CONSUMER PROTECTION FOR ONLINE BANKING SCAMS VIA E-MAIL IN MALAYSIA

The new advancement in technology both hard and soft is creating new opportunities for cyber criminals. It is an effective tool for going against the law. In the economic sector, the number of Malaysians opting for online banking to do transaction is increasing. There are 9.8 million online banking account holders in Malaysia. However, cases of online banking scams in Malaysia have been increasing since such fi rst case was registered in 2005. Statistics from Financial Mediation Bureau showed that the number of cases had increased. Therefore, the objectives of this paper are to identify cyber scams via email in online banking business model and to examine consumer protection of online banking scams in Malaysia.


Introduction
In line with the increasing use of the Internet as a business tool, the case of cyber crime from time to time shows an increase.Financial and cyber crimes are the most common crimes committed in Malaysia. 2Statistics from Financial Mediation Bureau (FMB) showed that the number of cases had increased from only 46 in 2008 to 163 in 2010. 3It means the crime have jumped nearly four times for only 2 (two) years period.
Modus operandi of the scams begins with the way to send email spam to consumers.The e-mail will state that receivers need to log in immediately and to update their contact information for security purposes.Those who fall prey for these scams are usually new Internet banking account holders and those who lacked a general understanding of Internet security and they are not aware that such scams exist.
The trap was to trick Internet banking account holders into revealing their online banking username and password.They use fake banking websites, known as "phishing" sites to try and trap the account holders.This fake websites are used to mislead users into logging in by entering their usernames and passwords, which are immediately copied by the creator of the site.The cyber criminal then can log in and withdraw the users' entire account.
The highlight issue in this situation is that the victim of online banking scam could not compensate for their losses.Thus, customer protection on online banking in Malaysia is still vulnerable.In this situation, the local bank will refuse to offer a refund. 4This case will be associated with how the protection of consumers that can be anticipated by the bank, so that the consumers are not harmed by the crime.
In this regards, there are very complicated legal cases in the use of the Internet as a business tool today.Legal efforts should be made to get customer money back which is caused by the weakness of the electronic transaction system in online banking.There were 163 cases last year, but only 51 victims managed to get part or all of their money back.5

Methods/Approach
This paper uses legal research with multidisciplinary research approach through the analysis of legal rules under Malaysian Law.

A. Cyber scams via email in online banking business model
In line with the growth of Internet usage, Internet crime is also growing rapidly.Internet usage has created a lot of problems such as people are tricked into providing personal information such as credit card numbers, passwords, Mother's maiden name, bank account numbers, ATM pass codes and social security numbers.In this situation, virus protectors and fi rewalls do not catch most phishing scams because they do not contain suspect code, while spam fi lters let them pass because they appears to come from legitimate sources. 6 this situation, cyberspace allows facilitating stolen identities activities.The stolen identities can be used to unauthorized access; it refers to a scenario in which a person accesses data that he or she has not been given permission to access. 7Furthermore, the data can be used in many other crimes.In the fact, it is also sometimes diffi cult to investigate and to differentiate between authorized accesses and unauthorized. 8eoretically, computer crimes will always involve some type of "computer-security breach".It is not synonymous with "computer crime".Those breaches are typically categorized as follows (or something very similar): 9 Privilege escalation, Malware (Trojan horse, virus, worm, logic bomb, root kit, etc), Phising, Social engineering, Session hijacking, Password cracking and Denial of service.While, computer crime is generally broken into categories that emphasize the specifi c criminal activity taking place rather than the technological process used to execute the attack.Such list would be similar to the following: 10 identity theft, cyber stalking/ Harassment, unauthorized access to computer systems or data, and non-access computer crime.
Identity theft is the process of obtaining personal information so that the perpetrator can pretend to be someone else.This is often done in order to obtain credit in the victim's name, leaving the victim with debt. 11The U.S. department of Justice defi nes identity in this manner: "Identity theft and identity fraud" are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain". 12ile, the Oxford English Dictionary defi nes "identity" as "the set of behavioral or personal characteristics by which an individual is recognized.In this regards, the meaning of identity theft is to be distinguished from identity crimes those offenses committed using the stolen personal or business identifying information or "identities."Thus, the conceptual relationship between identity theft and identity crime is that the former facilitates the latter.
There are some legal problems which are identifi ed as cyber scams activities via email in online banking business model, as follows:

