Professional Documents
Culture Documents
Tuan / Puan,
Yang benar,
GUIDELINE ON MINIMUM SECURITY STANDARDS FOR CHEQUES
I. INTRODUCTION
1.1 The Guideline on Minimum Security Standards for Cheques (the Guideline)
is issued pursuant to section 70 of the Payment Systems Act 2003.
1.2 The Guideline shall apply to all licensed banks under the Banking and
Financial Institutions Act 1989 and all licensed Islamic banks under the
Islamic Banking Act 1983 (hereinafter referred to as “banks”).
1.3 The purpose of the Guideline is to maintain the confidence of the public in
using cheques as a payment instrument and specifically address the need
for banks to undertake measures that are effective in preventing and
detecting cheque frauds. The Guideline specify the minimum requirements
on banks in relation to their role in paying or collecting cheques drawn by or
paid in by customer, specifically on governance arrangements, security
features on cheques, cheque fraud detection facilities, security
management in cheque printing and consumer protection.
1.4 The Skim Penjelasan Imej Cek Kebangsaan User Manual shall continue to
apply in respect of the banks’ duties and responsibilities as collecting banks
or paying banks.
2. Effective Date
2.1 This Guideline, except for Part III on Infrastructure Standards, shall take
effect on 1 October 2004. Part III of this Guideline shall take effect on 1
January 2005.
Page 1
3. Types of Cheque Fraud
Page 2
3.4 Trained and vigilant staff plays an important part in preventing cheque
frauds. The banks should train their relevant staff to ensure that they are
able to detect fraudulent attempts on the bank’s own cheques and to also
assist in curbing fraudulent attempts on other banks’ cheques. With
respect to cheque processing arrangements that the banks have
outsourced to external service providers, the banks remain accountable to
its customers and should ensure that the external service providers have
effective fraud detection and prevention measures.
4. Responsible Parties
4.1 The board of directors (“Board”) and senior management of the banks shall
be responsible in ensuring that appropriate steps are taken to comply with
this Guideline.
Page 3
iv. establish systems and tools that are capable of monitoring and
detecting cheque fraud; and
v. report to the Board any significant loss suffered by the bank arising
from cheque fraud and report to Bank Negara Malaysia all attempted
and perpetrated cheque fraud.
5.1 Adequate cheque security features can facilitate protection against cheque
fraud. In this regard, the banks shall adopt the following minimum security
requirements with respect to the printing of cheques:
The eligible security features for 5.1 ii to iv are provided in paragraphs 5.3
to 5.5 below.
Page 4
5.3 Primary Ink Security Features
iv. Metameric – these inks are printed in two colours that appear in the
same colour when viewed under a standard light source, but appear
different when viewed under a different light source.
Page 5
tactile or ‘raised’ effect. A latent image (hidden wording) may be
used in larger formats.
ii. Guilloche – this is a free standing fine line design which can be
printed over existing security patterns and may be visible or invisible.
iii. Rosette – this is a free standing fine line design similar to guilloche,
except it is more symmetrical.
iv. Micro Printing – test set in very small letters (usually 0.20mm to
0.30mm in height) that can be easily read by using a magnifying
glass but will appear to the unaided eye to be dashes or lines.
Page 6
vi. Security Pantograph – a design feature whereby a hidden word
appears when the document is photocopied. This design security
feature may not be compatible with Image Capture technology. The
design must not intrude into important data fields.
5.6 The ”printer’s code” shall be printed on the cheque (in small font but
readable) in a vertical position, along the left edge, above the clear band
area of the cheque. The “printer’s code” is a unique reference number or
identifier from which the banks will be able to identify the cheque printer.
Page 7
Coverage
5.8 Where banks are examining the cheques processed on a random sampling
basis, the sampling criteria and methodology must be specified in its
cheque operations manual and reviewed from time to time to ensure that
the coverage is adequate. The senior management is responsible to
ensure that the sampling criteria and methodology is sufficient to mitigate
the risk of cheque fraud.
6.1 The banks shall establish control mechanisms that facilitate the detection of
cheque fraud. The banks shall implement appropriate systems to
complement or assist the staff in detecting cheque fraud by highlighting
suspicious cheques so as to enable the staff to undertake further
verification.
6.2 With respect to high volume cheque issuing customers, the banks shall
implement an automated checking facility that is able to detect differences
or discrepancies in the payee’s name, cheque number and amount
presented for payment against such information on the actual cheque
issued by the customer. For purposes of this paragraph, each individual
bank shall determine what constitutes a “high volume cheque issuing
customer”.
