After Bank Negara (BNM) declared war against financial fraudsters, all the major banks started heeding to Bank Negara's directive to do away with SMS OTP and switch this feature to their in Mobile App authentication.
SMS OTP replies on phone SMS which was invented decades ago before there was the Internet. It never was designed to be secure as it was only designed for messaging and notification which was considered a non security related activity.
The main issue with SMS OTP is mobile applications (rogues apps) can be configured to read the messages and also SMS OTP can be easily spoofed/faked by rogue parties (eg scammers).
In the very near future, all transaction confirmations will come from within the individual bank's mobile app, its sometimes known as in app authentication or push notification. All OTP/TAC/PACs will come from within the mobile banking app (eg Maybank2U, CIMBClicks, Pbebank). The only confusing part is different banks call it differently. Gen Y,Z should not have trouble transitioning to this in app authentication mode, but baby boomers will likely struggle a bit to these changes. Finally the other somewhat inconvenient issue is in app authentication also is slightly slower than SMS OTP.
Maybank calls it Secure2u, CIMB Bank calls it SecureTAC and Public Bank calls it PB SecureSign.
