Security
Online safety tips
Protect yourself and your finances against phishing, fraud, and scams by practicing the following:
NEVER | ALWAYS |
NEVER share your debit card & credit card details, AmOnline username and AmOnline password to anyone, inclusive your immediate family members. | ALWAYS change your AmOnline password and Card PIN regularly |
NEVER enter above details to phishing website. NEVER access AmOnline web using public computer or someone else laptop. | ALWAYS ensure the AmOnline URL is “https://ambank.amonline.com.my/web/”. ALWAYS access AmOnline internet banking from your own personal device |
NEVER log on to AmOnline from link shared to you via email, social media (inclusive WhatsApp), phone call or text message. Banks will never share any link for you to log on to your AmOnline | ALWAYS verify the security image is yours whenever you log in ALWAYS bind your AmOnline account to your own device. NEVER bind your AmOnline account to your immediate family members or friends |
NEVER install any AmOnline apk from third party website. | ALWAYS download from legitimate stores: Apple App Store, Google Play Store or Huawei Gallery. |
NEVER log on to AmOnline from jailbroken / rooted devices or devices running on unsupported OS version. Refer to minimum system requirements to use AmOnline for details. | ALWAYS check your transactions & notifications regularly. If you find any suspicious activities or transactions to your AmOnline account, proceed to deactivate your AmOnline access via the "Deactivate AmOnline" function |
Click here for more security tips.
- 24x7 monitoring of suspicious transactions that may be potentially fraudulent by our surveillance team.
- To safeguard your account when you bind your AmOnline account to a new device, you will need to serve a pre-defined cooling off period. Refer to “Cooling-Off Period” FAQ for more details.
- In the event of any abnormal activity in your account(s), we may hold your transaction (transaction will be under ‘Pending Verification’ status) and contact you to confirm if the transactions are legitimate before it is released to the beneficiary.
If you notice any suspicious AmOnline activities or unauthorised access, DO NOT PANIC! You can safeguard your bank account with these steps:
- Go to your AmOnline app or web.
- Tap or click on "Kill Switch" > "Deactivate AmOnline".
- Tell us what happened.
- Key in your details and select “Yes, Deactivate” to deactivate.
By doing this, your AmOnline account will be suspended temporarily to protect it from any unauthorised access. Refer to “Kill Switch” FAQ for more details.
If you’d like to block your credit card or debit card too, please do so before “Deactivate AmOnline”.
As your registered device is your only device to authorise transactions, receive important notifications, and contains your sensitive financial information, keeping your device safe adds another security layer to protect yourself from unauthorised access and potential frauds.
Here are a few things you can do:
- Always have the latest version of AmOnline app and device OS.
- Do not share your password with anyone.
- Do not click on any suspicious links from messages, emails and websites.
- Monitor your account balance and transaction history regularly.
- Your username must have a combination of uppercase, lowercase, and numbers with length between 8 to 15.
- Have different username for each online account.
DO | DON'T |
Create a password combination of
| DO NOT choose a password which is the same as your username |
Memorise your password | DO NOT choose your name, date of birth or your phone number as your password |
Change your password frequently *Note: AmBank encourages you to periodically update your AmOnline password for better account protection. | DO NOT share your password with everyone |
Create a password that is hard to guess | DO NOT store your password in internet browser |
Your password must have a combination of uppercase and lowercase letters, numbers, special characters (e.g. !@#$%^&*()-+) and 10—18 characters long. Try the following method but do not copy the examples:
Think of a short sentence:
E.g: Running in the rain -> ruNn1ng!n5heR@in
E.g: I love my parents -> 1L@v5paRent$
- Change your password regularly. You can check your last password change at AmOnline app > tap on “More” and you can see the last change of your password.
- Always verify your security image during login. DO NOT proceed to enter your password if the security image displayed is incorrect.
- Always use supported mobile OS versions and web browser versions.
- Do not use third party keyboards.
- Check your account regularly.
- You can refer to the most common types of banking scams at Security Alerts at AmBank website.
The minimum system requirements are:
App:
- Your device must not be jailbroken or rooted.
- iOS version 15 and above
- Android version 12 and above
You can check your mobile device OS version in your phone Settings.
Web:
- Google Chrome version 130 and above
- Apple Safari version 17 and above
- Mozilla Firefox version 131 and above
- Microsoft Edge version 130 and above
- Opera version 114 and above
- Samsung Internet version 24 and above
- Huawei Browser version 15 and above
If you have just bound your AmOnline profile to your personal mobile device, you will need to serve pre-defined cooling-off. This is a security measure to temporarily restrict transactions via AmOnline. Full access will be restored automatically after the cooling-off period has ended.
In the event of any abnormal activity in your account(s), we may hold your transaction and contact you to confirm if the transactions are legitimate before it is released to the beneficiary. With the buffer time provided before the transaction is released, you may have the opportunity to identify the transactions that were not authorised by you.
For all transactions conducted on AmOnline, you will receive a status update via push and email notifications. Additionally, you can review your transactions by filtering the ‘Pending Verification’ status in Recent AmOnline. If a transaction is under ‘Pending Verification’, our operation support team will contact you to verify the details before proceeding with its release.
This means we have detected malicious apps on your device.
You will need to remove all malicious apps stated on the screen before you are able to use AmOnline App again.
Yes, you may continue using the AmOnline App. However, please be aware that by doing so, you acknowledge and accept the potential security risks that may arise.
For your safety, we highly recommend removing any unofficial apps from your device and installing apps only from trusted sources such as Google Play Store or Huawei AppGallery.
To protect your sensitive banking information, AmOnline App blocks screen mirroring and recording features. This helps prevent unauthorized access or capture of your personal data.
If you suspect you have been scammed, immediately perform Kill Switch to deactivate your AmOnline access. Call our Contact Centre to report the case and it will be escalated to our Cybercrime team for further investigation.
The team will respond to you on the resolution after the investigation. Alternatively, you can reach out to National Scam Response Centre (NSRC) and make a police report.
You will be asked for the following information, including but not limited to:
Your personal details (name, identification number).
- Suspicious transaction details (bank account number, transaction date and amount).
- Why you suspect this is a fraudulent transaction and how did it happen.
Please refer to NSRC website should you require more information.
You may call our Contact Centre. Alternatively, you may refer to the Financial Markets Ombudsman Service (FMOS) at +603 2272 2811.