Email Scam
Nowadays, cyber criminals via email scams is a kind of modus operandi by sending out millions of e-mails to users, often including advertisements for services and/or products with malicious viruses.The fi rst spam e-mail appeared in 1978, but the frequency and maliciousness of spam have increased dramatically.Today, e-mail provider organizations report that as many as 85-90 percent of all e-mails are spam. 13urprisingly, it has been estimated that the response rates to this kind of spam e-mail range from 0.5 percent to 4 percent. 14This fact is disturbing, given the frequency with which the phishing attacks are unleashed.Furthermore, Symantec (2007) reports that in the fi rst half of 2007, its software blocked over 2.3 billion phishing messages. 15 2008, it was full of stories of cyber criminal activities all around the world, with hackers, spammers, and phishers causing chaos, and, in some cases, confusion on computer systems and consumers, causing credit and debit fraud numbers to soar.Experts and law enforcement offi cials worldwide who hunt down cyber crimes state that scams increased in the last half of 2008, as criminals took advantage of economic uncertainty and unease to attack both consumers and businesses. 16 this situation, fraud is becoming part of cyber activities.No wonder what are logic rules behind every crime pattern but the end result is fi xed which means their only fi nancial gains. 17Thus, fraud is able to be part of computer crime which is very easy to do in cyberspace.It is very diffi cult to control this crime because it is conducted easily anywhere and anytime.Thus, it can also capture victims worldwide.
Once the account details are disclosed, the cyber criminal will use them fraudulently to enrich himself/herself. 18This crime model called "phishing", which it is a short form of 'password harvesting fi shing' and refers to a particular method of online identity theft.
As the Internet usage in the country grows, the total number of online transactions along with other activities is likely to increase.It is in line with the increasing number of online crime incidences.Growth in broadband and wireless capacity makes the Internet more convenient and quicker to use.Unfortunately, these utilities could be used as means for increasing cyber crimes.
It is worrying, according to International Data Corporation (IDC) survey in Malaysia, the number of Internet users will increase to 18.5 Million and number of online spending will increase to 10.5 Million by 2012.As per survey of International Data Corporation (IDC) in 2007, the overall e-commerce spending in Malaysia was US$22.3 billion which is expected to get doubled by 2012. 19e problem of insuffi cient awareness about cyber security among Malaysians surfi ng on the Web continues to pose a big challenge.For example, some users do not own a distinct password while many are not updating their security software. 20Therefore, it is hardly surprising that online crimes involving banking fraud and phishing rose 619% in 2008 over 2007.21

Typo squatting
This crime is using strategy of likelihood of confusion of a similar domain name.Generally, this modus operandi will use the link to email spam which has been sent to the victim.Consumer will "click" automatically the domain name address which appears at email spam.It is very diffi cult for the victim to dedicate this because it has a design similar to a legitimate online fi nancial institution.Thus, frequently Internet banking becomes the easy target of cyber crime.
Besides, the crime modus is quite unique and victims are often not aware of it.Crime perpetrators create a nearly identical site to the site of potential victims.For example, a website address http://www.balicash.commay be faked with an address http://www.balikas.comor even http://www.balicash.netor similar name.It is almost hard to see the difference.In this situation, the typosquatter will register a fake domain name which is designed to make typographical errors when accessed by consumer.
When registered, the automated system does not review for similarities in domain names.Consequently, the system computers would automatically register both "businessclient.com"and "business-client.com"as two completely different domain names. 22herefore, it is very important for the trademark owner to register their trademarks as domain name.
In searching of website address through "search engine", this crime will involve the scenario through 'mouse trapping', where expects Internet users will make mistakes misspelling when typing website.In this regards, domain name infringement by cybersquatters weakens the fundamental trademark principle of consumer protection by permitting ruthless competitors to benefi t from the mark holder's good will and reputation. 23 this situation, typosquatting can be easily created top-level domains such as .com,.netand .orgdomains.Everyone may name a site whatever they like as far as the domain is not yet owned by somebody else.It is more dangerous if this case is done in online banking activity.Typosquatter aims to get fi nancial information, which will be used to perform illegal transactions.For example, in 2001 there was a case in Indonesia on Internet banking of the Bank Central Asia (BCA) site, www.klikbca.combeing duplicated with 5 (fi ve) similar domain names.
The illegal website appears on similar site with the original one.This caused the User PIN and Password number to be recorded at the site.Unfortunately, this case was settled via alternative dispute resolution due to the absence of a specifi c regulation in cyberspace at the time in Indonesia.Perhaps this scenario could be equated to the principle of legality which is a fundamental rule in criminal law that nothing is a crime unless it is clearly forbidden by law.24

