• 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
Close
Home Digital Life

TNG eWallet thinks a mandatory One Time Password is unnecessary

  • BY Alexander Wong
  • 11 March 2020
  • 6:44 pm
  • Comment
Share on FacebookShare on Twitter

Touch ‘n Go Digital has responded to our enquiries regarding a recent eWallet issue. Last Friday, a Touch ‘n Go eWallet user’s account was compromised and unauthorised reloads amounting to RM3,000 were made via her saved debit card.

According to TNG Digital, there was no compromise of any Touch ‘n Go eWallet system or technology and they maintain the highest standards of technology and security on its payment platform. After conducting their own investigations, they have discovered that the recent issue is a case of a phishing scam. Since the user has a verified eWallet account, Touch ‘n Go will provide full compensation under its Money-back guarantee policy.



The eWallet provider shared that the victims have so far revealed that they may have inadvertently given away their 6-digit PIN to strangers and many victims have admitted to using easily guessable 6-digit PINs. To keep its user accounts secure, TNG is now actively educating their customers to protect their 6-digit PIN and to change them if they are easily guessable.

As mentioned in our previous post, Touch ‘n Go eWallet does not require a One Time Password (OTP) for new logins on a different device. From our own testing, an OTP is required only after we tried logging in to our eWallet across different smartphones multiple times.



According to Touch ‘n Go Digital, there’s no request for OTP or two-factor authentication as users can transact as normal once they have logged in with their 6-digit PIN. For the recent incident, they added that it didn’t trigger an alert because the “suspicious activity” was not regarded as suspicious because the perpetrator had the user’s 6-digit PIN from the initial phishing attack. Upon successful login, he/she could transact as normal and according to TNG, this is the “usual customer experience”

TNG has also mentioned that they are reviewing their security protocols at the current stage. They emphasised that customers themselves play a big part in maintaining the security of their accounts as 91% of cyberattacks starts from phishing.

Although customers are responsible for keeping their account safe and secure, we still believe that there’s room for improvement by TNG Digital to prevent similar incidents from reoccurring. Yesterday, we’ve highlighted 4 key things that can be implemented to deter unauthorised access. A mandatory OTP for every new login on a new device would have made it harder for perpetrators from gaining access. Using a different password apart from the 6-digit PIN would also add an additional security layer. On top of that, the implementation of a fingerprint or facial recognition feature would also reduce the exposure of the 6-digit PIN.

Related reading

4 ways Touch ‘n Go eWallet can secure its user accounts better
(UPDATE) A TNG eWallet account allegedly “hacked”, RM3000 reloaded by card
Tags: ewalletTNG eWalletTouch n GoTouch n go eWallet
Alexander Wong

Alexander Wong

POPULAR

TNG eWallet thinks a mandatory One Time Password is unnecessary

March 11, 2020

The butt naked Thor in Love and Thunder has been postponed in Malaysia to a 21 July release

July 1, 2022

Malaysia uses WiFi symbol to celebrate 65th National Day

July 1, 2022

MCMC approves Celcom-Digi merger, 70MHz of spectrum and Yoodo to be divested

June 29, 2022

What are those NGL links you see on Instagram? And how anonymous are they?

June 24, 2022

[UPDATE] Maxis is having network disruption, users are stuck on EDGE

June 30, 2022

Copyright © 2022 · SoyaCincau.com
Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER

Copyright © 2022 · SoyaCincau.com – Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER