Maybank Common Login Service – 2 Banks, 1 Name

Yes I did it!

I finally got the common login service working!

Thanks to the nice branch lady in Damansara Jaya branch who was patient with my convoluted request (ugh forgot name liao…). The availability of this service turns out to be one of the most complicated application process I’ve go through.

There are a potential market of 1 million people like me, Malaysia, work in Singapore, remits money back. Maybank is one of those banks who came and say – hey, you can hold a Maybank Malaysia account and still do internet banking friom Singapore in you have a Maybank Singapore account. Turns out that these two Maybanks are so autonomous, that operationally they are completely separated. Someone actually had to build a authentication broker between them to enable such a service.

And thus the complicated thing began. I opened a Maybank Malaysia account several months ago, then when I came back to SG, I opened a Maybank Singapore account. That was the easy part, except the fact that I couldn’t get a hand phone number registered in Malaysia (the number of boxes in the form couldn’t fit +65) for OTP – One Time Password. They gave me a fall back – use the phone banking facility to call a 03 (Selangor – not toll free) number to get OTP. Fine. After that, following a number of instructions on the Maybank Malaysia website I arrived on Maybank Singapore’s website, asking me to submit some weird form for application to this common login service.

Fine, fill in all sorts of funny detail submit. Waited for 3 months (they say wait till customer service get back) – in fact totally forgot about it. Then one fine day, realize that they haven’t come back to me, I try the same process again. The screen looks slightly different (requesting an extra OTP step) but nevertheless the eventual “wait for customer service to call” is the same.

Voila!~ They called back the next day. The cheerful guy said: “Me from Maybank Singapore, your Maybank Malaysia account got problem.” Right – and what kind of problem? “No idea, you ask Maybank Malaysia.” Right – you’re both Maybanks and all you get is a generic error status from the other side?

Fine, it’s almost Chinese New Year, knowing that phone customer service is going to cost a bomb calling from Singapore, so I decided to go home. Visited the branch and luckily I found someone who understands the problem (after talking to a few). The lady got in touch with the main support team and found out that: My Maybank Malaysia Internet Banking has been deactivated.

Ah that’s nonsense! I couldn’t get my handphone registered in the first place – because it’s a Singapore number (with a phone banking fall back). That’s why there’s no activities for 3 months! And now they tell me that I gotta login to Maybank Malaysia (maybank2u.com.my) every 2 to 3 months to “prevent that from happening”. Alamak bullshit! This is just an account for remitting money that will be useful maybe once every 6 to 12 months – for what I login every 2 to 3 months?

Nvm, cancel the Internet banking and reapply from the ATM. Done. Went home, go through the same process again (apply from Maybank Singapore) and wala! Service is off at night! ARGH – where got Internet Banking turn off after midnight one… People who rely on Internet Banking is precisely because their lives are so busy that they can’t go figure out all these chores in the day. They only logon when they are home and done with the day’s job. Nvm, 忍.

After a long and arduous drive back to SG, I quickly make use of the available time before dinner to go through the process: Login on SG, confirm with an OTP, click on MY, request another OTP, get a Confirmation Code, login to MY, request another OTP, click enable the common login service. And even as I became an expert at this process, I have to give it 2 or 3 go, because the OTP and confirmation code step doesn’t seem to agree (maybe the OTP propagation from one bank to another is slower than my typing – the nuance is needed from one end to agree with the other).

Now I can just login to one side, and see the other side.

Coming from a system architecture perspective, I thought this is one of the most ridiculous cross authentication ever designed. It’s not that it’s “wrong”, OTPs for 2FA (2 factor authentication), and passing of nuance from system A to system B etc. are all “correctly” designed, but the definition of the “system” is totally wrong – to be including the customer in the picture.

The main problem stems from a lack of a central authority, and common 3rd party that they trust – so they end up trusting the customer as the resource to pass information back and forth. After all, it’s the customer’s account right? If they can’t pass it back properly, or their phone was hijacked by another person, the bank can’t be held liable at that point right? Oh ya – that dreaded OTP is a requirement in S’pore but not in M’sia, but the dongle thing doesn’t exists in M’sia – what a perfect chance to confuse people even more!

What would have been a cleaner process and easier process is to make one side the “authority”. A simple gesture like, fill up the form after logging in to Malaysia side (since there’s no OTP), and “agree” with a single OTP from Singapore side, or just logging in to Singapore side normally and clicking on a “I agree” link. The respective authentication process and mutual trust should be handled in the backend. Human beings should also be cut out of the registration process – totally redundant! Unless you’re telling me that you do background checks on the accounts (Whoa, too much money this guy, cannot let him move money out of SG…)

Anyway, I believe all these “can be better” suggestions are ultimately business decisions. Just keep the customer service quality that I’m experiencing and I’ll still be a happy money launderer, powered by 2 Maybanks. Muahahahaha…