Phishing Scams
Due to such similar domain names, perpetrators may create a website which is similar to the original website.Fake banking websites, known as "phishing" sites, to try and trap the account holders. 25The websites are used to mislead users into logging in by entering their usernames and passwords, which are immediately copied by the creator of the site.The cyber criminal, then can log in and empty the users' entire account in minutes if the amount is within the limit allowed to be transferred in a day.Users do not know if the website that they have accessed is fake website with similar Domain name.
The email sent would appear as if it came from a legitimate source such as a trusted business or fi nancial institution.It includes an urgent request for personal information usually invoking some critical need to update an account immediately.Consumer who unsuspectingly will automatically "clicked on" the link provided to fake banking website.
The links included in phishing scams take the unsuspecting person to a fraudulent website designed to mimic the real thing, often down to the smallest detail including copyright notices, submenu titles and so on.It's virtually impossible for most people to tell they are the target of a phisher by looking at the site alone. 26In this regards, many Internet users especially beginners, tend to believe everything they read in his/her e-mails inbox and become easy prey to cyber criminals out to steal their personal and fi nancial information.
Accordingly, foreign banks, especially those in Eastern Europe and Brazil, have applied more technologically based, radical measures to secure their online banking operations; it is indicated that, as a result, almost 100 percent of Brazilian Internet banking depends on secure website protocols and uses two personal identifi cation log-in requirements. 27n September 2007, Deloitte surveyed 169 worldwide fi nancial institutions on operational security and reported that standard, basic security measures such as encryption, access control, and network security are insuffi cient at protecting banking and fi nancial institutions' online operations.The survey determined that 27 percent of respondents had become victims of security breaches in their international operations in 2007. 28rthermore, according to Norton's report recently, "up to 83 percent of Internet users in Malaysia have fall victim to cybercrimes". 29hishing-related crimes can be particularly diffi cult to investigate for a number of reasons.First, victims are often unaware a crime has been committed until long after it has occurred.Second, skilled identity thieves know how to hide their tracks.Moreover, they will conduct the phishing operation only for a limited time and then shut it down. 30

B. Consumer Protection of Online Banking Scams in Malaysia
Legislation, investigations, and the prevention of identity theft can take different approaches, depending on the type of the identity stolen.Thus, to mitigate and prevent identity thefts requires that each type of identity be clearly delineated: personal, business, and overarching. 31In other words, personal identity theft is the unauthorized acquisition of another individual's personally sensitive identifying information. 32Personal identity crime itself is the use of such information to obtain credit, goods, services, money, or property, or to commit a felony or a misdemeanor. 33ajor trends affecting the security issue in banking and fi nancial institutions in emerging/developing countries are: (1) the increased complexity and coverage of technology; (2) the expansion of the number of fi nancial institutions utilizing cutting-edge technologies; (3) the steady increase in the number of cyber users, especially in conducting fi nancial transactions; and (4) the lack of laws dealing with cyber crimes. 34 this situation, point (3) is very dominant because it the cause of increasing security issue in online banking.Thus, it shows how crucial it is to protect consumer in electronic fi nancial transaction.
It is to be noted that over 700 international e-commerce web sites were examined by The International Marketing Supervision Network (IMSN), an organization consisting trade practices law enforcement authorities of 25 countries.The outcome of the research is the following:35 1.
More than half businesses failed to outline their payment security mechanisms 2.
62% provided no refund or exchange policies 3.
78% failed to explain how to lodge a complaint 5. 90% failed to advise customers which law is applied in their transactions 6.

25% showed no physical address
The outcome of the above research shows that there is a very high risk for consumer to do transaction in online banking model.Large number of consumers fi nds it diffi cult to claim the refund of their money because most of the online banking system has no refund and privacy policy.Furthermore, the most problem is that the bank failed to advice customers which law is applied in their transactions.
Therefore, there are two main approaches to protect the consumer from online banking scams via email.There are legal and regulatory (external approach) and consumer behavior (internal approach).

