Following a spate of malware scams last year, MAS instructed the banks to harden security protocols for their phone banking apps, in order to protect those who had more cash than common sense.
That was the general directive, at least. The actual execution was left to the banks, and my goodness has it been farcical.
OCBC set things in motion back in August 2023 with a poorly-communicated rollout that creeped out its customers and flagged many legitimate apps as dangerous, but they were just the first out of the clown car. In the months that followed, we saw an outbreak of just-do-somethingitis, where banks decided it would be better to roll out half-baked measures that inconvenienced customers and drove them crazy, rather than be seen to be doing nothing.
Who can forget HSBC’s big brain moment, where they concluded that the best anti-malware approach was to automatically crash the app, without warning, if it detected any alternate keyboard or accessibility permission? *chef’s kiss* Never mind those permissions could actually be required for benign purposes, such as screen readers for the hard of seeing!
The list goes on. Maybank doesn’t work if it detects developer permissions. Citi and OCBC refuse to work if your phone is connected to Android Auto. Oh, and if you’re overseas and need to sideload a region-restricted app (like those needed for EV charging), better hope you brought a spare phone to ringfence it, or there’s no ibanking for you otherwise.
The problem isn’t just the obsession with policing your phone. It’s that whenever an issue arises, getting it resolved is a nightmare for customers. I’ve just run into another app-breaking problem today with OCBC (who else?), and apparently I’m not alone.
OCBC “remote administration tools” error
The OCBC banking app on my phone was working perfectly fine until this morning, when I started getting an error message chiding me for having “remote administration tools” installed.
Now, my phone isn’t rooted. I only download apps from the official Google Play store. I have no alternate keyboards. So I had no idea what OCBC was talking about.
It would be one thing if told me which app offended its delicate sensibilities. It’s another when it expects me to guess and check, uninstalling any recently downloaded apps and praying each time that I’d found the right one.
I honestly had no idea what was getting its knickers in a twist, and systematically ran through the rest of my banking apps: American Express, BOC, Citibank, DBS, HSBC, Maribank, Maybank, Standard Chartered, UOB. Not one of them had issues with my phone; it was just OCBC that didn’t work.
Actually, correction. OCBC’s Business Banking app worked just fine. Basically, OCBC considered my phone too insecure for consumer grade banking, but seven-digit MEPS transfers? Bring it on!
Trial and error got me nowhere, so I picked up the phone to call OCBC- only I couldn’t. It was 6.30 a.m, and they don’t offer non-fraud support between 12 a.m and 8 a.m because this issue, apparently, is not urgent enough to warrant immediate attention. Heaven help you if you have important banking matters to settle late at night!
I finally got hold of a customer service officer, who told me what I already knew: there was some app on my phone which OCBC didn’t like. But as to what exactly that was, his guess was as good as mine.
He asked whether I had any screen sharing apps like TeamViewer or Zoom. I told him I had Zoom, and he said I’d have to uninstall it.
I said that Zoom was important for work, to which he said something along the lines of “oh don’t worry, you can just uninstall it when you need to use the OCBC banking app, then reinstall it when you’re done.” Ah, smart nation.
I highly doubted that Zoom was the issue, because it hadn’t caused any trouble up till now, but played along. Sure enough, uninstalling it didn’t fix the issue.
He then asked me if I had TikTok (no) or any mobile games (also no). He asked me to go to my settings and search for something called “remote administration tools” (which didn’t exist), and asked if I could send a screenshot of all my apps (with 255, that might prove challenging). Finally, he said what I was expecting from the start: that he’d need to call me back.
It was frustrating, but obviously not his fault. OCBC sets their staff up for failure in this respect, because the error messages are so generic that they’re poking around in the dark as much as we are.
I got a call back later that afternoon, where the CSO asked whether I had an app called Instant Heart Rate or Droid VNC installed (both no). He also mentioned that I wasn’t the only one reporting this; apparently OCBC had done some “value-added services” (his exact words) today which involved an “anti-scam scan” of phones to find apps with screen sharing functions.