6.3 The banks should consider including in their cheques, machine readable
security features that can be easily detected through devices deployed at
the bank’s cheques processing centers. Such machine readable security
features include-.
Page 8
ii Seal encoding on cheques – seal encoding ‘invisibly’ stores data
such as the name of the payee, amount, account number and
cheque number, which are encoded within the bank’s logo on the
cheque or in another area on the cheque. If someone alters any of
those data on the cheque, such data would no longer match the
data contained within the seal.
6.4 In addition to the measures described in paragraph 6.3, the banks should
consider implementing an Artificial Intelligence System to undertake
“pattern recognition routines”, which can identify cheques that fall outside a
customer’s normal pattern of issuance of cheques to detect potential
attempts of cheque fraud.
6.5 Without prejudice to the above requirements, the banks are required to
conduct verification on the account number and cheque number for all
cheques.
7.1 The banks, through their internal auditors, external auditors or security
consultants are required to undertake an annual review of the appointed
cheque printers and courier service providers, including the review of their
business processes. The annual review of cheque printers shall be based
on the standards specified in paragraph 8.1 below.
7.2 Notwithstanding the requirement in paragraph 7.1, the banks may carry out
the annual review of cheque printers on a collaborative basis through an
accreditation scheme administered by the Association of Banks in Malaysia
(ABM) or amongst interested banks. The annual review of cheque printers
on such collaborative basis (either via the ABM or amongst interested
banks) shall be based on agreed standards set by the participating banks,
which should include the standards specified in paragraph 8.1 below.
Page 9
7.3 The banks shall only appoint cheque printers that are licensed by the
Ministry of Home Affairs. The banks should check on the status of the
cheque printers with the Ministry of Home Affairs from time to time. The
banks shall only appoint or renew the appointment of the cheque printer if it
is satisfied that the cheque printer has put in place adequate internal
control procedures and security measures.
7.4 The banks shall ensure that any cheque printer or courier service provider
that is appointed is given a contract for a maximum of two years.
7.5 The banks, through their internal auditors, shall carry out audits of the
supplies and inventory of cheques that are kept at the banks and at the
appointed cheque printers on a regular basis.
Page 10
details of any customer or the cheque itself cannot be readily re-
constructed.
9.1 The banks shall ensure that their customers are aware of the risks involved
in the use of cheques and the proper control and handling of cheques that
should be practised by the customers. As some cheque frauds are
perpetrated before they are presented to a collecting bank, the banks
should advise their customers on the best practices to safeguard their
cheques and the measures to prevent cheque fraud. In this regard, the
banks shall provide, either in the monthly current account statements or on
the cheque book cover, reminders to their customers on the following
practices:
Page 11
ii. Customers should not use laser printers, felt tip pens, erasable pens
or pencils or other non-impact printing techniques to write details on
a cheque. Where a typewriter is used, customers should not use
correctable ribbons. Customers should always use permanent ink
pen such as a ball point pen;
iii. Customers should not permit anyone to take their blank cheques
and should preferably refrain from signing a blank cheque;
vii. When sending cheques by mail, customers should ensure that the
window envelopes used do not reveal the cheque and that any
envelope used is of good quality so that the content of the envelope
would not be revealed when being held against any light; and
Page 12
9.2 The banks shall print the reminders stated in paragraph 9.1 i to viii above in
Bahasa Malaysia on the back of a monthly bank statement (with a
reference made to the reminders at the front of the monthly bank
statement) or on a separate piece of paper which shall be inserted into
each new cheque book to be distributed to a customer.
9.3 The banks shall continuously educate its customers of the importance of
safeguarding cheques and provide advice on fraud prevention measures.
10.1 The banks shall only distribute cheques with a crossing and the words
“account payee” or “a/c payee” pre-printed on the cheque itself.
10.2 Notwithstanding paragraph 10.1, the banks may wish to allow the
uncrossing of cheques (or “opening of the crossing”) under the following
circumstances only:
10.3 The banks shall ensure that all cheque books distributed to their customers
from 1 October 2004 comply with the requirements of Part II (Minimum
Security Features on Cheques) and paragraph 10.1. With respect to
Page 13
cheque books that have been distributed to the customers prior to 1
October 2004, the banks should strongly advise their customers to replace
such cheque books with cheque books that meet with the requirements of
Part II (Minimum Security Features on Cheques) and paragraph 10.1.
Page 14