Categories: Digital LifeNews

TNG eWallet thinks a mandatory One Time Password is unnecessary

Touch ‘n Go Digital has responded to our enquiries regarding a recent eWallet issue. Last Friday, a Touch ‘n Go eWallet user’s account was compromised and unauthorised reloads amounting to RM3,000 were made via her saved debit card.

According to TNG Digital, there was no compromise of any Touch ‘n Go eWallet system or technology and they maintain the highest standards of technology and security on its payment platform. After conducting their own investigations, they have discovered that the recent issue is a case of a phishing scam. Since the user has a verified eWallet account, Touch ‘n Go will provide full compensation under its Money-back guarantee policy.

The eWallet provider shared that the victims have so far revealed that they may have inadvertently given away their 6-digit PIN to strangers and many victims have admitted to using easily guessable 6-digit PINs. To keep its user accounts secure, TNG is now actively educating their customers to protect their 6-digit PIN and to change them if they are easily guessable.

As mentioned in our previous post, Touch ‘n Go eWallet does not require a One Time Password (OTP) for new logins on a different device. From our own testing, an OTP is required only after we tried logging in to our eWallet across different smartphones multiple times.

According to Touch ‘n Go Digital, there’s no request for OTP or two-factor authentication as users can transact as normal once they have logged in with their 6-digit PIN. For the recent incident, they added that it didn’t trigger an alert because the “suspicious activity” was not regarded as suspicious because the perpetrator had the user’s 6-digit PIN from the initial phishing attack. Upon successful login, he/she could transact as normal and according to TNG, this is the “usual customer experience”

TNG has also mentioned that they are reviewing their security protocols at the current stage. They emphasised that customers themselves play a big part in maintaining the security of their accounts as 91% of cyberattacks starts from phishing.

Although customers are responsible for keeping their account safe and secure, we still believe that there’s room for improvement by TNG Digital to prevent similar incidents from reoccurring. Yesterday, we’ve highlighted 4 key things that can be implemented to deter unauthorised access. A mandatory OTP for every new login on a new device would have made it harder for perpetrators from gaining access. Using a different password apart from the 6-digit PIN would also add an additional security layer. On top of that, the implementation of a fingerprint or facial recognition feature would also reduce the exposure of the 6-digit PIN.

Related reading

Recent Posts

This foldable smartphone redefines its segment with next-level design and performance

This post is brought to you by HUAWEI. In Q1 2024, HUAWEI captured an impressive…

6 hours ago

TM confirms staff and contractors involved in cable theft incident in Penang

Telekom Malaysia (TM) has acknowledged a cable theft incident in Tanjung Bungah, Penang involving their…

8 hours ago

Acer Revo Box Mini PC launched in Malaysia – 13th Gen Intel Core i5 & i7, priced from RM2,049

Acer has launched the Acer Revo Box Mini PC here in Malaysia. Offered in two…

10 hours ago

Proton e.MAS 7 EV supports wireless Android Auto, Apple CarPlay

One of the most common questions that we get whenever there is a new car…

10 hours ago

Samsung Galaxy S25 series launch happening on 22 January 2025?

As 2024 comes to an end, Samsung appears to be preparing for the launch of…

13 hours ago

Proton e.MAS 7 EV: Service schedule revealed, once a year or 20,000km

Proton e.MAS 7 is finally ready to make its mark in the local automotive market.…

1 day ago

This website uses cookies.