CIMB boosts customer protection with new biometric authentication on the CIMB OCTO App

19 January 2026

Customers to experience stronger security on transactions

Kuala Lumpur: CIMB has introduced biometric authentication in combination with its SecureTAC approval feature in the CIMB OCTO App. This proactive simple step will add an additional layer of security, ensuring that CIMB’s customers enjoy enhanced safety and secure transactions.

When making a transaction, a request for biometric verification, which currently consists of Face ID (iOS) or fingerprint, will appear after the customer has approved the SecureTAC. Once the biometric verification is complete, the transaction is completed.

The steps to approve a transaction are as follows:

Step 1: Proceed to make your transaction on CIMB Clicks Web. A push notification will be sent to your device with CIMB OCTO App installed and activated.

Step 2: Check your device and tap on the SecureTAC notification.

Step 3: Verify the transaction and tap "Approve" or "Reject" to proceed.

Step 4: When prompted, verify your identity using Face ID, fingerprint, or password.

Step 5: Once verified, your transaction will be approved.

In line with Bank Negara Malaysia’s (“BNM”) directive to strengthen online banking security, the biometric verification is one of the latest measures to help combat financial scams, serving as another layer of security to prevent unauthorised transactions.

The latest security feature joins other measures in the CIMB OCTO App, including the existing SecureTAC function, Lock Clicks ID feature, single registered device for CIMB OCTO and eKYC for first-time app logins.

To ensure a secure banking environment which incorporates the latest security measures, customers are advised to always keep their device’s operating system as well as CIMB OCTO App updated to the latest version. Customers should only download the CIMB OCTO App from genuine app stores such as the Apple App Store, Google Play Store or Huawei AppGallery, and never from links or unknown sources. When changing devices, customers should remove the device from their old phone before performing first-time login (FTL) on a new device.

In addition, customers are reminded to always be vigilant and safeguard their online banking details. Those who detect unusual or suspicious activity or transactions involving their bank accounts should immediately:

• Activate the Lock Clicks ID feature;
• Notify the Bank by calling CIMB’s Consumer Contact Centre at +603-6204 7788 (available 24/7);
• Change their account password/PIN; and
• Lodge a police report to facilitate the investigation.

For more information, customers can visit www.cimb.com.my/securetacfaq