent instructions.

  • 14. How will SecureCode/VbV change the online purchase process?
  • The online purchase process will not change except that now you will be prompted to provide your SecureCode/VbV during checkout. Your SecureCode/VbV will never be revealed to the merchant during the checkout process.

  • 15. Will I be able to make purchases at merchants that accept MasterCard/Visa but do not participate in the ‘SecureCode’/‘VbV’ program?
    Yes, you will not be asked for SecureCode/VbV during these purchases. You will continue to be protected from unauthorized purchases.

  • 16. If cardholder is residing oversea, how can he/she receives the Access Mailer?Access Mailer will be generated & sent to cardholder’s statement (billing) address only.

  • 17. If cardholder doesn’t receive the Access Mailer, can he/she request it to be sent again to different address?
  • Access Mailer can only be sent to billing address. If cardholder has changed billing address but failed to notify the bank, he/she needs to go through existing Change of Address process, thereafter applies for new Access Mailer once new address already updated in the system.

  • 18. Cardholder has registered 3D Secure but still failed performing online shopping. Why?
  • It could be many reasons & should be dealt case by case. Some of the reason might be insufficient available credit or connection with server is either slow or down. CH may try doing transaction at another time.

  • 19. If cardholder replaced his/her card with a new card bearing different card number, will it be new Access Mailer issued?
  • Yes.

  • 20. Can cardholder register 3D Secure whereas his/her card is yet to be activated?
  • Yes, but cardholder will still not be able to perform online transaction since the card is not yet activated.

  • 21. What should cardholder do if his/her SecureCode or VbV was exposed to 3rd party?
  • Cardholder is advised to temporary block/disable his account. Meanwhile cardholder is to change the SecureCode/VbV at website and once done, to call CCC back to unblock/enable.

  • 22. For new credit card application, will cardholder receive any Access Mailer?
  • Yes, Access Mailer will be automatically generated for a new card application after the 3D Secure launching date.

  • 23. Is there any possibility that cardholder receives more than one Access Mailer?
  • Yes, if cardholder has more than 8 cards since one Access Mailer can accommodate to only 8 cards. The 9 th card onwards will put into another Access Mailer. However it can also use the first mailer to register 3D Secure as access details will be the same.

  • 24. Will Supplementary cardholder receive any Access Mailer?
  • Yes, Access Mailer will be issued separately under Supplementary names but will be sent to Principal’s mailing address.

  • 25. Why need 3D Secure if cardholder is not a type of person who used to purchase through the internet?
  • We still encourage cardholder to register for all of his/her cards because if any fraudulent case happen, we afraid that the liability will go to him/her. (However we will still take it case-to-case basis if cardholder is so persistent that he/she didn’t do any internet transaction).

  • 26. What are the possibilities that 3D Secure registration failed?
  • The reason might be due to invalid name / ID entered during registration process. Cardholder is to use his/her name as per plastic data in Cardlink (PCIH screen) or simply cardholder’s embossed name on the card. System will also reject ID with space in between, with dash symbol, etc.

  • 27. Secured Code and Personal Assurance Message (PAM), can they be the same?Yes, SecureCode/VbV can be the same as PAM. But for security purposes, cardholders are not encouraged to use the same SecureCode/VbV for PAM.

  • 28. If cardholder does not register 3D Secure at RHB website, will the merchant’s website prompt him/her to register while he/she is performing online purchase?
  • Yes, if the merchant is also under 3D Secure compliance. If not, the website will not prompt out.

  • 29. What if a cardholder received a torn Access Mailer or suspected it was already read by someone else?
  • It is still safe because Access Mailer does not indicate all information or details about card number and the Access ID. Card No will only be indicated such as 5400XXXXXXXX1001. Access ID will only be stated like “last four digit of your IC No”. In order to register to 3D Secure program, details embossed on card & access details as per access mailer is needed.

  • 30. How many times cardholder is allowed to enter the Secured Code while purchasing online?
    ardholder is allowed to try for 3 attempts, if wrong code entered after the 3rd time, it will automatically be blocked for 24 hour. However cardholder still have option to use another card to proceed with the purchase if he/she remembers the correct code