5 Steps to Maintain Your Banking Security and Privacy

20 November 2025

Advances in financial technology have brought tremendous convenience to society. Almost all banking activities, from fund transfers and bill payments to investments, can be done with just one touch. Behind this convenience, however, lies a new threat in the form of cybercrime targeting bank customers.

A common method of online fraud is social engineering followed by phishing, where the perpetrator pretends to be a bank employee and asks you to provide personal and banking information. The perpetrator then sends an SMS, WhatsApp message, or email containing a link that directs you to a fake website that looks similar to the bank's official website in order to steal your personal and banking information. This method is increasingly sophisticated and difficult to distinguish from official bank communications.

What are Social Engineering and Phishing?

Social engineering is a psychological manipulation technique to get you to voluntarily provide personal and banking information. Perpetrators usually pretend to be trusted parties such as banks, government agencies, or e-commerce companies and send messages that appear official.

Phishing, on the other hand, is usually carried out by sending fake links via SMS, WhatsApp, email, social media, and even fake online advertisements with the aim of stealing confidential data such as account numbers, One Time Password (OTP) codes, Transaction Authorization Codes (TAC), Secure2u Passcodes, PINs, 3-digit card numbers (CVV/CVC), User IDs, and Passwords.

A common example is phishing via SMS, where the perpetrator sends a message such as:

““Your transaction of IDR 5,000,000 has been successful. If this was not you, click the following link to cancel the transaction.”

Messages like this are deliberately designed to make the victim panic and immediately click on the link. Unbeknownst to the victim, they are redirected to a fake website resembling a bank login page and asked to enter their user ID, password, or One Time Password (OTP). Once the data is entered, the perpetrator can easily access the victim's account and withdraw their funds.

This phenomenon highlights the importance of safeguarding personal and banking data to prevent financial information from falling into the wrong hands.

Characteristics of phishing messages:

1. Contains suspicious links, and is not from the bank's official domain.
2. Requests banking data such as One Time Password (OTP), Transaction Authorization Code (TAC), Secure2u Passcode, PIN, 3 digits on the card (CVV/CVC), User ID and Password.
3. Contains threats or panic, such as your account being blocked.
4. Uses the logo and name of a bank or other institution.
5. Messages are sent from personal numbers or unofficial email addresses.

By recognizing these characteristics, you can avoid social engineering and phishing traps, and protect your personal and banking data from crime.

Why Are Banking Security and Privacy So Important?

Personal data is the most valuable asset. Data leaks can have widespread impacts, ranging from account hacking and identity theft to cross platform fraud.

5 Effective Steps to Maintain Your Banking Security and Privacy

To maintain the security and privacy of your banking, here are five effective steps you can take to protect yourself from various forms of online fraud:

1. Never Share Personal Data

   Information such as account numbers, One Time Password (OTP) codes, Transaction Authorization Codes (TAC), Secure2u Passcodes, PINs, 3-digit card numbers (CVV/CVC), User IDs, and Passwords are confidential. Never share them with anyone, even if they claim to be from the bank.

2. Use Official Channels for Every Transaction

   Make sure you always log in through the official website or application, not from links sent by other parties. Double-check the official website domain.

3. Be Wary of Suspicious Links and Messages

   If you receive a message or email that contains and asks you to take immediate action, stay alert and do not click on the link right away. Take the time to check its authenticity. You can contact Maybank Customer Care, or if you have previously communicated with your Relationship Manager or Personal Financial Advisor, you can ask them about the authenticity of the message.

   In addition, delete suspicious messages so they cannot be misused in the future. You can also report this to the bank so that the bank's anti-fraud team can take preventive measures.

4. Take Advantage of Digital Security Features

   Maybank provides various features to help protect your digital banking transactions, including:

   • Real-time transaction notifications
   • Two-step verification, namely user ID and password or biometrics when logging into the M2U ID App/Web, as well as the Secure2u passcode when making transactions.
   • Daily transaction limits to minimize losses in the event of misuse.
   • Blocking of cards and M2U ID App customer user IDs.

   By utilizing this feature, you can detect suspicious activity more quickly and protect your banking privacy more effectively.

5. Regularly Update Your Application and Password

   Always use the latest version of your banking application. In addition, change your password regularly using a combination of uppercase letters, lowercase letters, symbols, and numbers.

   Avoid using passwords that are easy to guess, such as birth dates, pet names, or simple number combinations.

Get to Know Maybank Indonesia's Official Channels as a First Step to Prevent Fraud

One of the most important steps in maintaining security is to ensure that you only interact through Maybank Indonesia's official channels. Avoid accessing unverified websites, applications, or social media.

Here is a list of Maybank Indonesia's official channels:

Website: www.maybank.co.id

Mobile Banking: M2U ID App (download from the Play Store or App Store)

Maybank Customer Care: 1500611 or +622178869811 (from overseas)

Email: customercare@maybank.co.id

Sosial Media:

• Instagram: Maybankid
• Facebook: Maybank
• X: @MaybankID

Maybank never requests personal data, OTP (one-time password), PIN, or passwords via SMS, email, or telephone. If you receive a suspicious message, immediately contact Maybank Customer Care for further verification.

Maybank Indonesia's commitment to protecting personal data

Maybank Indonesia is committed to continuously improving the security of its digital systems and educating customers to protect them from various types of financial crime. Through cooperation between customers and the bank, we can create a convenient and trusted digital financial ecosystem.