BSNSecure Challenge Code: Use Mobile App, Authenticate Login

The authentication process in Bank Simpanan Nasional (BSN) is a measure to ensure that financial transactions and information access are secure and accessed only by authorised individuals. A challenge code is one type of Two-Factor Authentication (2FA) the BSN generates. It is then sent to the user through SMS or an app.

The challenge code generated by BSNSecure is a one-time code. Users must enter into the banking system to complete the authentication process. This authentication method helps protect against unauthorised access as it requires possessing the registered device and knowing the bank account details.

What is BSNSecure Challenge Code?

BSNSecure Challenge Code is a part of the authentication process used to approve transactions through myBSN Internet Banking. It is a part of the Two-Factor Authentication (2FA) process utilised by Bank Simpanan Nasional (BSN). It enhances the security of online banking transactions through the myBSN Internet Banking platform.

The authentication process begins when a user initiates a transaction or login on the myBSN platform. Upon confirmation of the transaction, the user clicks on ‘Request Code‘ to proceed with the authentication process.​ A Secure TAC number of 6 digits will be created on the BSNSecure mobile app.

As part of online banking security, this Secure TAC number can be utilised to authorise specific transactions carried out through myBSN.

BSNSecure Online Banking Security

Online banking security, particularly in Bank Simpanan Nasional (BSN), includes various measures, technologies, and protocols designed to protect customer’s financial data and ensure the safe and authorised execution of transactions on online platforms.

BSNSecure Challenge Code Generation

When a user initiates a transaction or login on the myBSN Internet Banking platform, it will require a confirmation as part of the authentication. Upon confirmation of the transaction, the user clicks on ‘Request Code‘ to proceed with the authentication process.

After clicking the ‘Request Code‘ button, a Challenge Code is displayed on the myBSN Internet Banking platform for the user to take note of​.

Two-Factor Authentication (2FA)

BSN employs Two-Factor Authentication (2FA) to bolster the security of online banking activities. The BSNSecure system, employs a Challenge Code and a mobile application to generate a Transaction Authorization Code (TAC) as part of the 2FA process.

BSNSecure System

BSNSecure is an enhanced security feature for myBSN Internet Banking that allows users to authorize transactions through registered mobile devices.

It facilitates two modes of authorisation, which are Secure Verification via push notifications and Secure TAC via the BSNSecure app.

This system helps combat financial scams and SMS OTP/TAC frauds. It enhances the security of online transactions by ensuring that only the authorised user can approve transactions on the myBSN platform.

Mobile Application Security

The BSNSecure mobile application serves as a secure channel for authorizing transactions, replacing the earlier SMS TAC/OTP method.

It provides an additional layer of security by requiring users to enter a Challenge Code or respond to a push notification to authorize transactions, thus ensuring that only the account’s rightful owner can approve transactions.

Regulatory Compliance

BSN’s online security measures are also aligned with regulatory requirements given by the Central Bank of Malaysia, also called Bank Negara Malaysia (BNM). This is to ensure a robust defence against various online threats and frauds. Adhering to regulatory standards also ensures that the bank maintains a high level of trust and credibility among its customers and stakeholders.

Education and Awareness

Like many banks, BSN also educates its customers about potential online threats and best practices for securing their online banking activities.

Monitoring and Fraud Detection

BSN employs monitoring and fraud detection systems to identify and mitigate suspicious activities, thus providing a safer online banking environment for its customers. By combining these measures, BSN ensures that customers can conduct their banking activities safely and confidently.

With authentication technologies like the BSNSecure system, BSN enhances the security of online transactions, minimises the risk of unauthorised access, and helps safeguard customers’ sensitive financial information.

BSNSecure Authentication Technologies

Authentication technologies in Bank Simpanan Nasional (BSN) refer to the methods and systems employed to verify the identities of individuals accessing the bank’s online platforms and services.

Use of Secure Verification (Push Notifications)

The Secure Verification utilises push notifications for transaction authorisation. When a user initiates an online banking transaction via the myBSN platform, a push notification is promptly sent to the user’s registered mobile device. The user must tap on this notification and approve or reject the transaction within a specified time frame, typically 60 seconds.

This real-time push notification streamlines the authorisation process and adds a security layer. This ensures that only the authorised user can approve or disapprove transactions with access to the registered mobile device. This method of immediate authorisation significantly reduces the risk of unauthorised access or fraudulent transactions.

Use of Secure TAC

The Secure Transaction Authorization Code (Secure TAC) feature in BSNSecure is a mechanism that kicks in when a user initiates a transaction on the myBSN Internet Banking platform. Once a Challenge Code is generated and entered into the BSNSecure mobile application, a Secure TAC is produced, which the user then inputs on the myBSN platform to authenticate the transaction. This two-step verification process, integrating something the user knows (the Challenge Code) and something the user has (the BSNSecure mobile app), significantly enhances the security framework by adding a layer of authentication.

In scenarios where the primary Secure Verification method via push notifications faces connectivity issues, the Secure TAC is an alternative authentication route, ensuring the user can still securely authorise transactions on the myBSN platform. Through the Secure TAC feature, BSNSecure aligns with the regulatory move towards more secure authentication methods and provides BSN customers with a safe, seamless, and reliable online banking experience.