Legal and Regulatory (External Approach)
Legal and regulatory approaches play important role to provide consumer protection.According to Sonny Zulhuda, there are two approaches available in protecting online consumers namely: 36 a.
Legislative Approach: By drafting and enacting a comprehensive legislation on consumer protection in the electronic commerce.b.
Self-Regulatory Approach: By drafting a model code or guidelines on e-commerce consumer protection to be adopted by e-commerce entities and consumer associations.
The author here has identifi ed some legal and regulatory approaches in Malaysia which could be applied to protect consumers in the cyberspace.

Protecting Consumer for Email Scams
The number of cyber criminals via email scams should be considered by regulators because the crime modus operandi is changing rapidly.Today, Personal Data Protection Act 2010 (PDPA) has regulated the processing of personal data in the context of commercial transactions by data users, and providing a safeguard for the interests of data subjects.However, this Act has not regulated personal data for email scam.Thus, this Act has not protected consumer fi nancial data for email scam specifi cally.
Generally, this Act has some principles which are able to protect consumer's personnel data in cyber space.Disclosure principle said that "No personal data shall be disclosed without the consent of the data subject, be disclosed the purpose for which the personal data was to be disclosed at the time of collection of the personal data. 3736 Ibid.37 See sec 8(1) Personal Data Protection Act 2010.
Furthermore, this Act apply security principle that provides: "A data user shall take practical steps to protect the personal data from any loss, misuse, modifi cation, unauthorised or accidental access or disclosure, alteration or destruction". 38In regards to unauthorised access, it is a very important issue in e-mail scam.It can be done after the perpetrator successfully copied all of the victim's personal fi nancial data.
Unfortunately, the victims never recheck whether the e-mail is spam or not.However, in the context of online banking activities, this Act provides personal data protection for unauthorised access and misuse into customer's bank account.This section is very important to protect personnel fi nancial information because unauthorised access to the customer's banking system allow a perpetrator to do identity theft activity, and then it can facilitate identity crime.
In unauthorised access context, Computer Crimes Act 1997 has regulated the secure access to any program or data held in a computer.Section 5(1) provides that: "A person shall be guilty of an offence if he does any act which he knows will cause unauthorized modifi cation of the contents of any computer."Thus, this section is important in providing protection of consumer fi nancial information which is caused of modifi cation of the contents of any computer.In this crime model, a black hat hacker (cracker) would be very dangerous because they can penetrate the computer systems of banks and then he/she is not only able to steal customer data but also is able to modify consumer data.Thus, these can be used for criminal activity.Therefore, this Act can be applied to combat computer crime on hacking activities.
However, these Acts should be harmonized with Consumer Protection Act 1999 because it has not been set up specifi cally on email scam.This Act focused more on consumer protection in traditional transaction.The Consumer Protection Act 1999 just regulates the safety standard in relation to goods relating to the performance, composition, contents, manufacture, processing, design, construction, fi nish or packaging of the goods. 39In other words, this legislation is only to provide basic protection for 38 See sec 9(1) Personal Data Protection Act 2010.39 See sec 19 Consumer Protection Act 1999.consumers.Furthermore, section 2(2)(g) provides "This Act shall not apply to any trade transactions effected by electronic means unless otherwise prescribed by the Minister." 40 electronic transaction context, Digital Signature Act 1997 is also very important in the protection of illegal transaction which could be carried out by perpetrators.By using an asymmetric cryptosystem such that only a person having the initial message and the signer's public key from bank who can doing transaction.It means if the identity theft happened, a perpetrator cannot conduct electronic transaction by using "user name" and "password" only.Consumer will get confi rmation fi rst if any electronic transaction before it is executed.
In digital edge, the Consumer Protection Act 1999 should consider the use of biometrics technology.This technology can assist in authenticating an individual's identity automatically, and has several useful applications within Justice and Law Enforcement 41 including fi nancial services law.In this regards, biometric technology has the ability to recognize fi ngerprint, iris, voice, facial recognition, hand, palm or skin.For example the use of fi ngerprint can assist in recognizing authorized account holders of online banking.It can be used in an effort to double security when doing online transaction.Security system which uses card, token or password systems is prone to be stolen or counterfeited.Besides, this system is also used to eliminate telecommunication crime, such as terrorism activities.
In Pakistan, Sim card vendors have been given three months to install biometric technology to confi rm the identity of customers. 42y using biometric technology will produce digital prints which it streamlines procedure to check and cross-reference with multiple databases.This technology is also applicable in analyzing crime scenes, through fi ngerprint capture technology.This technology can capture, with a reasonable degree of accuracy prints and compare them against databases for identifi cation.Thus, this technology provides transaction, data and web security when operating within databases as well as remote access to resources with mobile technology. 43fortunately, there is no specifi c legislation that prohibits the spread of unsolicited email by the recipient based on regulations in Malaysia, although Electronic Commercial Act 2006 has regulated the legal recognition of electronic message. 44In this regards, Singaporean law has regulated specifi cally email spam under the Spam Control Act 2007.Basically, the Act contains the framework for regulating unauthorized electronic messages which are regarded as commercial electronic messages for the purposes of the Act, sent by the traditional method of electronic mail ('e-mail'), text and multimedia messaging to mobile telephone numbers.