Long story short, I’m still waiting for a resolution. Luckily, my funds are spread out over a few different banks, so losing access to my OCBC account, while annoying, isn’t an emergency. I imagine it could be very different for others.
And therein lies the problem. The rollout of these anti-malware measures has been so scatterbrained and haphazard that a given list of apps can be perfectly fine with one bank, yet trigger a five-alarm fire with another. And given how vital the app is to managing your bank account, your funds are essentially frozen if it throws a tantrum.
Conclusion
Banks like to toot their own horn about how much has been saved due to anti-malware measures, but what’s left unsaid is how much has been lost because of their overzealousness. You can’t exactly measure the cost of lost productivity and user inconvenience, after all. And whenever anyone questions them about this, it’s all too simple to churn out a motherhood statement like “anti-malware measures are required because customer security is of utmost importance to us” and brush the issue aside.
For the record, I have nothing against well-conceptualised ideas that strike a balance between protecting the vulnerable and minimising inconvenience to the general public. The “money lock” features, for example, are great initiatives that should have been introduced a long time ago.
What’s happening with the banking apps now is far from well-conceptualised. It feels like a patchwork of solutions, each more paranoid than the previous, and at some point we have to ask: is the cure worse than the disease?
I would never put a dollar in this garbage bank.
Buy an iPhone!
actually, at this rate it might be the only solution…
Login via desktop?
login via desktop requires approval via ocbc banking app. ocbc banking app requires…
Faced exactly the same issue. Their FB team (after giving a 1 star on play store) even had the audacity to ask me to send the list of ALL the apps I have.
wait in line with the aunties/uncles at ocbc branches hahaha
fixes security at expense of user experience. poorly executed update by their team.
I had a similar exasperating experience with UOB a few nights ago, where the call centre was unable to reach the IT Fraud desk from 9:30pm onwards. The error message received was “Your request was detected as unusual. For your security, it was not processed. Please call xxxxx”. This came after a 12-hour cool off period when I added a new payee in the morning. So on top of making me wait out a 12-hour cool off period, the bank felt it necessary to add additional “unusual pattern” detecting measures, and then not have IT people around to handle it… Read more »
I’ve had 2 brushes with OCBC lately, in particular being locked out of my account and being unable to contact the customer after 6pm.
Calls to their service hotline typically puts me on wait for at least 30mins.
Yes, I have multiple banks, so thankfully I’m not deadlocked to this one. But plenty of banks in Singapore, why stick with a bank that springs such nasty surprises with your money?
Closing my OCBC account this week….
I want to put in my two cents, coming from the other side of the fences. From the consume’s perspective, you are frustrated by the inconvenience. But the reality is, with AI, the amount of scams and fraud are insanely high. Banks are filing hundreds of suspicious transactions and thousand of recalls. If these controls are not in place, imagine the number of frauds that would have taken place. This is a losing battle to banks. Loose controls, more scams. Tighter controls, more customer complaints. I recently had to change my phone and need to reinstall everything. Ironically, I am… Read more »
But see, reducing it to a binary choice between inconvenience and someone emptying your account is a false dichotomy. The alternative to draconian app controls is not scammers robbing granny blind. There are sensible things that can be done like money lock that don’t involve policing your phone.
You should have a second phone (an Iphone) that contains ONLY banking Apps. And that phone is best left at home in a secure place, so that it is not easily misplaced or lost with all the issues that can also cause.
I hope you are being sacarstic…
ocbc and it’s garbage Bos are the embarrassment of our nation, despite the blowing of trumpets in public by sone LinkedIn posters
long story short, go get urself an iPhone!
I was having the exact same issue today. CSO was unable to provide any details. Kept asking me about Droid VNC, and was suggesting to just factory reset my phone.
It turned out Fake GPS is causing the detection (which is not a remote administration tool).
I work in cybersecurity, so I’m all for good security controls, but this is just a rubbish implementation that probably wasn’t properly tested.
Rubbish all round. Trying to pay my OCBC credit card bill but with the recent update the app keeps crashing.
If this doesn’t go through in time and they refuse to waive the late fee, I will take out all my money from my 360 account and cancel the card.