This issue keeps popping up and given the widespread usage of ABA among us expats and the widely varying tech knowledge, I thought this thread could act as a repository for either basic or more advanced information on security and personal protocols when using the App. If you are the type who is quite oblivious or unconcerned to the risks or one of the very savvy ones about such issues, post your views and practices.

I will kick off with a couple of things I have done recently. The opening screen used to display the overall balance, which is on show to anyone within 10 feet if the have sharp enough eyesight. You may need reading glasses (I do), but most do not, so be aware of who is close by. If an opportunist thief sees a big fat balance while you are paying your bar bill, you could become a target. If you use a PIN (see below) to execute payments, and they see that too, then you have been compromised and all they need is your phone.

It does have a blanking function and I have now changed it to be obscured. However, once you go further into the accounts or payments section, the account balance shows up again and there seems to be no way to keep that concealed. This seems to be a risk without a fix.

If you do have a healthy balance with regular transfers every three months or so to keep you going for 3 months, consider opening a short-term mobile savings account. It can be done with the app and is very easy to do. They start at 1 month duration and as little as $100. As far as I know, if you want to close and empty those deposit accounts before their maturity, that requires a branch visit, so this adds a strong level of security. Make sure the account is a "close at maturity", not a "rollover principle" otherwise you will have to go in a close the account yourself. The interest rate is pretty low, but it's better than the basic account so look at it as being paid for getting far better security: Win-Win.

The PIN v Fingerprint is a big one. Nobody can see your fingerprint, but if you are drugged they could possibly get it. But this is a rather fanciful scenario, and on balance a fingerprint is much less likely to be compromised than a simple 4 digit PIN that can be overlooked and memorised. What does everyone else think?

It would be useful for people to share what they do to protect themselves and others might be surprised at how wide open they are leaving themselves. Maybe me too...

It's also simple to open another account within the APP and transfer a small amount to that and use that for payments. That way if anyone sees your balance they may feel sorry for you and actually give you some money!

I did that last year and I got an account number which is my phone number, for free!

Also, you can set up a secret word for large transactions that you set the limit. Unless you send large amounts regularly theres little chance of someone viewing that word.

Hold your phone under your shirt when typing in the PIN so no one can see it.

I had some weird transaction paid into my account last year of $0.01 and a comment saying "Sorry bong, I paid by mistake. Can you send back?" I was a bit confused so went through my transactions and there was another for $290 from the same person, "Visa renewal refund". Never even noticed it and I don't have notifications enabled, as they annoy me!

Anyway, I paid it back and she sent another $0.01 with a comment "So thanks very much, I was scared!".

I use the comments section all the time. Usually to send rude messages to sister or my wife.

khmerhamster wrote: ↑Wed Jan 17, 2024 11:54 am

YaTingPom wrote: ↑Wed Jan 17, 2024 11:41 am I had some weird transaction paid into my account last year of $0.01 and a comment saying "Sorry bong, I paid by mistake. Can you send back?" I was a bit confused so went through my transactions and there was another for $290 from the same person, "Visa renewal refund". Never even noticed it and I don't have notifications enabled, as they annoy me!

Anyway, I paid it back and she sent another $0.01 with a comment "So thanks very much, I was scared!".

I use the comments section all the time. Usually to send rude messages to sister or my wife.

I had that too, sometime last year. A mystery transaction for over $700. Followed by several small transactions with messages in English and Khmer asking to transfer back.

I was suspicious so I just ignored it - I wondered if it was something scammy so just left them to sort it out with ABA. ABA then called me to explain and said they would freeze the amount. They asked me to come into a branch to sign something to agree to give the money back.
I told them to sod off, they can take the money but if they wanted me to sign something then they could come see me at my convenience. They called me back several times over the next few weeks and I gave the same response. Finally they gave up, decided the signature wasn’t that important and the money left my account.

I was concerned that there would be some way to reverse the initial payment once I had ‘refunded’ them (a bit like a bouncing cheque). There probably isn’t - but I wasn’t taking the chance. So just left them to contact ABA to resolve.

With the general lack of attention to detail from Khmer folk, I guess this accidental transfer resolution is a full time department in ABA.

So did you refund them in the end?

There's now a message saying transfers on the transfer page, and when you are about to press send, are non refundable. So I guess it happened so many times it was/is causing them headaches. In other words, once you send payment you have to visit them and plead with them to contact whomever you sent it too...so those messages aren't entirely correct!

I've disabled fingerprint login, so it's PIN for me every time. My ABA PIN is different from my phone PIN, and my phone PIN is long, so if someone just overlooks me entering the ABA PIN, it is worthless for them unless they can get their hands on my phone while it's unlocked. As a general remark, it's a good idea to have different passwords or PINs for different things, to keep any compromise isolated.

I second the suggestion to set a reasonable limit for requiring the "secret word", so that you never need to enter it while out in public.

Nowadays I use a separate ABA debit card that has a low limit for "tap and go" payments. My original reason for this was that I often had trouble with my internet connection at Aeon Mall's supermarket. But it's also nice not having to whip out my phone and enter my PIN in a busy checkout lane. While I do realize that debit cards with NFC tap and go functionality are easily compromised, having a separate card with a low limit mitigates that risk sufficiently in my opinion. It's the convenience factor for me more than anything else.

Alex wrote: ↑Wed Jan 17, 2024 12:28 pm I've disabled fingerprint login, so it's PIN for me every time. My ABA PIN is different from my phone PIN, and my phone PIN is long, so if someone just overlooks me entering the ABA PIN, it is worthless for them unless they can get their hands on my phone while it's unlocked. As a general remark, it's a good idea to have different passwords or PINs for different things, to keep any compromise isolated.

I second the suggestion to set a reasonable limit for requiring the "secret word", so that you never need to enter it while out in public.

Nowadays I use a separate ABA debit card that has a low limit for "tap and go" payments. My original reason for this was that I often had trouble with my internet connection at Aeon Mall's supermarket. But it's also nice not having to whip out my phone and enter my PIN in a busy checkout lane. While I do realize that debit cards with NFC tap and go functionality are easily compromised, having a separate card with a low limit mitigates that risk sufficiently in my opinion. It's the convenience factor for me more than anything else.

That's good advice, I need to beef up security.