BSN introduced BSNSecure as an authentication method required for various online transactions, including updating purchase limits, overseas transaction statuses, and online purchase statuses of a debit card. It’s also used when reporting a lost or stolen card.

Transition from SMS One-Time Passwords (OTPs) to More Secure Methods

Following Bank Negara Malaysia’s (BNM) instructions, financial institutions, including BSN have been advised to move away from SMS OTPs to more secure authentication methods for online transactions and activities.

Secure2u (as seen in Maybank, likely similar in BSN)

Secure2u is the authentication technology used by Maybank. It shows a move among Malaysian banks towards more secure authentication methods. Secure2u, for instance, is a more secure authentication method that replaces SMS OTPs for online transactions. It’s good that BSN has BSNSecure, a similar technology, in place.

i-MSecure (as seen in Bank Muamalat, likely similar in BSN)

i-MSecure is a feature introduced by Bank Muamalat as part of their i-Muamalat mobile application to authorise transactions, providing an alternative to the traditional SMS OTP/TAC system. It includes features like i-MSecure Authentication, Transaction Authorization, High-value Transaction Protection, and a token registration process for enhanced security. BSN with BSNSecure has similar technology with i-MSecure.

These authentication technologies and methods enhance the security of BSN’s online banking services. Using the BSNSecure mobile application ensures that only authorised individuals can access and transact on the bank’s online platforms.

BSNSecure Mobile Banking Applications

Mobile banking applications in Bank Simpanan Nasional (BSN) refer to the digital platforms provided by the bank, which allow customers to access and manage their bank accounts using mobile devices. These applications, including BSNSecure, offer customers a convenient, user-friendly interface to carry out various banking transactions and services remotely, anytime and anywhere.

The BSNSecure mobile application provides an interface for customers to authorise their myBSN Internet Banking transactions safely through their registered mobile devices.

Activation of BSNSecure

BSNSecure serves as an authentication tool, facilitating two modes of authorisation – Secure Verification via push notifications and Secure TAC (Transaction Authorization Code) generation. Upon registration and activation of the BSNSecure app, it becomes the default method for approving transactions, providing an additional layer of security to protect against unauthorised access and fraud.


BSNSecure mobile application also provides an efficient solution against SMS TAC fraud. It is a security concern that had been previously identified by BSN. By activating and utilising the BSNSecure application, BSN customers are better shielded against potential online banking frauds and scams. This marks a significant stride towards Malaysia’s safer and more secure digital banking landscape.

Frequently Asked Questions about BSNSecure

Why do I need to authorise the transaction with BSNSecure using Secure TAC?

The Secure TAC method can approve transactions if you don’t receive Secure Verification due to Internet issues.

How to generate myBSN Secure TAC?

A unique 6-digit Secure TAC number can be generated on the BSNSecure mobile app and can be used to approve specific transactions on myBSN.

How to approve myBSN transactions using Secure TAC?

Here are the steps to approve transactions using Secure TAC:

  1. Initiate a transaction that requires BSNSecure authorisation on myBSN Internet Banking.
  2. Click on ‘Request Code‘ at the transaction confirmation page.
  3. myBSN Internet Banking will display a Challenge Code for the customer to enter on the BSNSecure mobile app.
  4. Enter the Challenge Code on BSNSecure mobile app to generate a 6-digit Secure TAC number.
  5. Enter the Secure TAC number on myBSN and click ‘Confirm‘ to complete the transaction.

When will Secure TAC be activated?

The Secure TAC authorisation method will only be activated after 60 seconds once the Secure Verification (Push Notification) session has expired.

What will happen if I input an incorrect Secure TAC Code?

If you have entered the wrong Secure TAC Code or it has expired, you need to request a new one.

Any transactions through myBSN will be denied if an incorrect Secure TAC Code is used or the code expires. (Secure TAC Codes only remain valid for 60 seconds).

What will happen if my Secure TAC Code is expired or no longer valid?

If your previously requested Secure TAC Code is no longer valid or has expired, you also need to request a new one.

What is the time limit for approving a transaction with Secure Verification?

You have 60 seconds to approve the transaction using the BSNSecure Application.

Why do certain transactions use SMS TAC while others use BSNSecure mobile app?

SMS TAC is used solely for myBSN Internet Banking registration and activating the BSNSecure app. See the BSNSecure Applicable transaction list for more information.

Is it possible to de-register the BSNSecure App?

Yes, you can de-register the BSNSecure mobile app through myBSN Internet Banking. However, this won’t switch your authorization method back to SMS TAC. The next time you need to authorize a transaction on myBSN Internet Banking, you’ll be prompted to re-register the app.

For your convenience, we recommend that you immediately re-register the BSNSecure app on a new device. Without the app, you won’t be able to confirm and finalize transactions.

Additional information about BSNSecure

If you don’t approve your myBSN Internet Banking transaction with Secure Verification / Secure TAC, the transaction won’t go through and no money will be taken from your account. You need a stable internet connection to approve transactions using Secure Verification (Push Notification) or Secure TAC.

You can use the BSNSecure Application abroad, provided you’re using the registered mobile device and have a reliable internet connection. Starting July 1, 2023, all myBSN Internet Banking transactions will be authorised through the BSNSecure App, replacing SMS TAC.

For more information, please refer to BSNSecure’s official FAQs on the website.

Categories BSN

Leave a Comment