Soft Token

The soft token is a digital version of the physical token. It is an application installed on your mobile device that will allow you to authorise transactions without the need to carry a separate physical token.

Once you have switched to soft token, your physical token shall no longer be required. For security reasons, your physical token shall no longer be active.

Please follow the steps below:

Installing the Soft Token

Step 1

Please go to App Store or Google Play to download and install the Soft Token app named "HID Approve"

Step 2

To activate your Soft Token, please log onto MCB Internet Banking

Go to the "Services" tab

Click on "Activate/Deactivate Token" and follow the instructions

Using the Soft Token

From now onwards, to authorize transactions, you will be requested to insert a 'Secure Code' which is obtained by following the steps below.

Step 1

Please open your "HID Approve" app.

Click on the "Challenge-Response" icon at the bottom right of you screen.

Key in the "Challenge Number" from your transaction screen and tap the screen afterwards to generate a new "Secure Code".

Enter the password you recorded at registration of the "HID Approve" app.

A "Secure Code" will appear on your screen.


Step 2

Copy the "Secure Code" back on your transaction window.

Click the "Authorise" button


Important Notes:

For new token users, a one-time password (OTP) shall be required to authorise the soft token installation on your mobile; The OTP shall be generated and sent to the mobile number provided at the time of registration and should be used within a period of 10 minutes.

When authorising transactions and entering the “Challenge-Response”, only 3 attempts shall be allowed. If this number of wrong attempts is exceeded, an error message shall be displayed on Internet Banking regarding the failed authentication. You shall then have to contact the Bank.

Your email address and mobile number will be used to send your Internet Banking (IB) credentials as well as guidance notes related to the setup of the soft token on your mobile device. With all three elements in hand (User ID, login password and soft token), you will be able to rapidly start banking with us online.

Important Note

The login password will be sent by SMS through sender 8703 and will be valid for 18 hours; You will be required to change your login password at the time of first login.

The soft token works on mobile device with iOS 9.0 or higher (for Apple) or v4.4 or higher (for Android).

For optimal performance of the soft token, it is also recommended that your mobile device has sufficient memory and disk space.

If the soft token is not supported on your mobile device, please contact your Relationship Manager or Customer Service Representative for alternative solutions.

No. For security reasons, you are only allowed to have the soft token activated on a single mobile device at a time.

If you lose your mobile device, you should log on to our Internet Banking, select ‘Activate-Deactivate Soft Token’ under the Services menu and click on the DEACTIVATE button.

You can then simply download and install the soft token (HID Approve application) on a new mobile device. As part of the setup on your new mobile device, the soft token on your lost mobile device will automatically be disabled.

If you have changed mobile device, you should log on to our Internet Banking, select ‘Activate-Deactivate Soft Token’ under the Services menu and click on the NEW ACTIVATION button.

You can then download and install the soft token (HID Approve application) on your new mobile device.