Banks moving away from SMS OTP
All of the banking apps in Malaysia now require device binding (phone binding) to do 2nd level banking transaction authorization replacing SMS OTP/PAC/TAC which are less secure. This means that to open the app the device (phone) has to be registered 1st into the app. Device binding in bank apps ensures that only authorized devices can access your account. This enhances security by preventing unauthorized access.
The Public Bank flavor of device binding is called Public Bank Secure Sign aka PB Secure Sign.PB Secure Sign is a two-factor authentication system offered by Public Bank in Malaysia. It strengthens the security of online and mobile banking transactions by requiring registration, activation, and biometric verification, ultimately safeguarding customer accounts against unauthorized access. The Maybank equivalent is Secure2U.
I recently just changed my handphone and had to register the PB Secure Sign on the new phone. The final activation required activation at the ATM machine using my debit card. As most of my transactions are now conducted using eWallets, I barely require the need to carry cash anymore and hence I misplaced my debit card. I could not activate PB Secure Sign. I figured I would have to go to the Public Bank branch to get a replacement debit card done.
When I went to the bank branch I was informed that PB Secure Sign can just be activated without having my debit card but it has to be done via branch with an IC biometric verification. The whole process took only 5 mins and there was a 12 hour cooling off period before I could use PB Secure Sign to authorized all my Public Bank online banking transactions. Just to be safe, it's better to go back to account originating branch to do the PB Secure Sing activation. In addition what I know is PB Secure Sign cannot be activated using phone and email support.