Protecting Consumer for Typosquatting
Typosquatting is fraud activity which aims to identity theft through phishing.To combat typosquatting infringement, there is no specifi c regulation in Malaysia.The identity theft activity by using typosquatting strategy is contrary with the business ethics principle.The basic principle of good faith can be applied in this case.It is a universal principle which is generally able to be applied in the tradition of common law system countries.
This infringement is much related to registered trademark infringement.Registration domain name is made in their respective countries.In Malaysia, domain name can be registered under My Domain Register (MYNIC) at www.mynic.net.In this case, MYNIC should fi lter domain name which will register whether the suspect infringes trademark protection principle or not.For example, there is a domain name dispute on case of 'www.ocbc.my'.The fi rst complainant, Oversea-Chinese Banking Corporation Limited, is a prominent commercial bank incorporated in Singapore which has been operating for many years in Singapore and Malaysia.
The second complainant, OCBC Bank (Malaysia) Berhad is the Malaysian subsidiary of the fi rst complainant and the registered proprietor of the website 'www.ocbc.com.my', which it uses to promote its business. 45 the above case, the panel decided in favor of the complainants on two grounds: namely, that the disputed domain name was confusingly similar to the OCBC mark and that it was registered in bad faith.The respondent was ordered to transfer the disputed domain name to the second complainant.The respondent knew that he was appropriating a well-known name in view of the reputation and prominence of the OCBC mark in Malaysia and other countries.Thus, the panel held that the respondent had registered the disputed domain name in bad faith. 46Furthermore, in this case the principle of good faith can be applied because the perpetrator registered a domain name very similar with a well known trademark.Thus, it creates confusion on the part of the consumers to access the legal website.In this regards, crime perpetrators create a nearly identical site to the site of potential victims.Therefore, the typosquatter will register fake domain names to enforce typographical errors by consumers.It weakens the fundamental trademark principle of consumer protection by permitting ruthless competitors to benefi t from the mark holder's good will and reputation. 47It is easy for typosquatters to register the trademark and then connect to "phishing site".
In this regards, Malaysian Communications and Multimedia Commission (MCMC) has important role to control phishing activities.MCMC has a responsibility to regulate communications and multimedia industry.Thus, MCMC can block the suspected illegal websites or violate copyright website.In 2011, MCMC has blocked 10 such website 48 in Malaysia.

Protecting Consumers from Phishing Scams
In fact, identity theft scams via email relates to "phishing scam".It is one of the trends in cyber crimes.The email sent would appear as if it came from a legitimate source such as a trusted business or fi nancial institution, such as online banking.Frequently, it includes an urgent request message for personal information usually invoking some critical need to update their account immediately.In this case, consumers will unsuspectingly automatically "clicked on" the link provided to fake banking website.In this situation, it is hard for the victims to distinguish the fake website and original one.
In this regards, MCMC has an important role to play in controlling cyber activities.By forming Cyber Security Malaysia (CSM), control for phishing site is more effective.Currently, CSM had identifi ed at least 900 unique phishing sites targeting fi nancial institutions in the country, adding that it was quite easy for crooks to obtain personal information, usernames, passwords or credit card information through the phishing websites. 49In fact scams targeting electronic banking have increased dramatically in the country with the number more than doubling over the past years.A total of 1,426 reports were made to CSM 50 last year compared with 634 in 2009. 51ishing Scams will facilitate computer crime through identity theft.The increase of computer crimes must be a signifi cant concern for any law enforcement agency or for anyone responsible for security on any network. 52This is done in an effort to suppress small as possible victims of crimes committed by perpetrators of fraud through email scams.Imagine, more than 4,000 cyber complaints, mostly concerning cyber crimes have been lodged with CSM in the past two years. 53How vulnerable consumer's identity data is.
Therefore, the Malaysian government has a responsibility to give real power to cyber security decision-makers, and alert its citizens and civil servants of the dangers of cyber crime by forming CSM, which reports to the Ministry of Science, Technology & Innovation (MOSTI). 54urthermore, it is also an effective way to protect consumers in electronic transaction by contacting Cyber 999 Help Centre.
Existence of CSM is very important to protect consumer from cyber crime activities.The public can report hack attempts, malicious codes, denial-of-service attacks and intrusion via CSM's website.Cyber 999 is a public service that provides emergency response to computer security related emergencies as well as assistance in handling incidents such as computer abuses, hack attempts and other information security breaches. 55This team is able to provide law enforcement for protecting consumers in cyber activities.
It is important to note that it is meaningless to have plethora of legislation without making internal banking regulation a priority.Therefore, it is very important that all banking and fi nancial services in Malaysia be regulated by its Central Bank, Bank Negara Malaysia (BNM).

