Security Tips

If you come across any unauthorized access of your Whalet account or any suspicious transactions, please contact us at  

DOs to Protect your Whalet Account
  • Protect your login credentials such as username, password and Identity Number (MyKad Number and Passport Number).
  • Strengthen your login password by ensuring that it is at least 8 alphanumerics long, and that contains at least one lower case letter, one upper case letter and one number.
  • Change your login password regularly, at least 6 months once.
  • Memorise your password, do not write it down.
  • Disable your browser's Auto-complete and auto-save features.
  • Remove and clear your browser histories, caches, cookies before login to and after logout from the Whalet portal.
  • Ensure your browser is up to date because they often include new security features.
  • It is not advisable to use Whalet on a rooted or jailbroken devices as they are more vulnerable to fraudulent attacks. A rooted or jailbroken device has minimal security, making it easier for fraudsters to gain access to your personal details and other information stored or transmitted through your device and might result in illegally using it to perform transactions such as funds transfers.
  • Avoid running programs or opening email attachments from any source you do not know or trust. You should not install software or download any files from websites (e.g. programmes, games, screensavers) that you aren't completely sure about. We also recommend that you scan all email attachments for viruses and avoid opening any from people or organisations that you do not know or trust. However, some virus may forward infected emails to everyone in an address book. Therefore, you can also get an infected attachment from someone you know. If you are not sure what is in the attachment, do not open it.
    Important note:
    Whalet / DIV will never send you an email asking you to reconfirm or revalidate your Online Banking information via email or any links from an email. If you have received this sort of email, please contact us immediately at +603 7720 1800. Do not reveal any of your account information via email.
  • Scan your personal devices regularly by installing and setting up personal firewall, anti-spyware, anti-virus software and keep them up-to-date.
  • Check your transaction records frequently to identify any suspicious transactions and report it immediately.
  • Be cautious when using public or shared computers/networks. If you access your accounts using a computer in a cyber café, a library or your workplace, try to ensure the computer has the latest anti-virus, firewall, anti-spyware and browser software installed. Although Wi-Fi is a convenient way for you to go to the Internet, it is not advisable to access your account via Wi-Fi connection, especially in public places like airports, hotels or shopping malls.
    For more information with regards to online safety, you can visit CyberSecurity Malaysia at

DOs to Protect your Whalet Card
  • Set your Card daily limit.
  • Create a PIN for each of your Card(s), and do not reveal your Card PIN to anyone.
  • Immediately reset your Card PIN if your Card PIN has been compromised.
  • Suspend your card immediately once you suspect your card has been lost or stolen to block it from unauthorised usage. Terminate your card once you have determined your card has been lost or stolen.This can be done via "Manage Cards" section of the Whalet portal.