BML enforces additional security for QR payments


Bank of Maldives (BML) has enabled One Time Passwords (OTPs) for all QR payments.

The bank said that this was done as part of its plan to further enhance security for payments through its Internet and Mobile Banking applications.

According to BML, once updated, the BML Mobile Banking app will allow customers to make Scan to Pay transactions of any amount using an OTP. The OTP can be generated using an Authenticator application, SMS, or by email.

BML had earlier placed an MVR 750 limit on QR Scan to Pay transactions while putting a daily limit as well. However, with the integration of OTP, the bank has removed the QR transactional limit.

In December 2022, the bank enabled authenticator apps to generate OTPs for all transactions processed via Internet and Mobile Banking. This was done to protect customers even if their email accounts have been compromised.

BML’s advice and instructions;

  • BML will never send SMS with website links. Even if the links look like they came from BML, customers are advised not to click on any links and not to enter their details. SMS and calls can be ‘spoofed’ to make it seem like it comes from BML or other trusted parties.
  • Do not open suspicious texts, pop-up windows, or click links or attachments in SMS and emails
  • Never share the OTP with anyone
  • Change passwords, including the banking and email passwords, more frequently and choose passwords that are difficult for others to guess
  • Do not save email or banking passwords on the browser. In case of the customer’s email account becoming compromised, the saved usernames and passwords can be accessed
  • Check website links properly. Secure websites such as the BML Internet Banking site will have a ‘lock’ symbol on the address bar.
  • Never follow links to go to Internet Banking since scammers can create web pages that look similar to Internet Banking and lure customers into entering their usernames and passwords.
  • Check notifications properly. BML will send Internet Banking login notifications to the registered email for every login.