C. Consumer Behavior (Internal Approach).
The banking sector environment is especially vulnerable to a wide range of cyber threats.Those in charge of information security have been investing signifi cant resources into the implementation of diverse technologies designed to protect both data and information technology (IT) infrastructure from those threats.All of these investments can serve an important role in safeguarding today's highly IT-dependent fi nancial institutions but, by themselves, they are insuffi cient.However, over reliance on security technology can put a fi nancial institution at risk because a large percentage of information security breaches are in reality the outcome of fl awed human behaviors, rather than hardware or software weaknesses. 58herefore, it is important to combat online banking scams through consumer behavior approach.Online banks should have internal regulatory and security system, such as adding mechanisms whereby consumers can verify that they are visiting the real site.In this situation, banks and consumers need improve their interaction for the sake of protecting consumers in cyber activity.
In this regards, it is very important for banks to provide training and equipping their consumers as BNM required.Banks need to educate customers on their role in maintaining security of banking information and remind consumers of the risks involved in using online banking.Thus, prior to the offering of Internet banking services, BNM requires banks to have a web page to educate their customers on the various issues such as knowledge of the risks involved in using the Internet banking, e.g.risk of 'phishing', advised to read the privacy policy statements prior to providing any personal information to any third party advertisers or hyper text web links, and educating customers on their role in maintaining security of banking information.
In this situation, consumer behavior approach is very important for controlling their emotion when getting "surprising email".Bank should train the consumers not to follow links that have been e-mailed to them before checking the real website.If you receive an e-mail purporting to be from a fi nancial institution, then either call the organization or manually enter the URL you normally use to access your account.Phishing site is professionally designed and diffi cult to identify, especially for beginners in online banking transaction.Therefore, it is very important to avoid clicking on any links provided in the e-mails.
Furthermore, consumers should contact the bank or retailer by phone to verify if the e-mail was genuine because there is no antivirus that can give us 100 % protection for email scams.Therefore, the most effective protection is to develop the consumer right habit.Consumers need to learn and practice these safe surfi ng habits.

Conclusion
In general, this paper identifi ed that cyber scams activities via email in online banking business model are email scams, typosquatting and phishing scams.These scams model will begin from unsolicited email which informs a misleading news of website addresses which is using typosquatting strategy in order to link with the fake website.
It is certain that the fake website contained much well-known trademark infringement.However, the goal is to obtain personal fi nancial information.In this regards, Malaysian laws have regulated consumer protection for commercial activities via various means i.e. traditionally and electronically.However, there is no specifi c regulation on controlling email scams.Thus, development of future legislation of consumer protection should consider making regulation for email spam control.Furthermore, there is also a need to consider the use of biometrics technology for assisting in authenticating an individual's identity automatically.This technology can also assist in recognizing the authorized account holder while using online banking transaction.
All in all, in this paper the author also addressed that consumer protection of online banking scams in Malaysia could be viewed from two perspectives or approaches.These two approaches are legal and regulatory (external approach) and consumer behavior (internal approach).These approaches are interconnected to each other in the protection of consumers.In this regards, protecting consumers through written regulation is insuffi cient.Thus, it is very important for banks to provide training and equipping consumers with enough