• 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
Close
Home Digital Life

TNG eWallet thinks a mandatory One Time Password is unnecessary

  • BY Alexander Wong
  • 11 March 2020
  • 6:44 pm
  • Comment
Share on FacebookShare on Twitter

Touch ‘n Go Digital has responded to our enquiries regarding a recent eWallet issue. Last Friday, a Touch ‘n Go eWallet user’s account was compromised and unauthorised reloads amounting to RM3,000 were made via her saved debit card.

According to TNG Digital, there was no compromise of any Touch ‘n Go eWallet system or technology and they maintain the highest standards of technology and security on its payment platform. After conducting their own investigations, they have discovered that the recent issue is a case of a phishing scam. Since the user has a verified eWallet account, Touch ‘n Go will provide full compensation under its Money-back guarantee policy.

The eWallet provider shared that the victims have so far revealed that they may have inadvertently given away their 6-digit PIN to strangers and many victims have admitted to using easily guessable 6-digit PINs. To keep its user accounts secure, TNG is now actively educating their customers to protect their 6-digit PIN and to change them if they are easily guessable.

As mentioned in our previous post, Touch ‘n Go eWallet does not require a One Time Password (OTP) for new logins on a different device. From our own testing, an OTP is required only after we tried logging in to our eWallet across different smartphones multiple times.

According to Touch ‘n Go Digital, there’s no request for OTP or two-factor authentication as users can transact as normal once they have logged in with their 6-digit PIN. For the recent incident, they added that it didn’t trigger an alert because the “suspicious activity” was not regarded as suspicious because the perpetrator had the user’s 6-digit PIN from the initial phishing attack. Upon successful login, he/she could transact as normal and according to TNG, this is the “usual customer experience”

TNG has also mentioned that they are reviewing their security protocols at the current stage. They emphasised that customers themselves play a big part in maintaining the security of their accounts as 91% of cyberattacks starts from phishing.

Although customers are responsible for keeping their account safe and secure, we still believe that there’s room for improvement by TNG Digital to prevent similar incidents from reoccurring. Yesterday, we’ve highlighted 4 key things that can be implemented to deter unauthorised access. A mandatory OTP for every new login on a new device would have made it harder for perpetrators from gaining access. Using a different password apart from the 6-digit PIN would also add an additional security layer. On top of that, the implementation of a fingerprint or facial recognition feature would also reduce the exposure of the 6-digit PIN.

Related reading

4 ways Touch ‘n Go eWallet can secure its user accounts better
(UPDATE) A TNG eWallet account allegedly “hacked”, RM3000 reloaded by card
Tags: ewalletTNG eWalletTouch n GoTouch n go eWallet
Alexander Wong

Alexander Wong

POPULAR

Samsung Galaxy A34 vs A54 vs Redmi Note 12 Pro+ Malaysia: Midrange camera battle

September 22, 2023

TNG eWallet thinks a mandatory One Time Password is unnecessary

March 11, 2020

Deal: Xiaomi 12 and 12 Pro get 50% discount on 25.9, Snapdragon 8 Gen 1 and QuadHD+ display for under RM2,000

September 23, 2023

Realme Malaysia is releasing the cheapest smartphone with “Dynamic Island”. Priced below RM500?

September 25, 2023

CelcomDigi beats Time, becomes the first to offer Fibre To The Room in Malaysia

September 28, 2023

Deal: Samsung Galaxy S23 Ultra can be yours with up to RM1,500 discount today

September 25, 2023

Copyright © 2023 · SoyaCincau.com
Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER

Copyright © 2023 · SoyaCincau.com – Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER