[Resolved] Affected CIMB Credit Card Channel on Chrome 66

Please be informed that due to the latest Google Chrome update to version Chrome 66, any Symantec SSL certification issued before 1st June 2016 will be blocked.

With regards to this matter, CIMB Symantec SSL certification was issued in May 2016 and it caused CIMB credit card unable to go through 3DS One-time Password (OTP, aka SMS TAC) authentication. However, CIMB debit card will not be affected.

CIMB Credit Card and Debit Card

An example of a CIMB Certificate.

 

Certificate Error

An example of a certificate error that Chrome 66 users might see.

 

Chrome Release Timeline

Release First Canary First Beta Stable Release
Chrome 66 January 20, 2018 ~ March 15, 2018 ~ April 17, 2018
Chrome 70 ~ July 20, 2018 ~ September 13, 2018 ~ October 16, 2018

 

TL;DR

Types of Card Examples Status
Debit 5196 03** **** **** OK
Credit5521 15** **** **** KO

 

If the problem occurs, what should merchants or customers do?

  • Wait for CIMB Card IT department to update their SSL certification (CIMB IT team is currently working on it)
  • Use other browsers or lower versions of Google Chrome

Reference link:

  1. https://wwwsymantec.com/connect/blogs/information-replacement-symantec-ssltls-certificates
  2. https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

This issue has been resolved by CIMB IT team @ 4am 27th April.